Governance, Procurement & Information Article
12 December, 2023
The ICO has recently published guidance specifically targeted at the housing sector setting out how data protection law can be used to prevent harm. In a blog published by the ICO, it discusses a number of common complaints it sees from the housing sector and highlights how poor data protection practices can put customers at risk of harm such as distress, discrimination, identity theft, or physical harm.
The blog also stated that there is a lack of understanding about data protection law across the housing sector and gave examples from the recent report from the Housing Ombudsman (HO) relating to its investigation into an RP which identified record-keeping and data accuracy as key areas for improvement.
The ICO states that it commonly receives complaints relating to the following areas:
The guidance from the ICO provides some basic and sensible recommendations for RPs. However, we understand the complexity RPs face of competing legal and regulatory obligations along with managing complaints from extremely vulnerable customers. Our concern is that this guidance on one hand warns against inappropriate disclosures of personal data while on the other states that there is a fear of disclosing information in case data protection law is breached. It is understandable that an RP may read the example given by the ICO of a complainant's health details being disclosed to a legal advisor and be concerned that this means that they are unable to share details in this way. Whilst we do not know the background details of this particular complaint, there are circumstances in which it is both appropriate and necessary to disclose a complainants' health details when seeking legal advice, for the purposes of ensuring the safeguarding of both the complainant and the perpetrator, in order to consider the vulnerabilities of both parties and to ensure compliance with obligations under the Equality Act 2010 to avoid taking any action which is potentially discriminatory and comply with the public sector equality duty.
Should RPs receive a complaint in relation to its data protection practices, it should consult with its Data Protection Officer and seek specialist legal advice on responding to the complaint and corresponding with the ICO so that your lawful basis for handling personal data is clearly and correctly documented.
For more information contact Bethany Paliga in our Governance, Procurement & Information department via email or phone on 01254 222347. Alternatively send any question through to Forbes Solicitors via our online Contact Form.
Learn more about our Governance, Procurement & Information department here
ICO reprimands Finham Park Multi Academy Trust following cyber-…
Get in touch to see how our experts could help you.
Monday to Friday:
09:00 to 17:00
Saturday and Sunday:
Closed