>She was dismissed in 2009 for gross misconduct for failing to give customer information back to the bank, and the two parties have reached a stalemate over the terms of the data’s return.
Does the bank really have no legal recourse other than to politely ask for the data back? The ICO are no longer involved because they don’t think theres any danger to individuals.
She _says_ she doesn’t want money…
>The bank said the woman had demanded money in exchange for the documents, an allegation she strongly denies
She instead says that shes offered the documents back for an apology from the bank.
I really don’t understand this story. Why did Natwest refuse the documents back as it’s been reported to be the case?
Obviously there must be a bit more to this story than the article tells us.
But doesn’t the data protection act apply here? As the controller of the data wouldn’t she be obliged to keep the data securely, ensure it is kept up to date, provide people with copies of the data she holds when they request it, and delete the data when there is no longer any reason to keep it?
I am quite surprised that there isn’t some responsibility to the data subjects that overrides whatever dispute is going on between this person and her ex-employer.
3 comments
This has been going on for _over a decade:_
>She was dismissed in 2009 for gross misconduct for failing to give customer information back to the bank, and the two parties have reached a stalemate over the terms of the data’s return.
Does the bank really have no legal recourse other than to politely ask for the data back? The ICO are no longer involved because they don’t think theres any danger to individuals.
She _says_ she doesn’t want money…
>The bank said the woman had demanded money in exchange for the documents, an allegation she strongly denies
She instead says that shes offered the documents back for an apology from the bank.
I really don’t understand this story. Why did Natwest refuse the documents back as it’s been reported to be the case?
Obviously there must be a bit more to this story than the article tells us.
But doesn’t the data protection act apply here? As the controller of the data wouldn’t she be obliged to keep the data securely, ensure it is kept up to date, provide people with copies of the data she holds when they request it, and delete the data when there is no longer any reason to keep it?
I am quite surprised that there isn’t some responsibility to the data subjects that overrides whatever dispute is going on between this person and her ex-employer.