Template Letter for Data Breaches

Here is a template letter you can use to complain about data breaches.  I have put this together for a complaint concerning a social worker, but you can adapt the template to suit your need.  If not using for a social worker complaint, you will need to remove the sections about social worker professional standards.

Your Address

The Date

Who the Letter is address to.

Dear XXX

Formal Complaint Unauthorised Disclosure of Sensitive Personal Data.

On the (Insert Date) , (Insert Social Worker Full Name) a professionally registered social worker employed as a social worker by (Insert Council Name) disclosed data that they were not authorised to do. 

In doing so they 

Breached Section 170 (1) (a) Data Protection Act 2018:  Which makes it an offence to knowingly or recklessly disclose personal data without consent.

Breached Social Worker Professional Standard 2.2  Respect and maintain people’s dignity and privacy.

Breached Social Worker Professional Standard 2.6  Treat information about people with sensitivity and handle confidential information in line with the law.

The breach occured because  (XXXX inseert what they did and state that you are harmed because of it.)

With regards to this incident, I wish to make a formal complaint and I also require require:

a)     A copy of your organisation’s data protection policy for the relevant period;

b)     A copy of any risk assessment in place prior to the data breach and any risk assessment in place after the data breach had occurred;

c)     Any relevant notes and documents pertaining to any internal investigation into this incident;

d)     Confirmation that your organisation reported the data breach to the Information Commissioner’s Office (“ICO”) within 72 hours of identifying the data breach; or the minutes of any meeting if you decided not to report the matter.

e)     A copy of any correspondence between your organisation and the ICO relating to this data breach;

I reserve the right to refer the matter to the Information Commissioners Office.


Yours Sincerly


XXXXX

Can You Sue For A Data Breach

GDPR Data Breaches by The Child Maintenance Service

Online, I often see comments such as "The CMS have told the receiving parent how much I earn, is this a breach of data protection law?
Well beleive it or not, it is not a data breach. The reason it is not a data breach is because the CMS are required to tell the other parent how much taxable income the paying parent receives. Why do they have to tell? Because it forms the basis of a calculation and the Child Maintenance Service have to inform both parents, how the calculation is calculated. This also means, they also have to tell the other party, if you've got children living at your house, that you are claiming a discount for. And if you're claiming a discount they also have to tell them the number of children. The same applies if there are any other children on a case, who do not live with you. If you ask for a variation, they also have to share some of the information, even if the receiving parent cant object to the claim.

So legally, they have an exemption, as the law requires disclosure, and the Data Protection Act allows lawful disclosure. The specific law requiring disclosure is The Child Support Maintenance Calculations Regulations 2012, Section 25 B More on this on the video above.

What Cant They Disclose:

However, whilst it is neccessary to know about the other children, it is not neccessary to share their personal details such as name or date of birth. That they cannot do. They should not reveal any other children's names, nor can they give any details about the children other than the fact that there's a child. Again, disclosure of limited information is required by law. There's no way around that. Likelyhood of a Data Breach Whilst there are certain provisions for information release, there will without doubt, be the occaisional data breach. The CMS is a large organisation, that sits within the Department for Work and Pensions. Its very possible that as a large organisation, handling lots of personal data, will make a mistake, and a data protection breach will happen. For example, if they send you for example the wrong paperwork they send you paper relating to another family to children that aren't yours, then that's a breach of data protection regulations. I have previously linked via Facebook two people where that exact data breach occured, and one person was sent the details of someone elses case. If they send your paperwork to someone else that's most definitely a breach of data protection rules.

Tribunals

If you are attending a tribunal, it is a court process. Again there is a requirement for disclosure of all the evidence. This means that there are exemptions for data disclosure. There is one exception, and that applies if you wish the court to withold your address. On page 5 of the paperwork there is a box to tick, to prevent your address being shared. This currently does not apply to Northern Ireland.

Can I Sue the CMS for a Data Breach

Potentially, you can take legal action against the CMS for breaching your data, where the disclosure is not authorised by law. You will need to search for a specialist data breach solicitor. #cms #childsupport #childmaintenance #childmaintenanceuk #gdpr #childmaintenanceservice #databreach #databreaches #databreachsolicitor #DataProtection #ParentingTips #ChildSupportLaw #FamilyLaw #ParentalRights #CMSRegulations #DataDisclosure #LawfulDisclosure #Tribunals #PrivacyRights #ChildSupportAwareness For further inormation, see the legislation listed below. Links to Legislation: Notification of a Child Maintenance Calculation

Links to Further Education:  Amazon Books