Financial services company Beauvoir, mistakenly sent a client’s sensitive personal documents via ordinary mail to a third party, with the ODPA deciding that breached the island’s data protection law.
The documents included crucial identification information, property details, and financial records.
According to the Office of the Data Protection Authority, the issue arose from Beauvoir’s lack of a specific policy for sending sensitive mail, leading staff to choose an insecure method.
This resulted in the loss of the documents, leaving the client vulnerable to potential identity theft and causing significant stress and anxiety.
The Data Protection Authority said it investigated the incident and found Beauvoir in breach of data protection regulations, and as such it issued a reprimand.
Beauvoir has since implemented a new policy for sending sensitive mail, requiring the use of recorded delivery or courier services.
The ODPA said this serves as a reminder for all organisations to prioritise data security, especially when handling sensitive personal information.
It also said that establishing clear procedures for data transmission and regularly reviewing security measures are crucial steps in ensuring compliance with data protection regulations and safeguarding the privacy of individuals.