The Parish of Grouville is having to review its systems after misidentifying a parishioner.
An investigation by the Jersey Office of the Information Commissioner found several failings after a complaint was made against the parish.
In the search for someone who owes money for parish rates, a person with the same name was mistakenly pursued for the debt.
The JOIC says Grouville failed to have 'robust' processes in place to correctly identify people who owe them money and should have provided the public with more information on how they identify debtors in its Privacy Policy.
The parish is also accused of failing to recognise the impact being wrongly accused had on the complainant.
As a result, Grouville Parish Hall has been asked to review its Outstanding Reviews processes, ensure staff are trained in the procedures and review and update its Privacy Policy.
The JOIC says there are several lessons businesses and organisations can learn from this data breach. They:
- Must have proportionate, relevant and practical systems and procedures which can be relied upon by staff and customers.
- Should recognise and mitigate the risks associated with identifying an individual incorrectly.
- Should have appropriate controls and governance protocols in place to process personal information appropriately, which are reviewed periodically, including, for example, data sharing agreements where applicable.
- Should have a relevant and accurate, easily understood, fit for purpose Privacy Policy.
Work begins on Haut du Mont Memorial Garden
Inflation in Jersey at 2.8%
Review rules out benefits overlap for pensioner carers
Ignoring data protection may cause Jersey to 'lose our economy'
Draft law scraps time limits on abortions in Jersey
Divide over approach to gender guidance in schools
Three charities awarded £500 grants in community campaign
Ministers back principle of social media 'restrictions' for under 16s
