UP-DATE FOR FACTORED CUSTOMERS
Some of our customers may be aware through social media that the Association was involved in an information security breach recently. This was not a breach of the General Data Protection Regulations which we sent you information about last year and this has been confirmed by the Information Commissioner’s office which regulates such breaches. Nevertheless it did involve some customer’s information being inappropriately shared with an unauthorised person. In order to provide you with as much information as possible and help you to be assured that your own information is safe, I thought it would be helpful to tell you what happened.
First of all can I say that we are extremely disappointed at this information security incident. Bridgewater takes peoples information and its security very seriously and we have invested a great deal of time, effort and money in preparing for the implementation of the new GDP regulations so this is all the more galling, particularly since it was not of our making and was completely out of our hands.
How did this incident come about?
The Association uses a firm of Sheriff Officers to pursue some customers who are in debt to the Association for work that we have carried out and which they are responsible for paying a share off. We share with them names and contact details together with the amount of the debt. They in turn use a separate mailing firm to send out letters to these customers. An error in their procedures meant that a letter to one customer also contained five other additional pages which contained details of 5 people other than that particular customer. However rather than simply advise us of this mistake and complain to us, the person chose to post copies of the letter, (with names and addresses hidden) on Facebook to complain about it. This inevitably resulted in people speculating about what happened and perhaps becoming worried about their own information. These are the details of the incident.
How many people mistakenly received information relating to other people?
What measures have been taken by the Housing Association to address the issue?
We have met with the Sheriff Officers and received a full detailed explanation as to how this error occurred. They have been left in no doubt as to our disappointment about this. They have contacted the person who received the letters to apologise and requested the return of the letters which were not meant for them. Unfortunately the person hasn’t done this yet and we have also written to her to ask for the return of the letters. Bridgewater have also written to the customers whose details were mistakenly shared to tell them what has happened and to apologise for the mistake.
Is there a risk of a similar data breach occurring again?
We have concluded that this is a “one off” anomaly connected to the operation of a software package and which has been sorted. We have been assured that it will not occur again.
I hope this helps customers to be assured that we aim to handle their information sensitively, privately and in accordance with the regulations but if anyone has any concerns they should feel free to contact our Factoring Team at the office.
Work Email addresses
One final thing I should say to customers is that if you are contacting us or our contractors or anyone working for us, about anything through email and you decide to use the e mail address provided by your employer, you may want to consider your employers policy about personal email use to make sure that they don’t have their own rules about this.