Tweet
Hi all.
I have a letter here which is being sent to the company in question over clear breaches of the data protection act with regards to distributing my medical report within the company without my consent. I know it's a little hard to read with the XXX's but please have a look with regards to any amendments, issues that you think would help.
Many thanks for your time, good luck with all and God bless
Brighton
To XXX
I am writing to make a formal complaint against XXX. My complaint is that XXX has:
Information, submitted by XXX, during Tribunal proceedings, exposes how my very sensitive information, which details my mental health and my family’s personal circumstances was handled in a less then sensitive or fair capacity by XX XX staff.
In an e-mail from XX to XX, dated and timed XX (attached), it is quite clear that my personal medical reports have been distributed within the company without my consent.
"he was very keen for the report to only go to XX and not to be seen by other people. Therefore I wouldn't refer to it in the meeting as such."
I expressly stated I wanted the report to go to XX (HR manager), and XXonly. XX have breached the law and gone against my wishes, many people within your organisation have seen this report, including the most junior secretary.
It is clear that I spoke to XX on the XX 2010 for XX minutes. She rang me on her mobile, therefore the phone call
was unofficial and XX seems to have no records of this conversation. During this conversation I had the opportunity to disclose for the first time personal information to XX
While speaking to XX, she had the capacity to form an opinion that I, ‘should not have been at work for the last six months.’ However she lacked the insight to:
a) Decide upon whether a formal risk assessment was required
b) Decide upon how the medical reports, which she persuaded me to sign, would be used fairly and in a transparently.
Obviously sensitive information was being passed over from my GP’s Surgery and I wanted to be assured that the information was being kept confidential. I was never informed how the information was being used or who it was distributed to.
I did not sign the medical consent form because in the first instance I did not want my confidential medical information passed freely around the company. This was confidential information and I did not want it to be abused. Which is exactly what happened.
After speaking with XX, she informed me that she could only help me in my distress if I agreed to sign the medical consent form. I stated I only wanted the doctor’s report to go to her and her only.
Therefore had XX been open and honest about how XX intended to use my data, i.e. XX would freely distribute my information around the company without my consent then I would have not signed my medical consent.
I think it is unfair that XX used XX as a ‘go-between’ myself and the company collating information, later to be used against me. Especially, the fact that XX pretended to know nothing about my circumstances when she had clearly seen my medical report and she was well informed in advance. This is neither fair nor transparent use of sensitive information.
I will be seeking legal advice. Before taking this further and incurring further time and court costs for both parties, not to mention further damage to XXXX’s reputation as a company, in accordance with the procedure suggested by the ICO I am hereby giving you an opportunity to resolve this situation.
I look forwards to hearing from you within the next 14 days and I await with interest your comments on this matter.
Sincerely
xxx
I have a letter here which is being sent to the company in question over clear breaches of the data protection act with regards to distributing my medical report within the company without my consent. I know it's a little hard to read with the XXX's but please have a look with regards to any amendments, issues that you think would help.
Many thanks for your time, good luck with all and God bless
Brighton
To XXX
I am writing to make a formal complaint against XXX. My complaint is that XXX has:
- Breached the data protection act 1998
- Disclosed sensitive information without my consent
- Gone against my express wishes
Information, submitted by XXX, during Tribunal proceedings, exposes how my very sensitive information, which details my mental health and my family’s personal circumstances was handled in a less then sensitive or fair capacity by XX XX staff.
In an e-mail from XX to XX, dated and timed XX (attached), it is quite clear that my personal medical reports have been distributed within the company without my consent.
"he was very keen for the report to only go to XX and not to be seen by other people. Therefore I wouldn't refer to it in the meeting as such."
I expressly stated I wanted the report to go to XX (HR manager), and XXonly. XX have breached the law and gone against my wishes, many people within your organisation have seen this report, including the most junior secretary.
It is clear that I spoke to XX on the XX 2010 for XX minutes. She rang me on her mobile, therefore the phone call
was unofficial and XX seems to have no records of this conversation. During this conversation I had the opportunity to disclose for the first time personal information to XX While speaking to XX, she had the capacity to form an opinion that I, ‘should not have been at work for the last six months.’ However she lacked the insight to:
a) Decide upon whether a formal risk assessment was required
b) Decide upon how the medical reports, which she persuaded me to sign, would be used fairly and in a transparently.
Obviously sensitive information was being passed over from my GP’s Surgery and I wanted to be assured that the information was being kept confidential. I was never informed how the information was being used or who it was distributed to.
I did not sign the medical consent form because in the first instance I did not want my confidential medical information passed freely around the company. This was confidential information and I did not want it to be abused. Which is exactly what happened.
After speaking with XX, she informed me that she could only help me in my distress
if I agreed to sign the medical consent form. I stated I only wanted the doctor’s report to go to her and her only.Therefore had XX been open and honest about how XX intended to use my data, i.e. XX would freely distribute my information around the company without my consent then I would have not signed my medical consent.
I think it is unfair that XX used XX as a ‘go-between’ myself and the company collating information, later to be used against me. Especially, the fact that XX pretended to know nothing about my circumstances when she had clearly seen my medical report and she was well informed in advance. This is neither fair nor transparent use of sensitive information.
I will be seeking legal advice. Before taking this further and incurring further time and court costs for both parties, not to mention further damage to XXXX’s reputation as a company, in accordance with the procedure suggested by the ICO I am hereby giving you an opportunity to resolve this situation.
I look forwards to hearing from you within the next 14 days and I await with interest your comments on this matter.
Sincerely
xxx
Comment