An estate agent that reportedly left a client’s passport and tax information in the street over 18 months ago has been told to undertake “further work” on data protection to satisfy the demands of the Information Commissioner’s Office.
Last August we reported that in December 2013 the ICO had been informed that a branch of Thamesview Estate Agents Ltd had left papers containing personal information in the street.
The TEAL group includes many agency brands, including Beaney Pearce, Chard, Dexters, Pembertons, Penny & Co and several others.
The papers from the branch in question were stored in transparent bags and the information was clearly visible to those who walked past.
The ICO subsequently warned TEAL that it must improve its compliance with the Data Protection Act by disposing of the information securely. But in March 2014 the ICO was contacted by the original complainant and informed that the branch was still leaving its customers' information in the street.
More recently the ICO reported on a follow-up assessment it undertook “to provide the ICO with a level of assurance that the agreed undertaking requirements have been appropriately implemented.”
ICO’s findings - made public last month - stated that the follow-up assessment looked at information and evidence provided by TEAL. “This includes a management summary of actions taken or planned, polices, certificates of destruction, training and awareness materials, training statistics and minutes of meetings” says an ICO statement.
But the office says that while TEAL has taken “appropriate steps” and “put plans in place to address some of the requirements” it was the case that “further work needs to be completed by TEAL to fully address the agreed actions.”
TEAL told the ICO that it had now introduced information on data protection into the company’s handbook which accompanied job offers and corporate induction, with staff required to sign to confirm they have read and understood the organisation’s data protection procedures.
The issues of data protection and confidential waste were also covered in ‘best practice’ sessions completed by staff after nine months in the job, too.
All TEAL offices now have shredders and a data handling policy is in place along with information sheets covering these issues. The policy and information sheets are reviewed annually by the agency’s designated data protection officer.
The firm has told the ICO that a scanning process has been introduced to reduce the volume and risks of paper files.
So far, so good - but in an indication of how seriously the authorities take data protection, the ICO now says it wants more including:
- a data protection course and test to be completed annually by all staff, to be rolled out this year;
- 'cross shredders’ in all TEAL offices to be used as the primary method for the destruction of confidential waste;
- the promised recruitment of a Head of Legal, a qualified solicitor who will be tasked with reviewing all contracts in place with third parties to ensure appropriate data protection clauses are in place.
EAT has asked TEAL for any comment it may have on the ICO’s demands.
Join the conversation
Jump to latest comment and add your reply
**contracts in place with third parties to ensure appropriate data protection clauses are in place
** Interesting. How many agents have checked their software suppliers agreement? I have seen one softwares agreement (from a large supplier) that stipulates it has rights to access and pass on collected clients data that the agent has entered or brought in.
In a long contract small wording could easily be overlooked, yet compromise an agents data protection liabilities.
Oh dear. You fear some people would lose their head if it wasn't screwed on. Surely, when dealing with sensitive and delicate information, you make sure you're extra careful and carry out even more due diligence.
In this case, obviously not.
The contract doesn't have to be very long or the wording particulary small to be overlooked. Most agents don't read terms and conditions Trevor. I think a retrospective browse through T&C's would leave a few people, at best, red faced at what they have signed up to.
By submitting content on our website or otherwise providing content to us in connection with the Services ('Materials'), you grant us a royalty-free, perpetual, irrevocable and non-exclusive right and license to (a) use, reproduce, distribute, display, modify and edit these Materials in connection with the Services and (b) sublicense these rights. We will not pay you any fees for these Materials and reserve the right in our sole discretion to remove or edit them at any time. You also warrant and represent that you have all rights necessary to grant us these rights. We permit you to post Materials on our website in accordance with our procedures provided that the content is not illegal, obscene, abusive, threatening, defamatory or otherwise objectionable to us.
@Jon Tarrey – Agreed Jon. In this day and age agents need to be more careful when it comes to handling data. In fairness though TEAL was said to have taken appropriate steps before this, so a particularly forgetful or distracted agent is probably the one at fault!
Please login to comment