Should I contact DPO or Solicitor or simply forget about it?

LegacyUser

Hi there,

for obvious reasons I can't go into too much detail so will summarise as best I can.

For whatever reason an "institution" incorrectly sent personal data they hold on file for me to an individual in my estate (apparently human error). The data was sent by regular post and not registered.

It is evident the individual read this information and held on to it for a short period of time.

This data was not your basic name, address and date of birth but rather details on property I own, details on my employer, my salary, savings, debts, accounts, details on my tenants, my relationship status, my mortgage payments, my status on properties I own and the list goes on and on.

I am angry and mortified.

Should I forget about this or should I contact Data Protection?

zapper55

Definitely contact the data protection commissioner's office. That is horrific, I'm so sorry that happened.

the14thwarrior

contact them it will make you feel better.
you have every right to be angry and mortified.
but at the end of the day, its only information, and as long as it can't be used as blackmail or hate mail or harressement, put your big panties on and get over it.

uck51js9zml2yt

the14thwarrior wrote: »

contact them it will make you feel better.
you have every right to be angry and mortified.
but at the end of the day, its only information, and as long as it can't be used as blackmail or hate mail or harressement, put your big panties on and get over it.

That's not the point.

It was data relating to the op that was hers and not in the public domain.

Contact the dpc. Be specific in your complaint and include all correspondence with the company in your correspondence.

The DPC isn't interested in your being mortified. There is information on the website.

You won't believe how hard it is to break through all the "noise" in what some people write and get to what actually happened.

TheBoyConor

What outcome do you want from this? Someone to vent at?

Or are you chasing compensation? If so, you will have to demonstrate that you suffered a loss or injury of some sort out of all this.

FitzElla

Absolutely contact the Data Protection Commissioner's office and make a complaint. A large institution should be held account for such a breach of GDPR. You have every right to feel annoyed. By making a complaint you will hopefully tighten up their procedures so it won't happen again to someone else.

Riskymove

WhatNext? wrote: »

I am angry and mortified.

Should I forget about this or should I contact Data Protection?

just to add something

If it was addressed to you (i.e. your name) the other individual who received should not have opened it and should have returned it (not at this address or whatever)

The actual breach was in that person opening the letter

spaceHopper

The institution themselves are required to report data breaches to the DPO, ask them to do it. That will force whoever made the error to report it up the line.

seamus

spaceHopper wrote: »

The institution themselves are required to report data breaches to the DPO, ask them to do it. That will force whoever made the error to report it up the line.

I've had the joy of going through this recently from the company side.

There's no obligation on the company to report if they believe the breach is unlikely to present a risk to the affected individual. If they're not sure, they must report.

Ultimately the outcome for the individual is less satisfying than anything you could want.

What next depends on a number of things;

- Did the company send it to the right address, but it was delivered to the wrong house? Then there's nothing they can do, not really their problem.

- Did the company send it to the wrong address, but with the correct name? Then it's likely a reportable breach, but once the company can show that they have corrected the erroroneous data in their sysem, then that's about as much as they have to do. The main issue here is as mentioned above - the neighbour has committed an offence by opening mail not addressed to them and the OP could report it to the Gardai.

- Did the company send it to the wrong name & address? Slightly bigger issue as it suggests some cross-contamination of data.

Either way, the company/institution is required to have a nominated Data Protection Officer. Don't waste your time reporting it to a customer service drone, get the DPO's details and make the report directly to them. Give them a week to conduct their investigation and report back, and if you hear nothing, you can report the breach directy to the DPC yourself.

uck51js9zml2yt

seamus wrote: »

I've had the joy of going through this recently from the company side.

There's no obligation on the company to report if they believe they breach is unlikely to present a risk to the affected individual. If they're not sure, they must report.

Ultimately the outcome for the individual is less satisfying than anything you could want.

What next depends on a number of things;

- Did the company send it to the right address, but it was delivered to the wrong house? Then there's nothing they can do, not really their problem.

- Did the company send it to the wrong address, but with the correct name? Then it's likely a reportable breach, but once the company can show that they have corrected the erroroneous data in their sysem, then that's about as much as they have to do. The main issue here is as mentioned above - the neighbour has committed an offence by opening mail not addressed to them and the OP could report it to the Gardai.

- Did the company send it to the wrong name & address? Slightly bigger issue as it suggests some cross-contamination of data.

Either way, the company/institution is required to have a nominated Data Protection Officer. Don't waste your time reporting it to a customer service drone, get the DPO's details and make the report directly to them. Give them a week to conduct their investigation and report back, and if you hear nothing, you can report the breach directy to the DPC yourself.

Op should just report it to the dpc who will contact the company and investigate.

As I said , give all the relevant information. It's all the dpc have to go on initially in determining your complaint.

woodchuck

Mod note:

@the14thwarrior, the part of your post in bold below does not meet the standard expected here in PI. Please keep this in mind when posting in the forum again.

the14thwarrior wrote: »

contact them it will make you feel better.
you have every right to be angry and mortified.
but at the end of the day, its only information, and as long as it can't be used as blackmail or hate mail or harressement, put your big panties on and get over it.

cj maxx

Contact the DPO. Also maybe it would be good to get a solicitor on the case . They can handle the correspondence with the institution that leaked your data

joeguevara

Firstly I’m sorry this happened to you. Contact the company and ask to speak to person responsible for data protection. It is not a legal requirement that a company has a designated DPO, but someone should have responsibility. Determine if they have taken steps to remedy situation and fixed controls so it can’t happen again.

Contact Data Protection commissioner and make a complaint. Be prepared for a response that they are satisfied it’s remedied. Then decide how much further you would like to bring it. Outline what damage it has caused you. Best of luck with this. Must be really horrible for you.

cjmc

cjmc wrote: »

Contact the DPO. Also maybe it would be good to get a solicitor on the case . They can handle the correspondence with the institution that leaked your data

Why are people so quick to rush to a solicitor? They aren't free and there's no guarantee the company will pay the costs of one that wasn't needed.

The op had a letter delivered in error, maybe it was the postman, maybe it was the company but regardless, it was human error.

Why can people not accept an apology and move on anymore? Why must people always look to have others hung out to dry? Why do we feel the need to go rushing to make official complaint? Despite what many of us were told growing up, we aren't perfect, we make mistakes.

At the end of the day, other than embarrassment for apparently your neighbor opening some mail, there was no harm.

Op, did you by any chance simple talk to the person responsible for this?