The complainant was in default of a loan repayment. After failing to collect the debt from the complainant on several occasions, the finance company sent its demand letters in unsealed envelopes to the addresses of his neighbours with his name given as the addressee.
Upon investigation by the PCPD, it was found that some of the demand letters had been opened and read by the neighbours.
The Commissioner's views on the matter
By virtue of the requirements of DPP4 all practicable steps should be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access or other use having particular regard to the kind of data and the harm that could result if any of those things should occur. It is the view of the PCPD that personal data related to debt collection are generally sensitive in nature and in using the data for debt recovery, special care should be taken to prevent their accidental disclosure. In sending out demand letters, the data user should consider stamping the envelope with the words "Private & Confidential" and with the name and address of the addressee clearly written on the envelope. Any acts or practices aimed at using the data to embarrass an individual in default of a loan by means of unnecessary disclosure of the data to persons other than that individual is likely to contravene the requirements of DPP4.
The sending of the demand letters in the manner complained of amounted to an insecure way of handling personal data that caused unnecessary embarrassment to the complainant. This was a contravention of the requirements of DPP4. Upon warning, the finance company undertook to cease the practice.