Otterpool Park: Another significant data breach?

Posted on March 21, 2019 by shepwayvox in Shepwayvox // 5 Comments

In the planning application Y19/0257/FH – Otterpool Park the document – Statement Of Community Involvement  – has been submitted. At page 9 of the document it states:

The developers of the Otterpool Park project are Folkestone & Hythe District Council & Cozumel Estates Limited – a British Virgin Islands company.

This letter was sent out by the joint developers, Folkestone & Hythe Distict Council and Cozumel Estates Ltd.  This means the Council, acting as the Council and not as the developer would have had to share your address details with the developers for you to receive the letter. Your address is ‘personal data’ under both the old Data Protection Act 1998 (DPA) and the new DPA 2018.

At the time the developers sent out this letter the law that was relevant was the Data Protection Act 1998 (now superseded by the DPA 2018)

In doing so, this may well have breached your data rights under the old Data Protection Act 1998, as the Council shared your personal data without your consent to do so with the developers.

Not just that, they also shared your data with a company overseas and so transferred your data to Cozumel Estates Ltd. Now for those of you who do not know:

The British Virgin Islands (BVI) has not enacted formal legislation to regulate data protection – Last modified 28 Jan 2019

The Council acting as the Council, not the developer, means its ability to share information is subject to a number of legal constraints which go beyond the requirements of the Data Protection Act (DPA 1998).

As concerned citizens, we would certainly want our Council to assess the impact on individuals’ privacy of any proposed plan involving residents personal data. We would expect the Council to consider which condition of the Data Protection Act 1998 justified this processing and sharing of data with the developers F&HDC & Cozumel Estates BVI, of the data.

Remember that the Data Protection Act 1998 was not a barrier to sharing information but provided a framework to ensure that personal information about living persons was shared appropriately. It would appear that in this instance the Council may well have not shared your data appropriately. By doing so they may well have committed another significant data breach.

The Council itself, not the developer, ought to self report to the ICO for a potential data breach. If they don’t you can report them by sending your concerns to: – casework@ico.org.uk

The Shepwayvox Team

Journalism for the people NOT the Powerful

The information contained in this blog post is provided for informational purposes only and should not be construed as legal advice on the  matter discussed. You should not rely on the information published.

Do not act or refrain from acting upon this information without seeking professional legal advice: you are strongly advised to obtain specific, personal legal advice about your case or matter and not to rely on the information or comments in this blog post.

About shepwayvox (1801 Articles)
Our sole motive is to inform the residents of Shepway - and beyond -as to that which is done in their name. email: shepwayvox@riseup.net

5 Comments on Otterpool Park: Another significant data breach?

  1. Meldrew // March 21, 2019 at 19:00 // Reply

    So if the Council “self report” themselves to the ICO for sharing our data inappropriately – then what kind of fine would the ICO drop onto the Council?

    And assuming that the fine could be punitive then who are the people who are responsible for this?

  2. G T // March 22, 2019 at 09:34 // Reply

    As they set aside £325,000 for the last data breach how much will this one cost us all. Monk and his cronies must go.

  3. Nothanks // April 5, 2019 at 09:51 // Reply

    Oh, okay well that’s potentially more concerning. Simple addresses are available from a number of sources inclusing the Royal Mail, so if the letters had been addressed to the occupier no dp issues would be present. If they are addressed to actual individuals, this could have been sourced from the open electoral role, and potentially there may be some statutory requirement to consult so they still may not have done anything wrong. Difficult to tell without further information. But interesting

Leave a Reply

Copyright © 2023 Powered by WordPress.com.

%d bloggers like this: