Results 1 to 4 of 4

Thread: Personal Details Accessed

  • Share
  • Thread Tools
  • Display
  1. #1
    Join Date
    Aug 2010
    Posts
    165
    Mentioned
    0 Post(s)

    Default Personal Details Accessed

    My daughter has been informed by a previous work colleague that the company, which she left a few months ago, was robbed and the employees' personal information was stolen. She is worried her address, NI number & bank details may have been accessed.

    This apparently happened 2 months ago & someone has read an email between the director & HR saying not to tell anyone!

    Does she need to inform her bank, as she is concerned about protecting her credit score & identity, She has just got a new mortgage & doesn't want any problems with that going through.

    Your advise would be appreciated, thank you.

  2. #2
    Join Date
    Nov 2016
    Posts
    155
    Mentioned
    11 Post(s)

    Default Re: Personal Details Accessed

    Quote Originally Posted by Bigsis View Post
    My daughter has been informed by a previous work colleague that the company, which she left a few months ago, was robbed and the employees' personal information was stolen. She is worried her address, NI number & bank details may have been accessed.

    This apparently happened 2 months ago & someone has read an email between the director & HR saying not to tell anyone!

    Does she need to inform her bank, as she is concerned about protecting her credit score & identity, She has just got a new mortgage & doesn't want any problems with that going through.

    Your advise would be appreciated, thank you.
    To be honest I am really not 100% certain! My instinct would be to say that telling the bank can't do any harm, although, in my experience (identity theft did once happen to me) it is not the bank that is vulnerable in such instances. But I suggest that asking the bank for advice might be a good place to start!

    In her shoes I might be tempted to write to the company saying that she knows that employees personal information has been stolen, and ask in what form that data existed and what the thieves actually have. She doesn't have to say how she found out, but if they are inclined to lie about it, in her shoes, I might casually suggest that if I don't get a good answer the Information Commissioners Office and the local paper will be my first ports of call. If data was only stored on computers that were stolen, whilst the information may still be accessible, it is likely that the thieves were more interested in the value of the computers and the information is simply collateral damage. If it were paper records, that suggests more targeting of the information since thieves don't usually break in to steal paperwork!

  3. #3
    Join Date
    Aug 2010
    Posts
    165
    Mentioned
    0 Post(s)

    Default Re: Personal Details Accessed

    Thank you very much, I'll pass that info onto her.

  4. #4
    Join Date
    May 2007
    Posts
    57,633
    Mentioned
    1441 Post(s)

    Default Re: Personal Details Accessed

    I believe the company has a duty to inform the people whos data was stolen of the fact so they can take preventative action if necessary, principle 7.

    https://ico.org.uk/for-organisations...le-7-security/

    Quote Originally Posted by Information Commissioners Office
    What should I do if there is a security breach?

    If, despite the security measures you take to protect the personal data you hold, a breach of security occurs, it is important that you deal with the security breach effectively. The breach may arise from a theft, a deliberate attack on your systems, from the unauthorised use of personal data by a member of staff, or from accidental loss or equipment failure. However the breach occurs, you must respond to and manage the incident appropriately. Having a policy on dealing with information security breaches is another example of an organisational security measure you may have to take to comply with the seventh data protection principle.
    There are four important elements to any breach-management plan:
    1. Containment and recovery – the response to the incident should include a recovery plan and, where necessary, procedures for damage limitation.
    2. Assessing the risks – you should assess any risks associated with the breach, as these are likely to affect what you do once the breach has been contained. In particular, you should assess the potential adverse consequences for individuals; how serious or substantial these are; and how likely they are to happen.
    3. Notification of breaches – informing people about an information security breach can be an important part of managing the incident, but it is not an end in itself. You should be clear about who needs to be notified and why. You should, for example, consider notifying the individuals concerned; the ICO; other regulatory bodies; other third parties such as the police and the banks; or the media.
    4. Evaluation and response – it is important that you investigate the causes of the breach and also evaluate the effectiveness of your response to it. If necessary, you should then update your policies and procedures accordingly.
    These issues are considered in greater detail in our guidance on data security breach management (pdf). We have also produced Notification of data security breaches to the ICO (pdf) and Notification of PECR security breaches (pdf). These provide guidance on:

    • the circumstances in which we expect organisations to notify us of security breaches;
    • the information we need in those circumstances; and
    • what organisations can expect us to do after they notify us.

    Use our security breach notification form (Word) to report a breach to us.
    “We may not win by protesting, but if we don’t protest we will lose. If we stand up to them, there is always a chance we will win.” Hetty Bower

    ****If you upload documents to your thread, please ensure you have redacted any personal data FIRST***

    Any advice I provide is given without liability, if you are unsure please seek professional legal guidance.

    Find Solicitors and Legal Services Providers offering fixed fees on our sister site - LBcompare.co.uk

Similar Threads

  1. HR shared my personal details with a colleague
    By bryl in forum Employment Law & Issues
    Replies: 5
    : 14th April 2015, 11:48:AM
  2. employer asking for personal financial details.
    By billywhizz in forum Employment Law & Issues
    Replies: 4
    : 15th November 2013, 19:39:PM
  3. MD requested employees personal bank details
    By Antoinette1976 in forum Information Commisioners Office (ICO) and Data Protection
    Replies: 3
    : 26th February 2011, 09:35:AM
  4. Fraudsters pose as MPs to steal personal bank details
    By Legal Beagles in forum News and Information
    Replies: 1
    : 17th December 2007, 09:32:AM
  5. How to prevent your abusers from knowing you have accessed this information:
    By Amethyst in forum Womens Rights Advice & Forum
    Replies: 0
    : 25th October 2007, 17:00:PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Contact Us



© Celame (UK) Ltd 2016
Hosted by Lodge Information Services Ltd
LegalBeagles® are DPA Registered No. ZA158014
LegalBeagles® is the trading name of CELAME (UK) LIMITED ( 09220332 )
Registered Address: 25 Moorgate, London, England, EC2R 6AY
VAT registration number 206 9740 02
User Alert System provided by Advanced User Tagging v3.1.3 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Feedback Buttons provided by Advanced Post Thanks / Like (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd. Runs best on HiVelocity Hosting.
Celame (UK) Ltd Powered by vBulletin® Version 4.2.3
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.

To find out more about managing your money and getting free advice, visit the Money Advice Service,an independent service set up to help people manage their money.

TOP