The data breach and cybercrime specialists at Keller Lenkner UK (now KP Law), have launched legal proceedings against the Royal Mail.
The data breach action was officially filed at The High Court on Wednesday 28th October 2020.
The action relates to the release of employee information, collected by Royal Mail as part of an internal investigation following allegations of harassment and bullying made against another Royal Mail employee.
The claimants in this case had a reasonable expectation of privacy given the circumstances. Despite this, during the investigation, personal information was sent to a third party. The personal data included addresses, mobile telephone numbers, and in one case the name of an individual who had asked to remain anonymous. Royal Mail had informed the claimants that interview notes would be shared with the third party, however those involved were reassured that their personal details would be removed before doing so.
Keller Lenkner UK believes that Royal Mail is vicariously liable for the actions of its employees in sending the documents to the third party, as the employees were acting within their field of activities and furthering their employer’s purposes.
Kingsley Hayes, head of data breach at Keller Lenkner UK, commented: “Royal Mail failed to sufficiently redact the personal information of several individuals prior to sharing the documentation with a third party. This is a clear breach of data protection regulations. Furthermore, Royal mail took no adequate steps, to ensure the security and confidentiality of the private and confidential information from inappropriate disclosure to the third party.
“The claimants have sought to resolve the issues in this case with Royal Mail, but unfortunately have been unable to do so in a way that adequately addresses the damage caused by this breach. The recourse to the High Court has therefore been necessary.”