Received someone else’s DSAR, would you tell them?

eskbanker

friolento said:
You might be less concerned than me if your details and information about your banking transactions get shared with a stranger without my permission or my knowledge - to me that is a serious encroachment and I would like to see it treated as such. In the first instance, I would not run to the ICO but expect the bank to sort it to my satisfaction.

Sure, I'm not saying it's not a matter of concern from the perspective of the one whose data was shared, but just pointing out that in the context of data breaches, it's clearly not at the more serious end of the spectrum - it's undeniably a breach of confidentiality but the risk of it actually developing into fraud isn't particularly significant IMHO, in terms of what can realistically be achieved by someone gaining access to a name and address plus sort code and account number.

brianposter

Why not just post the DSAR to the intended recipient.

Eyeful

brianposter said:

Why not just post the DSAR to the intended recipient.

I would think, because it might get "lost in the post" & end up in they hands of  professional fraudsters.
Then the person who the DSAR info is about, could have very real and expensive problems. 

wmb194

Shred the document, bin it and forget about it.

masonic

Eyeful said:

brianposter said:

Why not just post the DSAR to the intended recipient.

I would think, because it might get "lost in the post" & end up in they hands of  professional fraudsters.
Then the person who the DSAR info is about, could have very real and expensive problems. 

Are you saying DSAR responses shouldn't be sent by post in the first place? As currently they usually are.

Eyeful

masonic said:

Eyeful said:

brianposter said:

Why not just post the DSAR to the intended recipient.

I would think, because it might get "lost in the post" & end up in they hands of  professional fraudsters.
Then the person who the DSAR info is about, could have very real and expensive problems. 

Are you saying DSAR responses shouldn't be sent by post in the first place? As currently they usually are.

My thinking is that:

1.If you ask for the your DSAR and it does not turn up in good time then you can at least take steps to try & protect yourself.

2. If the OP sends someone else's DSAR to them in the post & it never gets to them
(a) If that other person is not told before hand, that person will have no chance to protect themselves.
(b) If the other person is told by the OP to expect their DSAR and it never turns up,  the other person may well think it is part of some scam, so just ignore it.

friolento

Eyeful said:

masonic said:

Eyeful said:

brianposter said:

Why not just post the DSAR to the intended recipient.

I would think, because it might get "lost in the post" & end up in they hands of  professional fraudsters.
Then the person who the DSAR info is about, could have very real and expensive problems. 

Are you saying DSAR responses shouldn't be sent by post in the first place? As currently they usually are.

My thinking is that:

1.If you ask for the your DSAR and it does not turn up in good time then you can at least take steps to try & protect yourself.

2. If the OP sends someone else's DSAR to them in the post & it never gets to them
(a) If that other person is not told before hand, that person will have no chance to protect themselves.
(b) If the other person is told by the OP to expect their DSAR and it never turns up,  the other person may well think it is part of some scam, so just ignore it.

I am baffled by the length some people go to trying to find an excuse for not alerting the person whose confidentiality has been breached. Instead of coming up with ever more far fetched possibilities that something could perhaps go wrong, why not come up with practical measures which could prevent the (quite unlikely IMO) loss in the post?

Emmia

friolento said:

Eyeful said:

masonic said:

Eyeful said:

brianposter said:

Why not just post the DSAR to the intended recipient.

I would think, because it might get "lost in the post" & end up in they hands of  professional fraudsters.
Then the person who the DSAR info is about, could have very real and expensive problems. 

Are you saying DSAR responses shouldn't be sent by post in the first place? As currently they usually are.

My thinking is that:

1.If you ask for the your DSAR and it does not turn up in good time then you can at least take steps to try & protect yourself.

2. If the OP sends someone else's DSAR to them in the post & it never gets to them
(a) If that other person is not told before hand, that person will have no chance to protect themselves.
(b) If the other person is told by the OP to expect their DSAR and it never turns up,  the other person may well think it is part of some scam, so just ignore it.

I am baffled by the length some people go to trying to find an excuse for not alerting the person whose confidentiality has been breached. Instead of coming up with ever more far fetched possibilities that something could perhaps go wrong, why not come up with practical measures which could prevent the (quite unlikely IMO) loss in the post?

How do you know that the DSAR information erroneously supplied contains the current postal address?

If you post it to an address in the information, this could be an old address - no redirection in place means it could go to frankly anyone. This is why I'd shred, or return that stuff to the sender.

Eyeful

friolento said:

Eyeful said:

masonic said:

Eyeful said:

brianposter said:

Why not just post the DSAR to the intended recipient.

I would think, because it might get "lost in the post" & end up in they hands of  professional fraudsters.
Then the person who the DSAR info is about, could have very real and expensive problems. 

Are you saying DSAR responses shouldn't be sent by post in the first place? As currently they usually are.

My thinking is that:

1.If you ask for the your DSAR and it does not turn up in good time then you can at least take steps to try & protect yourself.

2. If the OP sends someone else's DSAR to them in the post & it never gets to them
(a) If that other person is not told before hand, that person will have no chance to protect themselves.
(b) If the other person is told by the OP to expect their DSAR and it never turns up,  the other person may well think it is part of some scam, so just ignore it.

I am baffled by the length some people go to trying to find an excuse for not alerting the person whose confidentiality has been breached. Instead of coming up with ever more far fetched possibilities that something could perhaps go wrong, why not come up with practical measures which could prevent the (quite unlikely IMO) loss in the post?

You think it unlikely things could get lost in the post or go wrong!

1. Well I have had post  which was clearly addressed and easily read, delivered to my house.
These have been for been for:
(a) Different house numbers in my street
(b) Not my house number, street or post code, pushed through my letter box.
(c) My name, correct address  & post code.  Inside was the savings account for someone else with a different name & address to me, that had a very large amount of money in it (which I hand into the banks local branch).

2. I have watched a TV documentary, about  how some postmen did not even deliver the post. 
Instead they just dumped the envelops in different places.

friolento

To all those so desperately looking for excuses not to alert the person whose privacy has been breached: it is very easy to attempt to contact them without sending them the material from the bank. If they respond, next steps can be agreed. If they don't respond within a specified time, the matter is closed but you can be certain you did your best to help a fellow customer of a bank.

FWIW, I would be grateful if a stranger was helping me, particularly if I was unaware that my privacy had been breached by a bank.