Breach of GDPR by Managjng Agent?

aj16_2
aj16_2 Posts: 31 Forumite
Part of the Furniture 10 Posts Combo Breaker
in Consumer rights
Managing Agent for my property recently sent a service charge payment reminder by email. They also ccd in 16 other personal email addresses? Is this a GDPR breach? Nobody consented to having their personal information shared and  I wouldn't have thought this falls under 'lawful reason'.

This is the 1st time something like that has happened. No financial information was shared, just personal emails. I am putting this down to human error but if this is a breach surely I should be reporting this?

I am not after anything but, in the 1st instance, an apology should be issued to all those concerned (I have already emailed managing agent). 
«1

Comments

  • El_Torro
    El_Torro Posts: 1,786 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Even if it is a GDPR breach what good would it do you to report it? From what you say if the people responsible admit it was an error and apologise it sounds like you'll be happy with that. It's good that you e-mailed them, hopefully it doesn't happen again. 
  • la531983
    la531983 Posts: 2,773 Forumite
    1,000 Posts First Anniversary Name Dropper
    Just remind them to use BCC next time and move on.
  • born_again
    born_again Posts: 19,538 Forumite
    10,000 Posts Fifth Anniversary Name Dropper
    El_Torro said:
    Even if it is a GDPR breach what good would it do you to report it? From what you say if the people responsible admit it was an error and apologise it sounds like you'll be happy with that. It's good that you e-mailed them, hopefully it doesn't happen again. 
    They should be self reporting anyway... 
    That's if they understand the rules.
    Life in the slow lane
  • flaneurs_lobster
    flaneurs_lobster Posts: 5,826 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    It's unlikely that any real damage has been done by this kind of mistake, the offender should acknowledge and apologise for their lapse.

    I've seen a few corkers when CC gets mistaken for BCC, the Opening Promotions email for new members of a  "Gentleman's Club" on the edge of the City was a goody.


  • sheenas
    sheenas Posts: 83 Forumite
    10 Posts First Anniversary
    This is a GDPR breach and you can report it. Disclosing emails which uniquely identifies you should not happen. I would raise a complaint with the company first.  
  • outtatune
    outtatune Posts: 707 Forumite
    500 Posts Third Anniversary Name Dropper
    They should not be using either CC or BCC. They should be using a proper email automation service. They sound like an absolute bunch of cowboys.
  • flaneurs_lobster
    flaneurs_lobster Posts: 5,826 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    sheenas said:
    This is a GDPR breach and you can report it.
    Yes it is and yes you could.

    Not sure what the purpose would be though, other than to sour the relationship with the Managing Agent, people you will no doubt have to ask for a service at some point in the future.
  • A_Geordie
    A_Geordie Posts: 214 Forumite
    Third Anniversary 100 Posts Name Dropper
    edited 6 May at 10:43AM
    outtatune said:
     They sound like an absolute bunch of cowboys.
    Bit of a wild statement to make based on very little information you know about them. Not having an automated mailing services does put them into the category of cowboys. For all we know, they might have such a service. 

    Based on the OP's initial post suggesting that is the first time the OP has experienced this, and assuming the OP has been with this managing agent for a while, it doesn't suggest this is a recurring issue. It certainly does not smell of cowboy type behaviour as you appear to be suggesting. 

    Is it a breach? Yes.

    Is the managing agent obligated to report to the ICO? Probably not. The breach is highly unlikely to result in a risk to the individual's rights or freedoms since it was just a leak email address, which is the threshold for reporting breaches. Managing agent should carry out an assessment of the breach and the risk and I'm sure they'll come to the same conclusion and put measures in place to prevent it happening again. We are all human and errors happen. 

    If reported to the ICO will anything happen? Highly unlikely, other than the ICO giving guidance to the managing agent. 
  • user1977
    user1977 Posts: 17,318 Forumite
    10,000 Posts Seventh Anniversary Photogenic Name Dropper
    It is of course useful information should you wish to collaborate with the other recipients about a complaint (or sacking the agent, if that's within your power).
  • Jumblebumble
    Jumblebumble Posts: 1,956 Forumite
    Sixth Anniversary 1,000 Posts Name Dropper
    sheenas said:
    This is a GDPR breach and you can report it. Disclosing emails which uniquely identifies you should not happen. I would raise a complaint with the company first.  
    I imagine the overworked ICO will not be in the slightest bit interested.
    This is a matter that is best dropped as it will go nowhere
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 349.9K Banking & Borrowing
  • 252.7K Reduce Debt & Boost Income
  • 453K Spending & Discounts
  • 242.9K Work, Benefits & Business
  • 619.7K Mortgages, Homes & Bills
  • 176.4K Life & Family
  • 255.8K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture