Have i broken data protection law?

rjbell

rjbell

Messages
4,422
Name
Robert
Edit My Images
Yes
I've mistakenly printed a Amazon packing slip both sides two different orders and customers and sent it out. The customer has now contacted me saying I've breached data protection laws and he is going to contact Amazon and the customer on the reverse side. I apologised and explained it was not a invoice just a packing and address slip but they're still not happy. I'm not sure how to respond?
 
Yeah I don't know how to handle it. If he does complain i could be hit with a big fine.
 
Was there any personal details on them other than name and address?
Have you contacted the other person to explain what's happened? I think it would be up to him to complain as its their details that the other person has received.
If it's a one off genuine error, I doubt you'd be hit with a large fine.
I'd let him get on with it. You've already apologised and confirmed that it was a genuine error. What more does he want?
 
Last edited:
I'm not sure you'd have to register for Data protection as you are only processing personal data for the core business purposes?
Theres a quick self assesment here
https://ico.org.uk/for-organisations/register/

If you don't have to register, then how have you broken it with a simple admin mistake? Disclaimer: I'm not anyway legally qualified - I am however astonished a client could be so petty over a simple mistake.
 
Just thank him for pointing it out and forget about it.
 
Byker28i said:
If you don't have to register, then how have you broken it with a simple admin mistake?
Click to expand...
You don't have to be required to register with the ICO to have to comply with the DPA.

It depends on the data that's been accidentally communicated, if it's only name and address I can't see an issue. But if the details of the order communicate further personal information about the individual then you may need to get professional advice - to use a flippant example, if as a result of this mistake Colonel Mustard is now in possession of the information that Professor Plum ordered six back issues of Donkey Buggery Monthly, a short stepladder and industrial tube of lube then your next phone call should be to a solicitor.
 
Alastair said:
You don't have to be required to register with the ICO to have to comply with the DPA.

It depends on the data that's been accidentally communicated, if it's only name and address I can't see an issue. But if the details of the order communicate further personal information about the individual then you may need to get professional advice - to use a flippant example, if as a result of this mistake Colonel Mustard is now in possession of the information that Professor Plum ordered six back issues of Donkey Buggery Monthly, a short stepladder and industrial tube of lube then your next phone call should be to a solicitor.
Click to expand...
Best reply of the year so far..lol
 
I wouldn't worry, anyones name and address is available via the voters roll.
 
Remind the customer that by holding on to the data themselves longer than necessary they too are in breach of the Data Protection Act. If their goal was to protect data then the data they hold should have been shredded upon noticing the mistake and a replacement packing slip with just their details on requested, just like the requests on confidential emails.
 
Steeps said:
Remind the customer that by holding on to the data themselves longer than necessary they too are in breach of the Data Protection Act. If their goal was to protect data then the data they hold should have been shredded upon noticing the mistake and a replacement packing slip with just their details on requested, just like the requests on confidential emails.
Click to expand...
Exactly Dan, just what anyone with common sense would do.
Roberts client obviously has issues.
 
IIRC data protection refers to data held on a computer - otherwise think of the fun & games you'd have with telephone directories.
 
ancient_mariner said:
IIRC data protection refers to data held on a computer - otherwise think of the fun & games you'd have with telephone directories.
Click to expand...
No, it does not just apply to digital data.

So.. what fun do you reckon you could have with a stack of telephone directories? aside from if the stack was high enough Professor Plum might not need the stepladder..
 
ancient_mariner said:
IIRC data protection refers to data held on a computer - otherwise think of the fun & games you'd have with telephone directories.
Click to expand...
Brings back memories ...including tearing one in half once..only needs technique, not a great deal of strength
 
It's a packing slip.. it contains more information than just the name and address, but how relevant that extra information is to threats of legal action is only known by Robert.
 
Thanks for the help everyone. I think I've passified them now. I sell clothing but nothing that would cause embarrassment.
 
rjbell said:
Thanks for the help everyone. I think I've passified them now. I sell clothing but nothing that would cause embarrassment.
Click to expand...

Unless it's ladies clothing to men? I mean who'd want to know they've bought the same outfit as another cross dresser? :D
 
spme folk just like to make a big fuss just apologise and let it go.
it is no different from a wrong sent email.

i once had a guy omplain to ebay as i had sent a parcel wrapped up in a box that would have contained beer.
he took it to ebay as he was a muslim and i had deeply hurt him.

ebay didn't even respond.
 
What is up with people these days, complain about everything, have all become angry of Tunbridge Wells

You have said sorry and glad to hear things are sorted, bloody hell we all make mistakes
 
tijuana taxi said:
What is up with people these days, complain about everything, have all become angry of Tunbridge Wells

You have said sorry and glad to hear things are sorted, bloody hell we all make mistakes
Click to expand...

Speak for yourself. I am perfect!
 
Byker28i said:
Unless it's ladies clothing to men? I mean who'd want to know they've bought the same outfit as another cross dresser? :D
Click to expand...
Because men never buy clothing for the women in their lives. ;)
 
He has a unusual name so googled him. He's quite care free with other peoples data. I now know when and where his daughter got married and to whom in 2 minutes! Lol
 
Last edited:
You should be ok if all that was sent was the information that was in the OP. It is about context and what the breach actually was. It sounds like the person complaining was a bit uptight. However, you don't know what his history in terms of data breaches is.....

What I would say is that people's understanding of what constitutes breaches of data protection is clearly all over the place if this thread is anything to go by.... In my game you breach data protection you generally don't work again in that field. The same can be said of many other businesses.

Anyone that really wants to understand what may constitute a breach should go on the ICO website and have a look at some examples. There are hundreds of real life breaches. I know of one person that sent a letter out to the wrong person. The fine was £75,000 to the employer. The ICO take these things very seriously and the fines are huge and for good reason.

Chris
 
Sometime ago, I received a letter from my GP's surgery informing me that (My) Dr A was retiring and that Dr B would be taking on his patients.
In the same envelope was another letter headed & addressed to someone that I had no idea who it was.

I guess I could have have a lot of "fun" with that, but as I'm not vindictive I shredded it, along with mine.
 
Cobra said:
Sometime ago, I received a letter from my GP's surgery informing me that (My) Dr A was retiring and that Dr B would be taking on his patients.
In the same envelope was another letter headed & addressed to someone that I had no idea who it was.

I guess I could have have a lot of "fun" with that, but as I'm not vindictive I shredded it, along with mine.
Click to expand...

But you missed out on the massive compensation claim, nobody has to work any more , spot one mistake and you're set for life
 
wack61 said:
spot one mistake and you're set for life
Click to expand...
I suspect that "Mr X" would have been the one able to retire early had I passed on the information.
After all I had his address :D
 
You could have given him yours and split it ;)

*Disclaimer, of course I'm joking, I'm with Chris on this one. Simple mistake, excrementus occurum.
 
In Greek... Αυτό σκατά συμβαίνει
 
You must log in or register to reply here.
Back
Top