At last, The Hub has achieved some closure to the long-running saga of the Information Commissioner’s enquiry into the bag of post found dumped in a river in North London early last year.
The case, which involved the discovery in April 2014 in Colindale, north London, of a full bag of post abandoned by a TNT Post (now renamed Whistl) postie, was picked up by the Information Commissioner’s Office (ICO) on the basis of a possible breach of the Data Protection Act, but ultimately dropped without further action in November that year.
Following a routine informal request for more information and two further formal requests under the Freedom of Information Act, the ICO has at last confirmed just why the matter was dropped.
In a statement received by The Hub on 11 February, an ICO spokeswoman said it had decided not to take any formal regulatory action as the incident “appeared to have been caused by the actions of a rogue member of TNT staff and was likely to be a one-off event which would not be repeated”.
There was “no evidence of substantial damage and distress having been caused to the affected data subjects” and although the data had been placed at risk by being left in a public space, it “was not accessed or processed further by any unauthorised third parties and was recovered intact by the data controller” – the data controller turning out to have been not Whistl, but Barclays Bank.
“We took the view that there was no substantial damage and distress to the affected data subjects, the personal data in question was not particularly sensitive, and the breach did not constitute a serious contravention of the DPA,” added the spokeswoman.
So now we know... although two small mysteries remain.
One is why the ICO took the view that it was a "one-off event", when the incident took place just a few weeks after the company was forced to apologise about another incident in which piles of undelivered post were found abandoned in a bush elsewhere in North London.
The other is why it took The Hub three attempts to get the body charged with ensuring data is handled appropriately to come across with an appropriate account of its own activities.