Has data protection been broken by the Parish Council clerk? - help appreciated, please

Question

On the 5th. March, I asked the question about "Correct/ Lawful use of residents private information / data used by a Parish Council clerk".  Kindly answered by "smallb 34r".                                                                                                                                                            Our PC. clerk had sent me a personal, brutal and threatening letter from a solicitor, claiming I had "tarnished" his reputation by putting a comment on our local Facebook page about the lack of information from the PC to residents, which is not true.  I wrote to the solicitor through the Data Protection Act asking how had he obtained my name and address ? - the eventual response alarmed me.    He replied that my details had been supplied to him by the clerk who had got my name and address from the PC records after I had wrote in to them previously requesting some information.                                                                                   I believe that my data has been misused by the clerk who has used my private information that was sent to the PC and used it privately to send this letter.  AM I RIGHT?  HOW SHOULD I PROCEED ?    I appreciate all answers .                                                It would be useless talking to our parish councillors about this as they are aware of what he has done and just ignore it as they are as bullying as the clerk.  In fact, the information that some residents have found out about our PC would make an excellent but alarming documentary about just what they have done.

 

 

Answer 1

This isn't the best forum to discuss data protection issues. However, I am shocked that a solicitor would provide that answer, at it creates a potential liability on the Clerk.

Though, (and this is a long winded way around it). The Clerk can (tenuously) argue that as you wrote to the Parish Council previously, (and not an individual councillor) that the document is neither private, nor confidential and can be treated as a matter of public record. - It is a stretch, but not unreasonable to argue.

If I was the Clerk, I'd have said the 192.com website, as your details will more than likely be available (for a fee) on their website.

To close, take data protection advice, you can contact the ICO who will look into it for you.

Answer 2

The 2018 General Data Protection regulation   Principle (e) states that data kept in a form which permits identification of data subjects should be stored for for no longer than is necessary for the purposes for which the personal data are processed; It adds that personal data may be stored for longer periods solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes.

Principle (b) states that personal data is  not further processed in a manner that is incompatible with those purposes.

So you could demand that (1) The Clerk justifies why he retained your personal data after the information requested had been supplied.  If so (and that is by no means certain)

(2) The Clerk specified why providing your personal data to the solicitor was in the public interest. 

There is a shadow over the solicitor for trying to obtain personal data form records that may not have been GDPR compliant too.

If your post was factual, it would not be defamation.  Consider using the way back machine to archive dated copies of a Council web page in the future as proof.

Answer 3

Disclaimer: this is not legal advice but my personal views! 

Under Data Protection legislation as the solicitors hadn't got your information directly from you , they were obliged to tell you where they had  got it from.  This is exactly what the legislation is designed to do - to make it transparent to individuals who has their information, where and why.  

Your Parish Council is also required to be transparent about how it uses and holds the information that parishioners provide.  If you made a subject access request to the PC it would similarly be obliged to tell you who it has shared your information with.  Have you tried doing this?  It might help clarify matters for you. 

From the information you've provided it appears you believe that information you provided to the PC in order for it to exercise its statutory functions may have been accessed and used by the Clerk for other reasons.  If what you're claiming is correct, that's a very serious matter but sadly not uncommon.  Just because you can, it doesn't mean you should!

If you look on the ICO's website under 'action we've taken' you'll see many examples of criminal prosecutions against employees who have accessed information for unauthorised purposes.   This month, the ICO took action against an employee of Stockport Homes who had inappropriately accessed records without any business reason for doing so. In March an employee at the Heart of England NHS Foundation Trust was prosecuted for accessing the medical records of people she knew without any business need.  Last December a former doctor's surgery employee was prosecuted for accessing staff and patients records outside her role.  

Therefore I'd echo the advice of others and suggest that you ask the ICO to investigate your concerns.