Share this content
0
22
1180

How secure are your client files?

A prospect I met for the first time this morning, an NHS employee, gave me a hard time when I left him alone for a few moments in a meeting room that contained client files. Theoretically, the prospect could have opened them and gleaned some personal information. I got quite a dressing down over this to the extent that the prospect claimed I had broken the law. Clearly security procedure within the NHS is of a higher standard than in my little practice, but have I broken the law?

What are your standards when it comes to client files? 

Replies

Please login or register to join the discussion.

avatar
By marks
20th Dec 2012 09:44

Think you have been a bit unlucky in that you have someone who is on the ball with knowing what your duty is to your clients.

I am sure you arent the first accountant to have a client in your office and has had other client files out and had to leave the room for whatever reason.

Not sure what law you would have broken though certainly there is an ethical obligation that you keep your clients records private and confidential.

Regards

Mark

Thanks (0)
20th Dec 2012 10:29

Well if you

broke the law (and I don't know if you did or didn't) so did the HMRC employee whose office I attended with a client recently. They left the room with my client and me alone with a whole load of files. She was gone for quite sometime. Do you think there was a CCTV camera there?

Thanks (0)
avatar
By nutwood
20th Dec 2012 10:36

Probably the Data Protection Act - which applies just as much to physical manifestations of data not just those held electronically.

Thanks (0)
avatar
20th Dec 2012 11:14

You should have asked the pedant (sorry prospect) exactly what law had been broken.

They would probably have replied the usual Data Protection Act, and you should have then asked what specific area of the Act had been broken - at this point he would have mumbled or stuttuered some rubbish.

This is typical of the "I know my rights" brigade when in reality they do not know.

 

Anyway, sorry for the rant - back to the question .........

So, by leaving a file in a room with a client is breaking the law - how ?

Surely if the client had got up, opened the file and read the contents then it is they that have broken the law and not you ?

They would have effectively stolen this information in the same that they could have stolen any other item from the room - what are you supposed to do, remove all items from the room in case they decide to steal something ?

In the same way that if somebody gets caught shoplifting in Asda then the shoplifter gets prosecuted, it is no defence to say that it is Asda's fault because they left the products on the shelf.

 

Ps - did the prospect become a clinet ?

If so, it will be interesting to see how they behave in the future - I look forward to future threads with interest.

 

 

Thanks (1)
avatar
20th Dec 2012 12:09

DPA is breached if any unauthorised person has access to the private data. 

 

Data Protection Policy: Security of Data

The seventh Data Protection Principle (see Data Protection Act Overview) requires that precautions should be taken against the physical loss or damage of personal data, and that access to and disclosure of personal data should be restricted. Members of SOAS who are responsible for processing personal data must ensure that personal data are kept securely, and that personal information is not disclosed orally or in writing, by accident or otherwise, to unauthorised third parties.

Manual dataWhen not in use, files containing personal data should be kept in locked stores or cabinets to which only authorised staff have access.Procedures for booking files in and out of storage should be developed, so that file movements can be tracked.Files should be put away in secure storage at the end of the working day, and should not be left on desks overnight.

http://www.soas.ac.uk/infocomp/dpa/policy/security/

The commisioner can impose fines and even criminal charges (but on for serious and deliberate actions)

 

Thanks (0)
avatar
By Old Greying Accountant
20th Dec 2012 12:15

Agree entirely ...

B Roberts wrote:

So, by leaving a file in a room with a client is breaking the law - how ?

Surely if the client had got up, opened the file and read the contents then it is they that have broken the law and not you ?

They would have effectively stolen this information in the same that they could have stolen any other item from the room - what are you supposed to do, remove all items from the room in case they decide to steal something ?

In the same way that if somebody gets caught shoplifting in Asda then the shoplifter gets prosecuted, it is no defence to say that it is Asda's fault because they left the products on the shelf.

Many similarities with this and FirstTab with his memebr of staff checking his browser history.

It make me so sad they we have to enshrine what shoudl be common manners and social ettiquette in to law.

Wonder where the NHS bod would stand on patient notes left on the end of unattended hospital beds? Oh sorry, I forgot privacy, respect and decency are left outside the hospital door!

 

Thanks (0)
By Glennzy
20th Dec 2012 11:41

Dodged A Bullet maybe.

That seems to be a ridiculous way to go on, these no it all people really get on my nerves.

If thats how he behaves at your first meeting with you its probably a relationship where you will never win. Each fee note rasied will be queried and will require full cost break down do you need pain in the a*** clients like these.

Why didnt he ask to leave your office when you did if he was so concerned that he might see something on your desk, instead of letting you commit the crime then pulling you on it.

These lunchtime lawyers really get on my wires. I have just had a member of staff refuse to sign his staff contract and then presented a list 8 terms and conditions he was unhappy with.

He has been employed 16 hours per week as a driver on £7 per hour.

I wouldnt be lectured by an NHS employee on anything like this as there track record is appualing and have more litigation ongoing against them than some countries GDP.

Rant Over.

Merry Xmas Everyone

 

 

Thanks (0)

Dodged a bullet indeed!

Had someone of said that to me at a meeting then I would have thanked them for the information and thanked them for their time as I gestured them to the door!

Thanks (1)
20th Dec 2012 11:45

Nosiness?

Maybe your potential client is just a nosy sod and thinks everyone else is the same so therefore thinks that his records would be snooped upon by every visitor to your office??????

Thanks (0)
avatar
20th Dec 2012 12:17

Perhaps you should have asked

the potential client how much the NHS pay out in compensation each year for failing in their duty of care to their patients...presumably he is one of the many pen pushers in the infamous middle management that seem to use up the most resources in producing the littlest output....but at least he knows his DPA so I suppose we should be thankful....

Thanks (0)
20th Dec 2012 12:44

I agree with the client

What's so difficult about putting files in the cabinet and locking it or moving them to another room!

Thanks (0)
avatar
20th Dec 2012 12:55

*

Think we've all probably been guilty of this one, but clearly there's been a breach of basic data protection principles (and no, I don't know exactly what the Act says before I'm summarily executed for saying that).

I once had a job interview with a firm of accountants who'd have had a massive problem with DP. They didn't seem to have a reception and stuck me in their (staffless) general office; nor did they seem to have filing cabinets as there were literally piles of files everywhere. I could have had a field day!

Thanks (0)
avatar
20th Dec 2012 13:01

Field day ?

adam.arca wrote:

I could have had a field day!

 

Just out of interest, had a field day doing what - looking at the working notes relating to a random company ?

What could you have done with this data / information ?

What with the DPA and Health & Safety, we are all going mad I tell you !

 

 

Thanks (0)
avatar
20th Dec 2012 13:08

*

B Roberts wrote:

Just out of interest, had a field day doing what - looking at the working notes relating to a random company ?

What could you have done with this data / information ?

What with the DPA and Health & Safety, we are all going mad I tell you !

 

Well, contact names and addresses for starters. Then if I'd been a Revenue officer and the accountants were still dumb enough to leave me alone, all sorts of stuff (this being in the days when Inspectors of Taxes could actually identify a business local to them).

I don't disagree entirely with you, but even before DP, H&S, WTD and the myriad other regulations designed to make our lives difficult, there was still client confidentiality.

Thanks (0)
avatar
20th Dec 2012 13:24

And then what would happen ?

adam.arca wrote:

Well, contact names and addresses for starters.

Then if I'd been a Revenue officer and the accountants were still dumb enough to leave me alone, all sorts of stuff

I don't disagree entirely with you, but even before DP, H&S, WTD and the myriad other regulations designed to make our lives difficult, there was still client confidentiality.

And what would you do with the names and addresses ?

Also, (I guess) that you are not a Revenue Officer, and the OP may have treated a Revenue Officer differently by putting them in a bare room - but does that mean that we should treat everybody else the same ?

I am not entirely disagreeing with you either, it just seems to me that the world is getting a little out of proportion on DPA and H&S etc. these days.

Thanks (0)
avatar
20th Dec 2012 13:20

@adam...

I am guessing you are not the one doing tax returns in the last week of Jan then...with your ever so clean desk policy....

 

 

Thanks (0)
avatar
20th Dec 2012 13:35

I just knew I would get into trouble....

....for daring to suggest that the NHS employee (regardless of the fact he may be a pompous prat and this may be a case of the pot calling the kettle black) might have a point!

I'm not being holier than thou because I've committed exactly the same crime as the OP and presumably for exactly the same reasons (an innocent oversight / pressure of work etc etc). Like I said, we've probably all done it.

And no, my desk is never a tidy office area, especially in Jan. Luckily, I have a room where I can meet people and yet I still fall foul occasionally - perhaps the difference being that I'd own up to "it's a fair cop, guv!"

Thanks (0)
avatar
By nutwood
20th Dec 2012 13:36

I have, in the past, worked at a large firm where it was a rule that all meetings (except with staff) were held in meeting rooms, not in offices, and where it was forbidden to leave files in a meeting room.  I guess big firm fees can pay for the extra space!

Thanks (1)
avatar
20th Dec 2012 13:44

@adam....

in principle of course you are right...but i think this is about context.  That said I wonder if the said NHS superstar had travelled to the office doing 31 mph in a 30 area...'technically' he would have broken the law....(as no doubt many of us do daily)....perhaps we all deserve a dressing down?

Thanks (0)
avatar
20th Dec 2012 13:47

Seperate room

An IFA client pointed this out to me following a visit by his network's compliance Officer. It is a breach of DPA and Institue rules. I meet Clients in a seperate room. If truth be told there probably isnt a clear path from my office door to my desk but I will sort that out after SA rush is over.......although I notice some 2011 papers still lying around

Thanks (0)
avatar
20th Dec 2012 13:53

I am just imagining

that nhs guy quickly scribbling down 30 names and addresses in the few minutes he had ...

 

Compare that to our friends in the public sector (the ones who had a part in the rules) - now imagine one of those departments (lets call them HMRC) sending a disk with several thousands personal names, addresses etc by post to another department....it couldn't happen....could it?!!?

Thanks (0)
avatar
By Old Greying Accountant
20th Dec 2012 13:55

I have ...

... one office, with a small separate kitchen area and a toilet.

It would not be practical to lock everything away whilst making tea/coffee for my client/prospect, or if nature calls during the occassional lengthy meeting, although I have my PC set to lock out after a set period of idleness.

There is a thing called trust, and strange and rare concepts called manners and politeness. There is a big difference between a known person in my office by invitation and a stranger there without my knowledge or consent.

Thanks (2)