I Promise this is Interesting

April 30, 2024
Privacy

Could this happen in your organisation? A woman filled in a form with an organisation, which included many personal details. Several months later a random person sent her a copy of the completed form, via social media, telling her he had been sent it by this organisation.

It turned out that an employee had saved the completed form onto their computer desktop for easy access, thinking it was a blank template. Only the front page was blank and all the subsequent pages had the woman’s personal details on it. Each time there was a request for the form, the employee sent the version on their desktop. Over a nine month period the completed form was emailed to several other clients.

Once the issue was reported, the organisation contacted the people they could, who had been sent the information when requesting the form. Unfortunately, there was no definitive record of who the form had been sent to. The organisation could also not provide any guarantee the personal information had not been circulated by those recipients.

A complaint was made to the Office of the Privacy Commissioner, and the matter was investigated, ultimately resulting in the organisation paying the woman $15,000 in compensation.

The question to ask: Could this, or something similar, happen in your organisation?

There are so many other ways privacy can be inadvertently breached. Have you ever sent an email to the wrong person, kept hold of client or employee personal information longer than needed, had an IT data breach, forgotten to remove an ex-employee’s access from your systems, had someone ask for a reference without that person’s permission, or had a worried parent/partner ask for information about an employee? We have a 1.5 hour practical and informative webinar on the Privacy Act coming up on 29 May. If you found this article helpful (and concerning) then this webinar might just be ideal for you.

Share This