will be learned, or have been learned, or are about to be learned etc..... They haven't had enough time yet for the PR dummy to come out with those words (or did I miss it?). I have had recent experience of the private sector "taking care" of my personal data. A pensions firm (based in Manchester( which handles my mother's widow's pension required sight of my power of attorney for her and would not accept a solicitor verified copy ( which was countersigned and verified on each and every page). So I toddled along to their Cardiff office with my original document- I was not willing to entrust it to the Xmas post, special delivery or no. So they had all this info on me, my brother, our certified witness and out two people to be informed etc., you get the idea... When I got home, I found that they had emailed this document in the clear to their Manchester office. How do I know? They had copied it to my email address, to "keep me informed of progress". Whilst I was working up a form of words to the ICO an envelope arrives in the post which informs me that the copy I had provided was not acceptable as it was only verified on the first page. I phoned up and informed them that the copy was theirs and I considered it unacceptable that they had sent it, unencrypted, via email. A few days later another letter arrives - carbon copy of the first, unacceptable etc... Flame on, phones up, demands to speak to arsehole in charge of section, did a mars attacks on him, informs him the ICO know about his organisation, told him whose copy it was and I would like an apology etc. Apology forthcoming, grave error, not how we normally do things etc.... Letter arrives, no need to do anything, accept document, fulsome apologies, bullshit etc. The problem is that these private sector people operate like this all the time, I only know how they handled my data because I was accidently copied into the emailing! How do we have oversight on how private companies handle this stuff?
I can only suggest that the ICO develop a form of words that we can attach to any document to any company, public or private, that warns of legal action if they are found to have breached the conditions attached to our submission of our private data.
severely pissed off,
Someone whose data is already out there.