Breach of Data Protection Act

inna981

Hi,

Sorry if this is in the wrong thread but I was wondering could anybody advise me on this?

A few days ago I received a letter from a national organisation that I was working for last year, stating that they had released my P45 through email to another employee. It took the organisation 4 days to identify the error and to notify the recipient and a further 3 days to notify me.

What should I do with this as I feel this is quite important?

Thanks in advance

dudara

The main onus on them is to act appropriately and in a timely manner WHEN they identify that a breach has taken place. From what you describe above, it seems like they've been fairly on the ball. If it was just an isolated incident, they may not be required to report it to the Data Protection Commissioner.

If you're unsure, contact the DPC and ask for their advice.

Bicycle

You were actually one of 1,000 former enumerators whose P45s were sent by the CSO to one former enumerator.

The P45s were on a PDF file and the full file was sent in error.

You should ring the CSO in Cork on one of the numbers given, and express your concern. I am amazed the press haven't got hold of this story yet.

chasm

Bicycle wrote: »

You were actually one of 1,000 former enumerators whose P45s were sent by the CSO to one former enumerator.

The P45s were on a PDF file and the full file was sent in error.

You should ring the CSO in Cork on one of the numbers given, and express your concern. I am amazed the press haven't got hold of this story yet.

It seems they have now!
https://www.independent.ie/irish-news/cso-admits-major-data-breach-as-thousands-of-peoples-details-leaked-out-36351216.html

Bicycle

chasm wrote: »

It seems they have now!
https://www.independent.ie/irish-news/cso-admits-major-data-breach-as-thousands-of-peoples-details-leaked-out-36351216.html

Indeed. However it now appears that FOUR people received the data belonging to 3,000 people. Whereas I was told yesterday it was one person receiving the data of 1,000 people.

One sincerely hopes that the information was deleted and will not be used for nefarious purposes. However, reading the FB comments on some of the news articles, it would appear - sadly - that people are now losing confidence in the anonymity of the census.

As someone who has gleaned huge amounts of information on my ancestors from the 1901 and 1911 census data, I feel it deprives future generations of valuable information, if people don't complete their forms accurately.

Former Former

Bicycle wrote: »

One sincerely hopes that the information was deleted and will not be used for nefarious purposes. However, reading the FB comments on some of the news articles, it would appear - sadly - that people are now losing confidence in the anonymity of the census.

What?? How are the two things in any way linked?

dudara

From reading the article, it seems like a classic example of human error and poor processes, which then resulted in a data breach. Incidents like this have been happening for years, but now we’re more aware and legislation like GDPR is dictating how incidents need to be managed and reported.

It’s important to note that this HR/payroll data is entirely separate to the census data itself, which I’m willing to bet is handled in a far more secure manner.

Atlantic Dawn

I love the "shure it's grand they deleted it" attitude, pure joke.

dudara

The immediate fix is to ensure that the breach is contained - deleting the emails in this case.

The next step is to improve the processes and increase awareness so that it doesn’t happen again. With the DPC involved, the CSO will be under a microscope.

AndrewJRenko

Atlantic Dawn wrote: »

I love the "shure it's grand they deleted it" attitude, pure joke.

What else can they do?