What Can Happen When Confidential Information Gets Sent to the Wrong Address?
Cybercrime is rarely out of the headlines, leaving many of us worried about what could happen if our personal data became a target of online fraudsters. But in most cases, it is human error rather than cybercrime that is the biggest cause of data breaches with these errors just as likely to happen offline.
In a recent case, our solicitors saw the impact of what can happen when confidential information is sent to the wrong address by mistake.
What happened in this case?
In this data breach, a local authority sent a copy of a court order containing sensitive personal information about a father (our client) and his daughter to the wrong postal address.
Just a small error saw the letter being sent to a neighbour, who brought it round to the right address. But the letter had been opened and, after talking to the neighbour, it soon became clear that it had also been read.
In addition to this when the letter was passed to the right house, it wasn't handed to the right person. Given it was opened, it was then read by another member of the family who became distressed at the contents. This went on to cause difficulties in the family.
As a direct response of a seemingly small admin error when posting the letter, this data breach has caused considerable distress, upset and embarrassment to our client and his family.
Not only did our client have to explain a sensitive situation to his family in more detail than might otherwise have been necessary, but his neighbours are also aware of a very private and sensitive situation - one which has been talked about within the small local community where he lives. As such the consequences of the error were far-reaching.
What happens if confidential information is sent to the wrong email address?
Unfortunately, it is fairly easy to send an email to the wrong person. When confidential information is involved, the consequences can be serious.
Private information that has been emailed to the wrong person has the potential to cause a significant amount of damage and distress for those involved. If confidential information is sent to the wrong email address the sender is in violation of data protection laws and you may have grounds for a compensation.
The amount of compensation that can be claimed can vary dramatically. A solicitor will assess the extent of the emotional and financial damage caused due as a result of the data breach to determine how much compensation can be claimed.
Is sending a letter to the wrong address a GDPR breach?
It may be considered a GDPR breach if a letter containing sensitive or personal information is sent to the wrong address.
GDPR (the General Data Protection Regulation) applies to any organisation that operates within the UK, as well as all international organisations that provide goods and services to the UK.
Confidential letters and emails that contain identifying personal information should be protected by organisations as part of their GDPR obligations. Personal data sent to the wrong person due to an error is considered a breach of GDPR
Revealing this sort of identifying information to the wrong person can cause emotional distress, embarrassment, and in some situation can place people at risk financially or even lead to identity theft.
Organisations and people who cause a GDPR breach can face significant fines, the amount of which will depend heavily on the severity of the breach and the damage it has caused to those affected.
What can you do if this happens to you?
If your data has been sent to the wrong person, whether in a letter or any other form, you need to take action. We strongly recommend contacting our data breach experts who can talk you through your rights, including your right to compensation.
Where your data has been exposed due to this sort of human error, you could be entitled to compensation.
You are also completely within your rights to ask for a copy of the data a local authority or any other organisation holds about you. This can allow you to find out what information they hold on you and whether the details they have for you are correct. This is called making a subject access request (SAR). Find out more about making an SAR.
For more information contact Hayes Connor today
Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0330 041 5134 to discuss your case in more depth.