The Parish of Grouville is having to review its systems after misidentifying a parishioner.
An investigation by the Jersey Office of the Information Commissioner found several failings after a complaint was made against the parish.
In the search for someone who owes money for parish rates, a person with the same name was mistakenly pursued for the debt.
The JOIC says Grouville failed to have 'robust' processes in place to correctly identify people who owe them money and should have provided the public with more information on how they identify debtors in its Privacy Policy.
The parish is also accused of failing to recognise the impact being wrongly accused had on the complainant.
As a result, Grouville Parish Hall has been asked to review its Outstanding Reviews processes, ensure staff are trained in the procedures and review and update its Privacy Policy.
The JOIC says there are several lessons businesses and organisations can learn from this data breach. They:
- Must have proportionate, relevant and practical systems and procedures which can be relied upon by staff and customers.
- Should recognise and mitigate the risks associated with identifying an individual incorrectly.
- Should have appropriate controls and governance protocols in place to process personal information appropriately, which are reviewed periodically, including, for example, data sharing agreements where applicable.
- Should have a relevant and accurate, easily understood, fit for purpose Privacy Policy.
Revised Strive hotel plans given the go ahead
South Hill skatepark gets green light
Health and care charities worth £137m to Jersey
'Not finding guilt is a verdict' says Human Rights Group on retrial law
Date set for new vape tax to take effect
Youth Assembly backs vape ban, but narrowly rejects social media ban
Public Health Jersey issues advice following UK meningitis outbreak
Ports of Jersey to takeover running of harbour café
