Can't you be more careful?
May 14, 2008 2:14 AM   Subscribe

UK Data Protection: The borough council has 'mislaid' personal information. What would you do?

As with many urban areas in the UK, we have to buy a resident's parking permit which entitles us to park in the street near our home. The scheme is administered by the borough council, and they make you jump through hoops (not to mention pay through the nose) to get the permit: you have to visit their office, provide your V5 document to prove vehicle ownership, and also a bill proving residency. They take a photocopy of the documents, take your money and later send you a permit.

I had a call from the council today advising me that they 'can't seem to find' the photocopied documents I provided. They think that somehow they have gone missing in transit between offices or departments, but they really have no idea what happened, and want me to provide new copies.

I appreciate that mistakes can be made and there's no point shooting the messenger (in this case a very apologetic junior clerical assistant), but I'm annoyed that the council can be so careless with personal information. They have taken copies of a credit card statement with my card number and address on, and my V5, and have no idea at all what happened to them. So:

1) Is there any significant risk should these docs have fallen into the wrong hands?
2) What comeback is there for the average UK peon when your local council screws up like this? What would you do?
posted by boosh to Law & Government (5 answers total)
Best answer: You can register a complaint with the Information Commissioner's Office, see here. They can't award you compensation though, if that is what you are looking for; that would require you taking the council in question to court. To do that, you would need to prove some damages. What the ICO can do is investigate and see if there are insufficient safeguards used by your local council in safeguarding personal data, and make them alter their practices.

If you are concerned about your credit card statements, it may be a good idea to call up your card issuer and ask them to send you a new card with a new number.
posted by modernnomad at 2:41 AM on May 14, 2008

Best answer: Is there any significant risk should these docs have fallen into the wrong hands?

I'd say the risk is not significantly greater than the case where the documents were not lost. After all, someone could have easily made a copy of these documents, or written down the credit card number, without losing the documents and therefore tipping you off.

What comeback is there for the average UK peon when your local council screws up like this? What would you do?

Yeah, you can contact the ICO. Your council might have some complaint procedure which you can also use, and you can contact your local area councillors. Also your MP if you have ideas on how to make the system less error-prone and invasive.

I probably wouldn't do anything, myself. No matter what you do, bureaucrats are still going to lose documents from time to time.
posted by grouse at 3:17 AM on May 14, 2008

Best answer: ICO will bollock them informally - but expect them to take years to do anything about it - they've got enourmous backlogs (at least for FOI, which is what I usually deal with them about - perhaps data protection is better?).

If you want to complain internally I'd email the Leader of the Council or the Chief Executive or if you wanted a more aggressive approach you could always go to the local newspaper - its quite a good story.

In terms of the data itself, I guess the main risk would be some trying to use the information as ID to establish a line of credit - there's not much you can do with a credit card number now without the three digits from the signature strip. It might be as well to keep an eye on your credit record for a bit - perhaps the council could be persuaded to pay for a year's subscription to Equifax or similar...
posted by prentiz at 5:21 AM on May 14, 2008

Best answer: I suggest that you make your complaint to the council. Obviously, due to recent massive privacy failures that I'm sure we all know about, they should be uber-sensitive to this kind of issue.

My Dad recently complained when he received an email newsletter from the council that had all the recipients email addresses pasted in the "TO" section instead of a group, a still all to common practice. He proved that at least two of the addresses he now had were spammers. Initially the council blamed a desk clerk, but then relented and accepted responsibility. I think he got some free tickets to a theatre performance of his choice.

So it is worth complaining, however, it helps, if like my Dad you are retired and have lots of time to spend researching the issue for slim benefit. If your outrage would be calmed by a written appology, then you should be able to get something like that.
posted by munchbunch at 5:24 AM on May 14, 2008

Response by poster: Thanks for the good advice, everyone.
posted by boosh at 10:41 AM on May 14, 2008

« Older Coffee Antidote For Falling Asleep?   |   TV blogs? Newer »
This thread is closed to new comments.