The Parish of Grouville is having to review its systems after misidentifying a parishioner.
An investigation by the Jersey Office of the Information Commissioner found several failings after a complaint was made against the parish.
In the search for someone who owes money for parish rates, a person with the same name was mistakenly pursued for the debt.
The JOIC says Grouville failed to have 'robust' processes in place to correctly identify people who owe them money and should have provided the public with more information on how they identify debtors in its Privacy Policy.
The parish is also accused of failing to recognise the impact being wrongly accused had on the complainant.
As a result, Grouville Parish Hall has been asked to review its Outstanding Reviews processes, ensure staff are trained in the procedures and review and update its Privacy Policy.
The JOIC says there are several lessons businesses and organisations can learn from this data breach. They:
- Must have proportionate, relevant and practical systems and procedures which can be relied upon by staff and customers.
- Should recognise and mitigate the risks associated with identifying an individual incorrectly.
- Should have appropriate controls and governance protocols in place to process personal information appropriately, which are reviewed periodically, including, for example, data sharing agreements where applicable.
- Should have a relevant and accurate, easily understood, fit for purpose Privacy Policy.
New 'competitiveness' plan to protect Jersey's £3bn financial sector
Fines for 'Jersey Lifts' drivers a step closer?
£225K grant given for clinical trial into heart failure
New school grouping system to address pressures on Education
Jersey to nearly quadruple its protected waters
Broad Street turns a new leaf
Ministers unsupportive of legislation to protect cash-use
Woman, 44, guilty of inappropriately touching a teen at Portelet
