Information Commissioner's Office
Printable version |
Estate agent data breach leaves customers open to ID theft
The Information Commissioner’s Office (ICO) has taken action after a London estate agent continued to leave papers containing personal information on the street despite a previous warning
On 11 December 2013, the ICO was informed that an outlet owned by Thamesview Estate Agents was leaving papers containing personal information in the street. The papers were stored in transparent bags and the information was clearly visible to anyone who walked past. The ICO warned the company that it must improve its compliance with the Data Protection Act by disposing of the information securely.
On 13 March 2014, the ICO was contacted by the original complainant and informed that the outlet was still leaving its customers’ information in the street.
The ICO found that the estate agent’s staff were not aware that they were acting in breach of the company’s guidance on the secure disposal of confidential waste. Thamesview Estate Agents also had no contract in place with the companies hired to securely dispose of their branches’ confidential waste.
ICO Head of Enforcement, Stephen Eckersley, said:
“Customers of Thamesview Estate Agents will be rightly concerned that their information was left on a street for all to see. The papers visible to the public included copies of customer’s passports and details of previous tax payments. This could be all a fraudster would need to steal someone’s identity.
“Despite a previous warning from our office, the company failed to address this issue. This is why we’ve served the business with an undertaking committing them to improving the way they handle their customers’ information.”
Thamesview Estate Agents have signed an undertaking committing the company to making sure that all of its branches keep the personal information of their customers secure. They must also introduce refresher training for all of their staff by 31 December 2014 and make sure that they have formal contracts in place with any companies responsible for destroying their customers’ information.
Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter.
4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
5. If you need more information, please contact the ICO press office on 0303 123 9070