Question Data protection / GDPR breach question

nick · Nov 8, 2021

I am treasurer of a local scout group
We bank with Barclays
As we require dual signatories, mandate changes are very painful and complex and we have constantly struggled to get changes put through (multi hour phone calls, snail mail etc etc)

one of my colleagues had an attempt at a mandate amendment last week.
Barclays asked for the relevant forms to be updated/authorised via docusign

On opening the given link in order to authorise, she received details of the mortgage application of an unknown person.
She has reported the likely breach to Barclays, but says that they didn't appear too bothered.

To me this seems like a clear-cut data breach

What is the recommended action?
1) report the breach to ICO ourselves?
2) tell the third party we are in receipt of their personal data?
3) ignore?
4) other?

recommendations welcome hive mind

killer b · Nov 8, 2021

I wouldn't bother doing anything tbh. you've all probably got better things to be getting on with

skyscraper101 · Nov 8, 2021

If you really did want to bother following up probably start here.

Data protection

The Data Protection Act (DPA) controls how personal information can be used and your rights to ask for information about yourself

www.gov.uk

StoneRoad · Nov 8, 2021

If you want to get involved and keep your own nose clean.

Report formally to Barclays & officially complain about it.
Advise the third party & also tell them you have made B aware.

Then, report to ICO (& possibly banking ombudsman}

Saul Goodman · Nov 8, 2021

Ask yourself if you were the person whose data was leaked, what would you want you to do.
Personally, I'd want you to make me aware of it. It's the right thing to do, IMO.

farmerbarleymow · Nov 8, 2021

Sounds like it's definitely a breach, and they've somehow given you the wrong link. I'd report it to the bank and let them deal with it - in certain circumstances they should notify the other party of the incident, and where it meets the threshold, report it to the ICO themselves.

Barclays Data Protection Officer can be contacted here

DPO@Barclays.com

They won't tell you what they did about the breach as by definition it's not your data. But if you feel vexed you can report it to the ICO - or raise it with the bank via Twitter.

Make a complaint

If you have a concern about the way an organisation has handled your personal information or you have an issue accessing information from a public body, you can report it to the ICO. You can report nuisance calls and spam texts to the ICO using this reporting tool. Report spam texts and cold...

ico.org.uk

Saul Goodman · Nov 8, 2021

Around 25 years ago my brother had details of his mortgage sent to someone with a similar name on a nearby street. The neighbour took the letter to my brother and apologised for opening it, and my brother contacted the bank, who tried to fob him off with a "sorry, won't happen again" letter. They ended up settling out of court for £15k

killer b · Nov 8, 2021

Saul Goodman said:
They ended up settling out of court for £15k

this seems an unlikely sum. on what grounds did they pay him so much cash?

Saul Goodman · Nov 8, 2021

killer b said:
this seems an unlikely sum. on what grounds did they pay him so much cash?

On the grounds that it went on for the guts of a year and he charged them £75 a letter.
Why do you think I'd lie about it?

killer b · Nov 8, 2021

Saul Goodman said:
On the grounds that it went on for the guts of a year and he charged them £75 a letter.
Why do you think I'd lie about it?

people lie about allsorts of weird shit for no reason at all. My mate got fifteen grand for fuck all is classic compulsive bullshitter territory, so you'll have to forgive me for raising an eyebrow.

Saul Goodman · Nov 8, 2021

killer b said:
people lie about allsorts of weird shit for no reason at all. My mate got fifteen grand for fuck all is classic compulsive bullshitter territory, so you'll have to forgive me for raising an eyebrow.

Then you'll have to forgive me for thinking you're a bit thick, as a bank sharing your account details with your neighbour isn't 'fuck all' .

killer b · Nov 8, 2021

how many letters did he send them at 75 quid a pop? 'cause even if he sent one a week for a year it's only a few grand, but somehow it explains an extravagant out of court settlement many times that amount. That's the kind of detail that sets off my pub bore bullshitter radar.

Saul Goodman · Nov 8, 2021

killer b said:
how many letters did he send them at 75 quid a pop? 'cause even if he sent one a week for a year it's only a few grand, but somehow it explains an extravagant out of court settlement many times that amount. That's the kind of detail that sets off my pub bore bullshitter radar.

I've no idea how many he sent, or what damages he was looking for, but he was a brief for the CPS, so he probably had a clue what he was at.

nick · Nov 8, 2021

Stands between Saul and Killer B and shouts "Leave it Dave - he's not worth it"
Leave it Dave

In the meantime - thanks Farmer B

Question Data protection / GDPR breach question

nick

Pleomorphic Adenomas R us

killer b

That vase.

skyscraper101

0891 50 50 50

Data protection

StoneRoad

heckling from the back!

Saul Goodman

It's all good, man

farmerbarleymow

I'm Petee's spirit animal

Make a complaint

Saul Goodman

It's all good, man

killer b

That vase.

Saul Goodman

It's all good, man

killer b

That vase.

Saul Goodman

It's all good, man

killer b

That vase.

Saul Goodman

It's all good, man

nick

Pleomorphic Adenomas R us

Similar threads