The Post Office has admitted a GDPR breach following objections to plans to close and relocate a village Post Office branch.
Following the conclusion of a consultation period about plans to close the Post Office in Haworth, a West Yorkshire village south of Keighley, and relocate it to a Co-Op branch, the Post Office sent out an email thanking local residents for sharing their views.
Unfortunately, the email contained 155 visible email addresses of those who had participated in the consultation. The Post Office attempted to rectify the situation by recalling the email but repeated the error, sending another email exposing the 155 email addresses.
The Post Office then sent an email that didn’t expose the email addresses, asking recipients to delete the original email that it couldn’t recall.
The email sent by the Post Office to customers said:
“Regrettably the content of the email was correct, the email contained the email addresses of other recipients in error.
As we were unable to recall the message, please can we ask you to delete the original email and reply to this email confirming this has been done.”
Haworth residents not impressed
This incident further inflamed local tensions, with considerable unhappiness around the planned closure and relocation further exacerbated by the exposure of residents’ email addresses.
One resident, Tim Underwood, told local newspaper The Telegraph & Argus, “It isn’t acceptable, it’s an utter shambles, and has been dealt with in the same vain as how Haworth Post office closure was dealt with.”
Meanwhile, the Post Office told the paper, “We take any data incident very seriously and are sorry for any concern caused to the recipients of the email in question. Initial action was taken to recall the original email, followed by a request that it be deleted by each recipient before a corrected version was sent. We have notified the Information Commissioner’s Office about the incident and are looking at what we can do to ensure this does not happen again.”
Commenting on the incident, the ICO said, “People have the right to expect that organisations will handle their personal information securely and responsibly.
“Post Office Ltd has made us aware of an incident and we will assess the information provided.”
Next steps for affected residents
It is not yet clear whether the ICO will conduct a full investigation into this incident.
To date, there have also not been any reports of this data breach leading to further consequences.
However, if you’ve been affected by this data breach, you may be entitled to compensation.
While we’ll wait for the outcome of the ICO’s assessment and any subsequent investigation, you can still contact LawPlus and share your details with us pending any potential review and claim. Once the ICO has done it’s work, we’ll conduct a FREE, no-obligation assessment of your case and advise if you have grounds to claim compensation from the Post Office.