Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Should I contact DPO or Solicitor or simply forget about it?

  • 02-03-2020 3:59pm
    #1
    Registered Users, Registered Users 2 Posts: 166,026 ✭✭✭✭


    Hi there,

    for obvious reasons I can't go into too much detail so will summarise as best I can.

    For whatever reason an "institution" incorrectly sent personal data they hold on file for me to an individual in my estate (apparently human error). The data was sent by regular post and not registered.

    It is evident the individual read this information and held on to it for a short period of time.

    This data was not your basic name, address and date of birth but rather details on property I own, details on my employer, my salary, savings, debts, accounts, details on my tenants, my relationship status, my mortgage payments, my status on properties I own and the list goes on and on.

    I am angry and mortified.

    Should I forget about this or should I contact Data Protection?


Comments

  • Registered Users, Registered Users 2 Posts: 685 ✭✭✭zapper55


    Definitely contact the data protection commissioner's office. That is horrific, I'm so sorry that happened.


  • Registered Users, Registered Users 2 Posts: 427 ✭✭the14thwarrior


    contact them it will make you feel better.
    you have every right to be angry and mortified.
    but at the end of the day, its only information, and as long as it can't be used as blackmail or hate mail or harressement, put your big panties on and get over it.


  • Closed Accounts Posts: 18,268 ✭✭✭✭uck51js9zml2yt


    contact them it will make you feel better.
    you have every right to be angry and mortified.
    but at the end of the day, its only information, and as long as it can't be used as blackmail or hate mail or harressement, put your big panties on and get over it.

    That's not the point.

    It was data relating to the op that was hers and not in the public domain.

    Contact the dpc. Be specific in your complaint and include all correspondence with the company in your correspondence.

    The DPC isn't interested in your being mortified. There is information on the website.

    You won't believe how hard it is to break through all the "noise" in what some people write and get to what actually happened.


  • Closed Accounts Posts: 3,292 ✭✭✭TheBoyConor


    What outcome do you want from this? Someone to vent at?

    Or are you chasing compensation? If so, you will have to demonstrate that you suffered a loss or injury of some sort out of all this.


  • Registered Users, Registered Users 2 Posts: 126 ✭✭FitzElla


    Absolutely contact the Data Protection Commissioner's office and make a complaint. A large institution should be held account for such a breach of GDPR. You have every right to feel annoyed. By making a complaint you will hopefully tighten up their procedures so it won't happen again to someone else.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 10,900 ✭✭✭✭Riskymove


    WhatNext? wrote: »

    I am angry and mortified.

    Should I forget about this or should I contact Data Protection?

    just to add something

    If it was addressed to you (i.e. your name) the other individual who received should not have opened it and should have returned it (not at this address or whatever)

    The actual breach was in that person opening the letter


  • Registered Users, Registered Users 2 Posts: 4,101 ✭✭✭spaceHopper


    The institution themselves are required to report data breaches to the DPO, ask them to do it. That will force whoever made the error to report it up the line.


  • Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    The institution themselves are required to report data breaches to the DPO, ask them to do it. That will force whoever made the error to report it up the line.
    I've had the joy of going through this recently from the company side.

    There's no obligation on the company to report if they believe the breach is unlikely to present a risk to the affected individual. If they're not sure, they must report.

    Ultimately the outcome for the individual is less satisfying than anything you could want.

    What next depends on a number of things;

    - Did the company send it to the right address, but it was delivered to the wrong house? Then there's nothing they can do, not really their problem.

    - Did the company send it to the wrong address, but with the correct name? Then it's likely a reportable breach, but once the company can show that they have corrected the erroroneous data in their sysem, then that's about as much as they have to do. The main issue here is as mentioned above - the neighbour has committed an offence by opening mail not addressed to them and the OP could report it to the Gardai.

    - Did the company send it to the wrong name & address? Slightly bigger issue as it suggests some cross-contamination of data.

    Either way, the company/institution is required to have a nominated Data Protection Officer. Don't waste your time reporting it to a customer service drone, get the DPO's details and make the report directly to them. Give them a week to conduct their investigation and report back, and if you hear nothing, you can report the breach directy to the DPC yourself.


  • Closed Accounts Posts: 18,268 ✭✭✭✭uck51js9zml2yt


    seamus wrote: »
    I've had the joy of going through this recently from the company side.

    There's no obligation on the company to report if they believe they breach is unlikely to present a risk to the affected individual. If they're not sure, they must report.

    Ultimately the outcome for the individual is less satisfying than anything you could want.

    What next depends on a number of things;

    - Did the company send it to the right address, but it was delivered to the wrong house? Then there's nothing they can do, not really their problem.

    - Did the company send it to the wrong address, but with the correct name? Then it's likely a reportable breach, but once the company can show that they have corrected the erroroneous data in their sysem, then that's about as much as they have to do. The main issue here is as mentioned above - the neighbour has committed an offence by opening mail not addressed to them and the OP could report it to the Gardai.

    - Did the company send it to the wrong name & address? Slightly bigger issue as it suggests some cross-contamination of data.

    Either way, the company/institution is required to have a nominated Data Protection Officer. Don't waste your time reporting it to a customer service drone, get the DPO's details and make the report directly to them. Give them a week to conduct their investigation and report back, and if you hear nothing, you can report the breach directy to the DPC yourself.

    Op should just report it to the dpc who will contact the company and investigate.

    As I said , give all the relevant information. It's all the dpc have to go on initially in determining your complaint.


  • Registered Users, Registered Users 2 Posts: 15,411 ✭✭✭✭woodchuck


    Mod note:

    @the14thwarrior, the part of your post in bold below does not meet the standard expected here in PI. Please keep this in mind when posting in the forum again.
    contact them it will make you feel better.
    you have every right to be angry and mortified.
    but at the end of the day, its only information, and as long as it can't be used as blackmail or hate mail or harressement, put your big panties on and get over it.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 15,297 ✭✭✭✭cj maxx


    Contact the DPO. Also maybe it would be good to get a solicitor on the case . They can handle the correspondence with the institution that leaked your data


  • Registered Users, Registered Users 2 Posts: 8,168 ✭✭✭joeguevara


    Firstly I’m sorry this happened to you. Contact the company and ask to speak to person responsible for data protection. It is not a legal requirement that a company has a designated DPO, but someone should have responsibility. Determine if they have taken steps to remedy situation and fixed controls so it can’t happen again.

    Contact Data Protection commissioner and make a complaint. Be prepared for a response that they are satisfied it’s remedied. Then decide how much further you would like to bring it. Outline what damage it has caused you. Best of luck with this. Must be really horrible for you.


  • Posts: 5,369 ✭✭✭ [Deleted User]


    cjmc wrote: »
    Contact the DPO. Also maybe it would be good to get a solicitor on the case . They can handle the correspondence with the institution that leaked your data

    Why are people so quick to rush to a solicitor? They aren't free and there's no guarantee the company will pay the costs of one that wasn't needed.

    The op had a letter delivered in error, maybe it was the postman, maybe it was the company but regardless, it was human error.

    Why can people not accept an apology and move on anymore? Why must people always look to have others hung out to dry? Why do we feel the need to go rushing to make official complaint? Despite what many of us were told growing up, we aren't perfect, we make mistakes.

    At the end of the day, other than embarrassment for apparently your neighbor opening some mail, there was no harm.

    Op, did you by any chance simple talk to the person responsible for this?


Advertisement