Dwp data breach

tomtom256 wrote: »

So what is this breach worth to you then to make it go away?


3 people will lose there jobs over this, that's potentially 3 families lives ruined and the staff involved who will not get any other similar job owing to a gross misconduct sacking.


Money would/could not rectify the breach, as it has already been done.


An apology and disciplinary action is the main way to treat it.


They could give a pay out, but if it's over £16k then the person involved would lose all benefits until said payment is below £16k again.

As far as I'm aware from what they have told Claimant B. The staff will have it noted onto their records in relation to the breach and be given more staff training. So I think they and their families will sleep easy but hopefully learning how to be cautious and responsible with the data they are handling. They have also implemented new orders across the board as to how they deal with all data they receive and what they are and not allowed to do during their handling of data eg copy/cut/paste etc (assuming that bit) The claimants however more so the person who's private medical information what has been disclosed is more detrimental, information that was seen as between them and GP and specialists.

What is worth? I could say a million, you would say greedy! I could say make me an offer and they do as cheaply as possible due to the fact its benefts!! its the detriment of what they have disclosed without permission. As someone stated, if they seriously thought they was right to deny benefits from ESA50 and assessment stage and again stand by that decision at MR stage telling them both to take it to tribunal.

WHY suddendly change their stance? Are they saying you should have not been denied? or are they saying give them back the position they held before to make them go away?

bspm1 wrote: »

As a former DWP employee who has seen other employees fired for leaving their Peds (Pedestal Drawers) unlocked after finishing shift, we kept our passwords in them to the many systems that were used which contained sensitive information, even though we were told never to write passwords down , gross misconduct charges for losing or mislaying their Smart cards then I do not think the three members of staff involved in your error will get away with just more training.

It is of the understanding that was stated by the complaint handler whose words were " they will face a disciplinary which will involve them to under take more training and noted in their work records"

I take that to meam a written warning and given more training in data security procedures

venison wrote: »

Its a bit like that old chestnut "lessons will be learned"
If you are unhappy maybe a word with your MP before he or she disappears to the south of France for a month?

I emailed her with all that has been said by the complaint handler. Im waiting on a reply.

FBaby wrote: »

If three staff are being disciplined, it is highly likely the breach will have been reported and indeed, a fine might be issued. All this is how it should happen. Saying that the staff will sleep well really shows a complete lack of empathy. You have no idea of the circumstances that led to the error and being disciplined is extremely stressful. It will be on their record which mean that they will be unlikely to apply to new jobs/promotions etc... for some time.

I'm still not clear from what you've written what actual harm has actually been done. So someone, who doesn't know the person affected, only that they know someone who knows someone who knows someone has some medical information about them. Ok, not nice, but have they used this information to blackmail, threaten them? Have gone and told everyone about it? Is it medical information that is very sensitive that no-one else knew about?

Both these claimants were considered not to meet the criteria for benefits, why should tax payers pay for them because of an error by the DWP? I still believe this is totally wrong. The case should have been investigated to consider harm done and compensation based on this. Why the person who received the information should received benefits when they were deemed not eligible is beyond belief.

Im sorry you feel I'm lacking empathy for the staff concerned. I feel the department are lacking in their empathy and concern at the information which was given to them as highly sensitive and not to be shared by anyone other than those who needed to see this within the department and what it has done to the person concerned.

The information shared has caused considerable distress, purely due to the fact that they hadn't discussed the issues with anyone but GP and specialist. Because of this breach and what was revealed they had to sit down with their parent and go into detail with what was revealed causing considerable distress. Should the department pay for that? Yes they should! It was their error and their fault. As for the party the information it was given to, they showed her son. Her son is best mates with the injured partys brother..so yes information was revealed. Do you have any idea how hard somethings can be to talk about to other people and trust them with the issues because they going to help you? The distress caused by this breach has been detrimental.

I cant comment on why the party receiving the information was given the same "payoff" To be fair, we have asked the same question. Hang on one minute your standing by your decision to deny benefits and saying take to tribunal etc. This kicks off, they investigate. Cant apologize enough for their breach and say to put things right we are going to have 3 staff facing disciplinary( means written into their work info and more training) and for you we will reinstate benefits and award £50 compensation. Does that seem justifiable? Another to thing to think about is, are awarding benefits because they should have in the first place or are they awarding because they screwed up revealing info? If awarding because they should have, all well and good. If they are awarding because they screwed up, then that is wrong in its entirety as the way i see it, they are awarding benefits as a way of compensation.

pmlindyloo wrote: »

Have you written to the DWP Data Protection Officer?

DWP has appointed a Data Protection Officer. The role of the Data Protection Officer is to make sure DWP is compliant with data protection laws and to act as a point of contact for data subjects.
The DWPs Data Protection Officer is Dominic Hartley. You can contact the Data Protection Officer by post at:
DWP Data Protection Team
Benton Park View 5
Mail Handling Site A
Wolverhampton
WV98 1ZX
Or by email at: data.protectionofficer@dwp.gsi.gov.uk.

We handed it over to DWP and it was in turn handed over to DWP complaints. Im going to assume its the same place/people dealing with the issues.

Our MP has forwarded our complaint onto Mr Andrew Rhodes DWP director General. When I advised them of this, the reply was all that will happen there is, they ask us if we have investigated and what out decision outcome was which is what I am discussing with you now.

Should I email them?