Outcomes - Selected Case Summaries
Categories
Breach at local telecommunications company
Informal Resolution | 12 January 2023
The Ombudsman received a data breach notification from a local telecommunications service, providing details concerning one of the data controller’s ex-employees unlawfully sharing personal data of a customer with a police officer for their personal use, which may constitute a serious violation under the DPA.
As part of our investigation, we obtained extensive documentation, including the applicable data protection policies and procedures, data protection training records, a confidentiality agreement, call logs, system audit logs, and statements from relevant parties.
We investigated potential contraventions by the data controller, and considered whether any acts or omissions of the data controller contributed to the breach. However, we concluded that the data controller had adequate organizational and technical measures in place to secure the data, and the data breach case was closed. The matter relating to the sharing of personal data remains before the courts.