This week the clinic will be discussing the importance of finding out what information big cooperations have in your name…. Corporations like the NHS, DVLA, HMRC, Electoral Commission etc… During my travels this week. I met a very cheerful lady. As we got talking… out of the blue she asked me if I had checked the information the NHS had about me. I promptly answered that I had not and she started to share her story… for several years, she had been sharing the same NHS number and the same date of birth with another woman in the United Kingdom.
She only found out when she visited her GP for a routine check up and the doctor having pulled up her files with the information she provided asked her she was coping with the medical issue he picked up on her file. The woman told me she thought the doctor was having a laugh. The doctor went on to ask her more intimate questions related to what he was reading off her file… The woman was alarmed. She went on to advise the doctor that the information he was reading out to her was not for her that he must have picked up the wrong file.
The doctor advised her that based on the information she provided it was her file… It was then that it occurred to both of them that there was another person sharing her details… someone from the same European country, same date of birth and same National Insurance Number.
She immediately took advise and reach out to Supervisory Authority at ICO.
You may be asking what this has to do with Cyber Security. This is clearly a Data Breach. Something has gone wrong. The implications of this breach is far reaching…
Just Imagine if the lady in question was involved in an accident and she needed blood… If the other lady involved in the mix up was blood-type A and she was a different blood type. How are the emergency services to know…
Simply Frightening!!
Lessons
With GDPR introduced in May 2018…We are now able to make a request to any of the corporations we have links with (as I mentioned earlier) to have them reveal the information they have in your name… You are a legally allowed to do this… and they have 'x' no of days to make this information available to you…
As a data subject you have the right to be informed, to object, to rectify and to erase with regards to any data held about you and I…
The Clinic recommends that we should verify (where applicable) the information big cooperations have in our names…
Extremely important.
We should not assume the information is always correct… As the story I shared
(albeit rare) proves.
Subject Access Request Email Template
You could use the subject access request letter template below as a guide, adding exactly what information you are asking for:
[Name and address of the organisation]
[Your name and full postal address]
[Your contact number]
[Your email address]
[The date]
Dear Sir or Madam
*Subject access request*
[Include your full name and other relevant details to help identify you].
Please supply the personal data you hold about me, which I am entitled to receive under data protection law, held in:
[Give specific details of where to search for the personal data you want, for example:
My personnel file;
emails between ‘person A’ and ‘person B’ (from 1 June 2017 to 1 Sept 2017)
My medical records (between 2014 and 2017) held by ‘Dr C’ at ‘hospital D’;
The CCTV camera situated at (‘location E’) on 23 May 2017 between 11am and 5pm; and
financial statements (between 2013 and 2017) held in account number xxxxx.]
If you need any more information, please let me know as soon as possible.
[If relevant, state whether you would prefer to receive the data in a particular electronic format, or printed out].
It may be helpful for you to know that data protection law requires you to respond to a request for personal data within one calendar month.
If you do not normally deal with these requests, please pass this letter to your data protection officer or relevant staff member.
If you need advice on dealing with this request, the Information Commissioner’s Office can assist you. Its website is ico.org.uk, or it can be contacted on 0303 123 1113.
Yours faithfully
[Signature]
OK… That’s it for this week
IMPORTANT LINKS
Email Address
lidem@familycyberclinic.com
0 Comments