Dwp data breach

Im in need of advice and you thoughts to the following please :)

Long story short. DWP sent confidential medical information to someone who it was not even relevant or related to. It was pure fluke the information picked up showed it to be someone known (not related or otherwise - purely friend capacity) It was all bought to the attention of the person it all related to, the person receiving all this info about them but under their name, address and NINO allowed them to scan each page relating to them for evidence of the breach. Contacted Information Commissioner's office and DWP to high light the breach. DWP requested all documents back (refused this and allowed copies only) also contacted MP. Is there anything else should be done or is everything right so far?

DWP REPSONSE

Update on above post. Integrity team contacted to say 3 members of staff facing disciplinary 1 manager 1 Discision maker and 1 contact centre employee.

Soloution offered - reinstatement of benefit back to how it was with monies owed going back to 15th april and put back into support group. £50 compensation.

Question is this acceptable? In my view its not because they shared and gave out detrimental information that shouldn't have been shared. Its almost as if they are saying "it's ok, your on benefits so it wont have caused you that much harm"

Whats your advice or take on it please, They are expecting a call back on Monday to say whether we deem this acceptable.
«134

Comments

  • FBaby
    FBaby Posts: 18,367
    First Anniversary First Post Combo Breaker
    Forumite
    I think it is outrageous that without showing evidence of harm being done, they would try to make a deal in regards to a decision that should have nothing to do with the breach. People should claim what they are entitled to, not what they get reach a deal over.

    If damage can be evidenced, then a one off compensation amount should be agreed, but again, I suspect the person just couldn't believe their luck that such an error on their part meant getting the award they wanted.

    And just to add, my personal information was breached by my local hospital recently (along with other patients). Instead of thinking how I use it to my advantage, I just informed the Trust and reminded them of their duties. I didn't suffer any harm, so it didn't cross my mind for a second that I could get something out of it. Maybe I should have asked for free cosmetic surgery!
  • Ladidi
    Ladidi Posts: 34 Forumite
    FBaby wrote: »
    I think it is outrageous that without showing evidence of harm being done, they would try to make a deal in regards to a decision that should have nothing to do with the breach. People should claim what they are entitled to, not what they get reach a deal over.

    If damage can be evidenced, then a one off compensation amount should be agreed, but again, I suspect the person just couldn't believe their luck that such an error on their part meant getting the award they wanted.

    And just to add, my personal information was breached by my local hospital recently (along with other patients). Instead of thinking how I use it to my advantage, I just informed the Trust and reminded them of their duties. I didn't suffer any harm, so it didn't cross my mind for a second that I could get something out of it. Maybe I should have asked for free cosmetic surgery!


    I dont think you fully understand the breach involved. Its a VERY SERIOUS BREACH! The information they gave out to someone who it did not relate to and shared was confidential MEDICAL information who had no business having it. Its not as simple as having too much milk or sugar in your morning cuppa.

    Secondly its not about getting your benefits back and a little compensation as you put it! You clearly dont care who gets and receives information about you that are not entitled to it.

    They have a duty of care and attention to what they do with information they request and how they handle and share it. They seriously failed in this instance.

    As for evidence of what they have suffered, it has caused detrimental distress. The information was not widely known and only known between themselves and their GP and specialists.
  • Alice_Holt
    Alice_Holt Posts: 5,857
    First Anniversary Name Dropper First Post
    Forumite
    edited 21 July 2018 at 1:04PM
    "Whats your advice or take on it please"

    Sounds like you are, in effect, being bribed by the DWP not to peruse the data breach.

    There are 2 issues here:
    1) whether your award is correct - this can be challenged and appealed.

    2) DWP poor practice leading to a data breach of highly confidential information.

    I believe under GDPR, the fines for such incompetence can be high.

    Only you can decide which option to take. I rather share your view that the DWP "offer" is not acceptable, and they are conflating separate issues.
    Alice Holt Forest situated some 4 miles south of Farnham forms the most northerly gateway to the South Downs National Park.
  • tboo
    tboo Posts: 1,379
    Name Dropper First Anniversary First Post Photogenic
    Forumite
    Ladidi wrote: »
    Im in need of advice and you thoughts to the following please :)

    Long story short. DWP sent confidential medical information to someone who it was not even relevant or related to. It was pure fluke the information picked up showed it to be someone known (not related or otherwise - purely friend capacity) It was all bought to the attention of the person it all related to, the person receiving all this info about them but under their name, address and NINO allowed them to scan each page relating to them for evidence of the breach. Contacted Information Commissioner's office and DWP to high light the breach. DWP requested all documents back (refused this and allowed copies only) also contacted MP. Is there anything else should be done or is everything right so far?

    DWP REPSONSE

    Update on above post. Integrity team contacted to say 3 members of staff facing disciplinary 1 manager 1 Discision maker and 1 contact centre employee.

    Soloution offered - reinstatement of benefit back to how it was with monies owed going back to 15th april and put back into support group. £50 compensation.

    Question is this acceptable? In my view its not because they shared and gave out detrimental information that shouldn't have been shared. Its almost as if they are saying "it's ok, your on benefits so it wont have caused you that much harm"

    Whats your advice or take on it please, They are expecting a call back on Monday to say whether we deem this acceptable.


    How was it that the DWP had your name and address then - did you ring up at one point for this friend?
    “You’re only here for a short visit.
    Don’t hurry, don't worry and be sure to smell the flowers along the way.”
    Walter Hagen


    365 Day 1p Challenge for 2021 #41 ✅
    Jar £440.31/£667.95 and Bank £389.67/£667.95

  • Ladidi
    Ladidi Posts: 34 Forumite
    Alice_Holt wrote: »
    Sounds like you are, in effect, being bribed by the DWP not to peruse the data breach.

    There are 2 issues here:
    1) whether your award is correct - this can be challenged and appealed.

    2) DWP poor practice leading to a data breach of highly confidential information.

    I believe under GDPR, the fines for such incompetence can be high.

    Only you can decide which option to take. I rather share your view that the DWP "offer" is not acceptable, and they are conflating separate issues.

    Thats my view as well. I feel as if they are saying we can sweep this one away cheaply and not have too much repercussion. They acknowledge they have failed in their security process and that all 3 failed to do their jobs correctly to which they should have done.

    What sticks in my throat is the way they are saying be grateful for what your being offered with touch of contempt for complaining as if you have no right to do this and take up their time.

    The award they are offering is basically to put you back into the position you was before you was refused and denied even though information/circumstances hadn't changed. This was going to appeal. they are now saying we will stop the appeal and put you back into the position you was before as if nothing had changed or happened. (Hence, the feeling of we are doing you a favour be gratful)
  • Ladidi
    Ladidi Posts: 34 Forumite
    tboo wrote: »
    How was it that the DWP had your name and address then - did you ring up at one point for this friend?

    A claim for benefits was made and awarded for claimant A. This was later reviewed and denied. All medical information etc was sent to appeal decision. Claimant B also in process of dealing with their claim. Neither knew about the other persons claims. (friends due brother of claimant A and claimant B son friendship)

    Claimant B was going through tribunal appeal. Received all paper work for tribunal. It was in this paper work that Claimant A private and confidential records were disclosed. Claimant B showed son who informed mate who in turn told brother. Claimant B brought all paper work round to Claimant A and showed them and parents. Agreed to scan paper work for evidence. Copies sent to DWP with evidence and strong worded letter notfiying severity of breach. Outcome as above.
  • Alice_Holt
    Alice_Holt Posts: 5,857
    First Anniversary Name Dropper First Post
    Forumite
    If the DWP are conceding the case, then that's usually because they have belatedly realised they don't have a leg to stand on re the appeal.

    If they are saying drop the compliant and we will then award you SG - that is completely unacceptable and highly unprofessional.

    You would need proof of any attempt to "bribe" you in this way. An SAR request:
    https://www.gov.uk/guidance/request-your-personal-information-from-the-department-for-work-and-pensions

    Although the DWP can be incompetent, I would be surprised at such a "bribe". It would seem to be very unwise for the DWP.
    When you speak on Monday I would clarify exactly what they are saying. A decision to reinstate the SG should be made solely on the appeal evidence.
    Alice Holt Forest situated some 4 miles south of Farnham forms the most northerly gateway to the South Downs National Park.
  • Ladidi
    Ladidi Posts: 34 Forumite
    Alice_Holt wrote: »
    If the DWP are conceding the case, then that's usually because they have belatedly realised they don't have a leg to stand on re the appeal.

    If they are saying drop the compliant and we will then award you SG - that is completely unacceptable and highly unprofessional.

    You would need proof of any attempt to "bribe" you in this way. An SAR request:
    https://www.gov.uk/guidance/request-your-personal-information-from-the-department-for-work-and-pensions

    Although the DWP can be incompetent, I would be surprised at such a "bribe". It would seem to be very unwise for the DWP.
    When you speak on Monday I would clarify exactly what they are saying. A decision to reinstate the SG should be made solely on the appeal evidence.

    I shall request they put their offer in writing and the reasons for this outcome. As you say are they awarding SG based on them not winning appeal or to simply make complaint go away as cheaply as possible.
  • Ladidi
    Ladidi Posts: 34 Forumite
    I just want to add both Claimant A and B have been offered the same deal. DWP already had claimant B at tribunal stage which is how all this came about. Claimant A got their tribunal papers this morning.

    DWP denied both cases and at MR stage stood by their decision. All of this comes about and suddenly they want to stop tribunal and put things back to where they was before they were both denied.

    I cant help being a cynical person that I am that DWP are conceeding this based on the fact of the enormity of the breach involved but also treating them both with contempt as if to say you are benefits be greatful for the outcome your being offered and go away.
  • tomtom256
    tomtom256 Posts: 2,198
    First Anniversary Name Dropper First Post
    Forumite
    Ladidi wrote: »
    Im in need of advice and you thoughts to the following please :)

    Long story short. DWP sent confidential medical information to someone who it was not even relevant or related to. It was pure fluke the information picked up showed it to be someone known (not related or otherwise - purely friend capacity) It was all bought to the attention of the person it all related to, the person receiving all this info about them but under their name, address and NINO allowed them to scan each page relating to them for evidence of the breach. Contacted Information Commissioner's office and DWP to high light the breach. DWP requested all documents back (refused this and allowed copies only) also contacted MP. Is there anything else should be done or is everything right so far?

    DWP REPSONSE

    Update on above post. Integrity team contacted to say 3 members of staff facing disciplinary 1 manager 1 Discision maker and 1 contact centre employee.

    Soloution offered - reinstatement of benefit back to how it was with monies owed going back to 15th april and put back into support group. £50 compensation.

    Question is this acceptable? In my view its not because they shared and gave out detrimental information that shouldn't have been shared. Its almost as if they are saying "it's ok, your on benefits so it wont have caused you that much harm"

    Whats your advice or take on it please, They are expecting a call back on Monday to say whether we deem this acceptable.


    So what is this breach worth to you then to make it go away?


    3 people will lose there jobs over this, that's potentially 3 families lives ruined and the staff involved who will not get any other similar job owing to a gross misconduct sacking.


    Money would/could not rectify the breach, as it has already been done.


    An apology and disciplinary action is the main way to treat it.


    They could give a pay out, but if it's over £16k then the person involved would lose all benefits until said payment is below £16k again.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 341.8K Banking & Borrowing
  • 249.7K Reduce Debt & Boost Income
  • 449.2K Spending & Discounts
  • 233.9K Work, Benefits & Business
  • 606.1K Mortgages, Homes & Bills
  • 172.5K Life & Family
  • 246.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards