The Parish of Grouville is having to review its systems after misidentifying a parishioner.
An investigation by the Jersey Office of the Information Commissioner found several failings after a complaint was made against the parish.
In the search for someone who owes money for parish rates, a person with the same name was mistakenly pursued for the debt.
The JOIC says Grouville failed to have 'robust' processes in place to correctly identify people who owe them money and should have provided the public with more information on how they identify debtors in its Privacy Policy.
The parish is also accused of failing to recognise the impact being wrongly accused had on the complainant.
As a result, Grouville Parish Hall has been asked to review its Outstanding Reviews processes, ensure staff are trained in the procedures and review and update its Privacy Policy.
The JOIC says there are several lessons businesses and organisations can learn from this data breach. They:
- Must have proportionate, relevant and practical systems and procedures which can be relied upon by staff and customers.
- Should recognise and mitigate the risks associated with identifying an individual incorrectly.
- Should have appropriate controls and governance protocols in place to process personal information appropriately, which are reviewed periodically, including, for example, data sharing agreements where applicable.
- Should have a relevant and accurate, easily understood, fit for purpose Privacy Policy.
Election voter turnout revealed
States members sworn in as Chief Minister discusses Ministerial options
Man (36) found guilty of child sexual abuse
Healthcare campaigners make a stand as new States is sworn in
Jersey students heading to university to receive Meningitis B vaccine
Farnham to remain Chief Minister
Hole in road causes gridlock in St Helier
Woman who died in St Brelade crash named
