Data loss - should you notify the ICO?

The Information Commissioner's Office (ICO) has issued guidance on whether data breaches should be notified to the ICO.  This will be of concern to associations holding personal data relating to their residents, employees or contractors. 

There is no legal obligation to report data security breaches to the ICO under the Data Protection Act 1998 (DPA) (although specific reporting obligations outside the DPA may apply to certain public sector bodies).  The ICO recommends that serious breaches should be notified. 

The ICO advises that the overriding consideration in deciding whether to report a breach is the potential harm to individuals, such as risk of identity theft or a person's financial circumstances becoming public.  The extent of harm is dependent on both the volume of personal data involved and the sensitivity of the data disclosed.  

There is a presumption to report where a large volume of personal data is concerned.  As a rule of thumb, this is if more than 1000 individuals are affected.  A presumption to report may also arise where smaller amounts of personal data are involved but the information disclosed is particularly sensitive.  For example, the loss of as few as 10 records containing health related information could trigger a presumption to report. 

In deciding the most appropriate course of action following a data breach, the ICO will consider whether a breach has been reported voluntarily.  The ICO may decide to take no further action, require remedial steps to be taken or take regulatory action.  In the case of serious, deliberate or reckless breaches of the DPA, the ICO can impose fines of up to £500,000. 

Where the ICO takes regulatory action, such actions are publicised as a matter of policy.  This negative publicity can cause reputational damage and lack of public confidence in an organisation.  This is a serious consequence of a data security breach. 

In light of the above, organisations in the social housing sector would be well-advised to consider the following preventative measures:

- keep data protection policies under review;

- ensure suitable technical measures for data security are in place;  

- ensure staff receive data protection training;

- include appropriate protections in agreements with contractors to whom personal data may be
   transferred.  For example, providers of meals or other care related services to elderly residents. 

To find out more, please contact Carolyn Fink

Joint tenants can sever

The High Court has held that the long established rule in Hammersmith v Monk (1992) - that one joint tenant can unilaterally terminate the joint tenancy by giving proper notice to quit on the landlord - is not incompatible with Article 8 of the Human Rights Act 1998 (right to respect for one's home).

It was argued for the defendant that the rule was incompatible on the basis that its operation made it possible for a person (the remaining joint tenant) to be deprived of all legal interests in their home without their knowledge, consent or involvement in the decision.

This argument was rejected with the judge concluding that the House of Lords in LB Harrow v Qazi was plainly aware of the decision in Monk and gave no indication that it might be inconsistent with Article 8. Until such time as Qazi was overruled or modified, any argument as to the incompatibility of Monk with Article 8 was bound to fail.

Lana Wilson (by her litigation friend the Official Solicitor) v London Borough of Harrow (2010) EWCA 1574 (QB) 

To find out more, please contact Colin Hammond

Energy Performance Certificates - a quick reminder

Please remember that despite the abolishment of Home Information Packs, an Energy Performance Certificate (EPC) is still required for the sale of any property. It must be ordered before marketing commences and made available at the earliest opportunity to potential buyers, and certainly before exchange.  

To find out more, please contact Laura McCann

Mortgage Rescue Scheme - August update

With the future of the scheme now under review, Penningtons will be keeping you up to date on the latest developments in this area via a special feature incorporated in our monthly social housing update. This month we look at property construction and property responsibility.

Click here to view our Mortgage Rescue Scheme update

For more information about the Mortgage Rescue Scheme or to find out about Penningtons' mortgage rescue services,  please e-mail Graham Phillips.