GDPR breach by Government dept

janedoe007 · 15-04-2019 09:16PM #1

I got an email from a Government Department last week concerning a data breach.
Personal data - my name, address, PPSN number, telephone number and details of payments received for 2017 had been sent to a 3rd party.
The 3rd party have been contacted and have promised to delete the information.
Gov Dept say that I am not entitled to know who received my data.
How do I find out who received my personal details ?

brian_t · 15-04-2019 11:23PM

janedoe007 wrote: »

How do I find out who received my personal details ?

They have the same right to privacy as you do.

Two wrongs don't make a right.

Riskymove · 16-04-2019 08:46AM

brian_t wrote: »

They have the same right to privacy as you do.

Not necessarily, for example GDPR doesn't apply to a company

Riskymove · 16-04-2019 08:49AM

janedoe007 wrote: »

Gov Dept say that I am not entitled to know who received my data.

they are right

this is the minimum they should include in their notification to you

a description of the nature of the breach;
 the name and contact details of the data protection officer or other contact point;
 a description of the likely consequences of the breach; and
 a description of the measures taken or proposed to be taken by the controller to address the breach, including, where appropriate, measures to mitigate its possible adverse effects.

IMO they should at least give some indication of who the 3rd party might be but this should be reflected in what steps they advise you take.

In any event if you have an issue you should contact the Data Protection Commission who should also have been notified of the breach

MarkR · 16-04-2019 01:45PM

They can't advise who they sent it to, as that would be another breach. If you, for example, received someone's bank details in the post. Bank realises, calls you, and you shred the document. You'd hardly want the owner of the bank statement contacting you directly about it?

GDPR breach by Government dept

Comments