||Letters containing medical information were sent to the wrong address.
||A period of 18 months up to November 2013.
||Letters were sent out by temporary or bank staff who had not received relevant data protection training as such training was not required for temporary members of staff. Permanent staff were also not obliged to attend training as it was not enforced. In addition to this there were no policies or procedures in place to ensure the accuracy of addresses.
ActionUndertaking to comply with the seventh data protection principle.
||21 November 2013.
||Temporary or bank staff must be provided with data protection training before working with personal and sensitive personal data and all training is to be monitored and attendance enforced. Processes are also to be put in place to ensure documents are sent to the right address and practical guidance is to be communicated to all staff.
Loss of personal data.
The data controller was attempting to establish the current employment of an individual, for the purpose of an application to the Court for an Attachment of Earnings order. The fax which was brought to a District Judge’s attention contained questions asking for personal data which were irrelevant and execisve for the purpose.
Undertaking issued to ensure that personal data is processed in accordance with the Act and in particular the First and Third Principles.
Reason for action
The data controller was asking for personal data without any necessity to do so.
11 May 2009
View PDF of the First Response Finance Ltd Undertaking (Breach Watch Archive)