You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
I'm a registered landlord with a local authority in Scotland.
Today they sent out 9 emails.
First was half written, the second then disclosed over 1000 Landlord email addresses cc'd in.
The fourth was to only 6 people, 4 in the council and two other email addresses, internally stressing about the breach. Attached is spreadsheet of contact data for the over 1000 landlords.
The final 5 emails were apologies and rushed re-invites.
How would you respond?
Inform them.
That is more important. Tell them you would like to know the result of the internal inquiry.
oh they know - the last email is grovelling and asking for deletion and mercy, as well as ICO details.
The fourth email with spreadsheet was the internal 'oh crap' and 'how the hell did that happen' internal response.
Yep, it's to let them know that you know.
In the end do you want to punish them? They sound like they are trying to fix things (which they can't) so what good would screwing over your local authority do
Push back, what’s the point of creating a fuss.
Clearly they’re onto the case, bit schoolboy error’ish but then there should be protocol in place to limit the outage..
Like many, they’re probably still building the back end.
Are you on the list?
If so I’d be quite pushy about how you word your responses..
1000 isn’t a lot, despite what you might think.. the fact that it’s from an LA might mean they get an answer phone message from the ICO.. but in the bigger scheme of things.. this is teeny.
One organisation I know pummelled 10000 DD instructions a few weeks back, we will see how that outage scratches the nose of the ICO.
I am on the list.
I don't think names, addresses and emails are too harmful.
I also suspect that the lacky admin officer is without a job tonight, meanwhile the manager responsible for ensuring that the system was not a spreadsheet that could be shared with many is satisfied with their work....
I wouldn't pummel them but I would be looking at them to explain how it happened and how it's not going to happen again.
I'd ask for some hush money.
Maybe ask what they've learned from this, what processes they've changed as a result and whether they've thanked the "lacky admin officer" for highlighting the gaps in their compliance so effectively.
WWSTWD? Probably worry about punctuation or spelling unrelated to the matter at hand.
It's 'lackey', I believe.
Call the local newspaper and tell them what happened. The 4% of global revenue fine will be a great headline and you get to pull an angry face when they take your picture.
If you're lucky you'll make the big time:
http://apiln.blogspot.com/?m=1
So, 1000 details were sent to 2 people, and you are one of them? Reply telling them that you have deleted the data. That will halve their problem.
The 1000 cc`d emails are not really a big issue. The council should log the breach but don't really need to inform the ICO due the fact its not sensitive data, and it was only sent to 2 people.
Are all of these details searchable on the gov website (landlord register) anyway? In which case they are in the public domain and therefore not a breach.
Sell the list to boiler maintenance companies, decorators, plumbers and anyone else who might be interested. 😉
Wwstwd?
Well... the topic immediately vere ofcourse with "you are a money grabbing landlord and you deserve what you get"
"Brexit and possibly Thatcher"
Perchy will make a joke.
There will be atleat two expert who no every single issue of the problem and exactly what to do from a moral and legal point of view, these two experts will exactly contradict each other.
Atleast one person say exactly how they'd sort them out as an Internet hardman
Buzzwords
Pudding, hoof, wee, bombers, slats, shoes.
How would you respond?
Reply All
I’d ask for some hush money
I fear that ship may have sailed...
The worst thing is that they didn't stop and think but carried on emailing everyone.
The spreadsheet didn't go out until after they realised there was a problem.
I'd contact the ICO - I wouldn't trust an internal process to prevent recurrence.
Sell the list to boiler maintenance companies, decorators, plumbers and anyone else who might be interested.
On a side note to that comment (which is hilarious BTW)
BITD when I was in my formative Banking “middle management climb the ladder” phase we had a very large Estate Agency that also had a Property Management wing to it... 24000 landlords on the books at the time (IIRC) anywhosee, “someone” (I knew who it was) downloaded the entire database onto a small server and started to segment the data sets into regions and such... then went off on a Sell The Data Off To The Highest Bidder scheme.. As Perchy mentions, not only local EA/PM organisations but Builders/Decorators/Plumbers and Electricians..
Git made about £70k and he eloped to Majorca to go skinny dipping with a 19yr old EA receptionist..
Never saw him again.
(which is hilarious BTW)
It's the giant emoji that makes it.
Apologies for thread hijack but it is gdpr related. My wife and I are having treatment via a Spanish clinic as I have mentioned elsewhere here. Couple of weeks ago they emailed us someone else's prescription and then afterwards sent our correct one to a U. K. based online pharmacy copying us in, crucially we have never used or consented to sharing our info with them.
How long do we give them to sort/ investigate before starting get shirty? It's been 2 weeks now with no updates, doesn't inspire confidence in their confidentiality or ability identify right people! Had another few comms issues last year too with incorrect emails etc, but pre-GDPR.
I'm sure the relevant authorities they have accreditation with would be interested but haven't threatened this yet. I suspect the reputational damage would not be healthy for their business, especially if we hit the fertility forums. But above that it's stressful enough without this added on!
Do we look for the Spanish ICO and report it?
Thanks, Niall
I wouldn't be asking for money, the fines can be huge and LAs aren't exactly rolling in it (cue comments about mismanagement, waste etc).
Is it that bad? People make mistakes, some poor junior might get sacked.
So, 1000 details were sent to 2 people, and you are one of them?
No, 1000 people now have 1000 people's email addresses.
And yes 2 people now have a more detailed set of contact information.
I have simply asked them this morning what they are doing to prevent this in future - pointing out that my work uses dotmailer system to prevent such issues, and has for a decade or so.
No, 1000 people now have 1000 people’s email addresses.
And yes 2 people now have a more detailed set of contact information.
But how much of that info is publicly available on the register?
Good point - the register only lets you search one person at a time, and only then with some information already to do the search.