📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

data protection breach

2»

Comments

  • Tiddlywinks
    Tiddlywinks Posts: 5,777 Forumite
    I've been Money Tipped!
    xapprenticex wrote: »
    Im not seeing what you're seeing. the drive is secure as only select people can access it, if i can go there and access it too then its not secure but as stated by op, only managers and those who maintain the drive have access. maybe you're hung up on the 'shared' aspect of it, its only shared between those who are cleared to have access to it.

    so no data protection breach imo.

    The SENSITIVE personal data was stored on a shared drive accessible to individuals who did not have a need to process (use / read).

    The employer therefore failed to exercise adequate security over said data.

    Mis-use (making SENSITIVE data available to unauthorised employees) and lack of adequate secure storage has caused significant distress to the data subject.

    https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/

    The employer has failed to apply the required data handling principles as required by the DPA.

    Principles

    Also, Codes of Practice here

    Key points and possible actions
    • The collection and use of information about workers’ health is
    against the law unless a sensitive data condition is satisfied.
    • In general employers should only collect health information
    where this is necessary for the protection of health and safety,
    to prevent discrimination on the grounds of disability, to satisfy
    other legal obligations or if each worker affected has given his
    or her explicit consent.
    • If consent is to be relied on, it must be freely given.
    That means a worker must be able to say ‘no’ without penalty
    and must be able to withdraw consent once given. Blanket
    consent obtained at the outset of employment cannot always
    be relied on.
    • Consent should not be confined to the testing itself, it should
    also cover the subsequent recording, use and disclosure of the
    test results    .

    I spent many a late hour having to interpret possible breaches of the Act and can say that the ICO's interpretation of secure handling would not include placing sensitive personal data onto a shared drive.

    If you want further reading then look on the ICO's site at all of the Decision Notices.
    :hello:
  • melymay
    melymay Posts: 113 Forumite
    Part of the Furniture 10 Posts Combo Breaker
    thanks all,

    Have a meeting this afternoon when I get to work so hopefully I will get some answers and will ensure this breach is investigated.

    MM
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351.6K Banking & Borrowing
  • 253.3K Reduce Debt & Boost Income
  • 453.9K Spending & Discounts
  • 244.6K Work, Benefits & Business
  • 600K Mortgages, Homes & Bills
  • 177.2K Life & Family
  • 258.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.2K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture