Someone else’s financial information sent to me

[doglikescheeseontoast]

Just under a year ago, I sold my house to my son and moved to another house. I informed everyone I could think of, but several letters were still going to my old address, so I set up redirection of post with the Royal Mail for a year, and it has all gone very well. Until today.

I received 3 pieces of post this morning that had been redirected. On all the letters, the redirection sticker had been stuck across the window on the envelope, completely covering the original name and address. My new address is the only thing printed on the redirection sticker, no name.

The first letter was junk mail, addressed to me by name and correctly redirected. The other 2 however are letters addressed to my son (who bought my old house) and they contain personal financial information. Long story short, I am now in possession of private information relating to my son.

I called the Royal Mail redirection service, stayed on hold for 45 minutes, and spoke to an adviser whose response is that they will notify the sorting office involved and pretty much tell them to be more careful in future.

Is this a satisfactory response? Or is there someone else I should be reporting this to? I can see how it happened - my son and I have the same surname, but I am Ms, he is Mr, and our forenames and initials are very different. That said, surely the only way I should have information relating to anyone else’s financial affairs is if the person chooses to share that information with me, and that person has the right to expect their private information to be kept private. It just doesn’t sit well with me that this can happen and the only response is ‘we’ll try not to do it again’.

The financial company might have a ‘report a data breach’ link on their website.

Once I received full details on a complete stranger’s pension enrolment. I reported it to them and got a letter from a compliance officer apologising. Obviously I shredded the letter then and didn’t think more of it but the risk for fraud was significant (it included their login and password to the pension portal …)

"It just doesn’t sit well with me that this can happen and the only response is ‘we’ll try not to do it again’"

What else do you think they can do though? There has obviously been a process failure somewhere along the line - perhaps human or machine has incorrectly recognised the redirection as for the whole surname (assuming you share a surname worn your son?) - so they'll report it to the sorting office and try to stop that happening again. I don't know what else you'd think they could do?

"surely the only way I should have information relating to anyone else’s financial affairs is if the person chooses to share that information with me, and that person has the right to expect their private information to be kept private."

Indeed, and in an ideal world that would be the case. In the real world however, things can and do go wrong.

Rosecoffeecup - I completely agree with you, I don’t know what else can be done, and like I said in my OP, I can see how it happened.

I think my discomfort is partly influenced by the fact that I do know the person whose information I have been sent, and I know that he wouldn’t really want his mum having his private information, any more than I would want my own mother having private information about me sent to her.

I absolutely take your point though, it is not an ideal world and mistakes happen. Thank you for your reply.

It's your son's information that's been shared so he is the one that has grounds to pursue it, if he wishes to.

Considering how much RM charge for redirection for EACH person that lives there, they've gone above and beyond their responsibility by redirecting your son's mail (assuming he's got the same surname as you).

That said, it IS a data breach and they need to be informed, which you have done. It's your son's job now to put a rocket up their arse.

But if it had someone else's name on it why did you open it? You should've just sent/gave them back to your son unopened. Like you would if it was another stranger who you knew doesn't live in your house.

Anyway hopefully it won't happen again.

But if it had someone else's name on it why did you open it? You should've just sent/gave them back to your son unopened. Like you would if it was another stranger who you knew doesn't live in your house.

This is directly answered in the OP.

Hopefully it is some comfort to your son (if you tell him, I appreciate you may choose not to) that it is you that has opened it rather than a stranger. Equally that makes it more uncomfortable for you too though!

Information comissioner

ico.org.uk/for-organisations/report-a-breach/

It was surely only a data breach when you opened a letter that wasn’t addressed to you, though?

The financial company has not committed a breach, as they sent their letter to the correct person at the correct address.

Royal Mail have made a mistake in delivering a letter to the wrong address, but I’m not sure whether this counts as a data breach.

I know that the label was over the address window, but I’m not sure where else you expect RM to stick a redirection sticker.

You could have tried to peel it off so that you could see the name and address on the letter before opening it, surely.

Mountain and molehill springs to mind.