, , , ,

What can happen when sensitive information gets sent to the wrong address?


Cybercrime is rarely out of the headlines, leaving many of us worried about what could happen if our personal data became a target of online fraudsters. But in most cases, it is human error rather than cybercrime that is the biggest cause of data breaches. And, these errors are just as likely to happen offline.

In a recent case, our solicitors saw the impact of what can happen when sensitive information was sent to the wrong address by mistake.

What happened in this case?

In this data breach, a local authority sent a copy of a court order containing sensitive personal information about a father (our client) and his daughter to the wrong postal address.

Just a small error saw the letter being sent to a neighbour, who brought it round to the right address. But the letter had been opened and after talking to the neighbour it soon became clear that it had also been read.

What’s more, when the letter was passed to the right house, it wasn’t handed to the right person. Because it was opened, it was then read by another member of the family who became distressed at the contents. This went on to cause difficulties in the family.

As a direct response of a seemingly small admin error when posting the letter, this data breach has caused considerable distress, upset and embarrassment to our client and his family. Not only did our client have to explain a sensitive situation to his family in more detail than might otherwise have been necessary, but his neighbours are also aware of a very private and sensitive situation – one which has been talked about within the small local community where he lives. As such the consequences of the error were far-reaching.

What can you do to stop this from happening to you?

There are a few lessons that can be learned from this case. For example, when handing over your postal address in return for services it is vital that you check that these details have been taken down correctly.

You are completely within your rights to ask for a copy of the data a local authority (or any other organisation) holds about you. This is called making a subject access request (SAR). Find out more about making a SAR.

Of course, this won’t guarantee that an error doesn’t result in a letter going to the wrong address (especially if the label is handwritten), but it is a good safety precaution to take.

Alternatively, if you are an employee of a local authority and want to make sure that you don’t make a similar mistake, talk to your employer about any processes that can be put in place to make sure that the addresses of your customers are correct. This is especially important if you deal with sensitive information. Such steps could include things like additional data protection training, and checks and balances on systems generating correspondence.

For more advice on how to keep safe online, follow Hayes Connor on Twitter or give us a like on Facebook. Alternatively, if you have been the victim of a data breach or cyber fraud, find out how we can help you to recover any losses or give us a call on 0151 363 5895 to discuss your case in more depth.