When F learned about his Social Worker’s professional obligations, he wrote to him on 11th January 2013,  pointing out his failure to adhere to his Code of Ethics, issued by the British Association of Social Workers, BASW.  F also mentioned  the worthlessness  of his  incomplete, unverified and unsigned assessment document.

Instead of replying himself, as he should have done, Mr Leak forwarded F’s message to Ms Caroline Maclean, the ‘Head of Assessment’

Ms Maclean replied on 14th January 2013, completely ignoring  to address F’s concerns.

Instead, she meandered  into the Realm of conjecture and stupidity.  In her abjectly arrogant tirade  telling F that RBKC were ‘unable to resist  the request from the LGO, and not providing the requested information would be prejudicial to RBKC’s REPUTATION.

Ms Maclean, In an unbelievable bout of misplaced self-importance and customary RBKC arrogance,  told F that she considered his emails vexatious.

Unfortunately,  due to her myopic intellect, Ms Maclean got her facts wrong.  The LGO’s request  was merely for ‘assessment documents and general information’.  Nowhere did he ask for medical information, let alone F’s HIV related information.  The LGO was, as he should be, unaware of  F’s medical conditions; these were irrelevant to the ‘assessment process’, as addressed on the assessment page.

By stating that RBKC was unable to resist to provide the information, she confirmed that RBKC were aware that F’s HIV status was disclosed to the LGO.  Had they not done so, Ms Maclean thought that would be detrimental  to RBKC’s reputation.

RBKC provided F’s HIV specific information merely because Ms Parker, the ‘Monitoring Officer’ deemed it NECESSARY, whilst ignoring the strict provisions of CONFIDENTIALITY  and the Statutory Restrictions on data handling, addressed on the disclosure of information page.

In respect of  the British Association of Social Workers, F contacted them  on 27th July 2013 and was told that as from 2012, the Health Care Professionals Council, HCPC became the regulators of Social Workers, to whom he addressed his concerns on 19th February 2013.

 

.

 

 

When F discovered that his FACE, and  all of his Care Plan Reviews were unsigned, he queried the documents veracity and reliability.

F asked Mr Leak, the Adult Social Care Social Workers’ Team Leader about the missing signature on the FACE Report.   F was told that it was NOT necessary to have the document signed, as a ‘Social Worker was present.’

Even at this late time,F was NOT aware of the ASAQ’s existence.  He was under the impression, which was carefully made by RBKC that FACE was the ‘assessment document’.  When in fact, it was NOT.

Trying to get an independent confirmation,  F searched for legal justification for signatures.  As he could not find any information online, he asked Professor Chalmers, who told F  In his reply  that there is no legislation relating to  what should be signed.

However, it would always be advisable for any documents to be signed, if they are requested to be so, to protect both parties.

The content of the documents would be legally sound, as long as all parties agree on the content.  It becomes problematic when one of the parties disputes the veracity/credibility  of the content, as is the question on the unsigned  document, it has  become legally unsafe and might be a subject of litigation by either party.

The Disability Law Advisory Agency advised that an unsigned assessment document is unsafe, as the answers could be questioned.  Therefore, such a worthless document should NEVER be used in a decision making process, involving the individual’s well-being, quality of life and independence.

The illustrious RBKC’s ‘assessment panel’ should have rejected the ASAQ, until F signed it.

When the LGO  came to consider  the documents sent to him by RBKC,  he should have realised that the ASAQ was unsigned  commented on this unsafe document. This did not happen. 

When F told the LGO about the unsigned ASAQ, which had surfaced for the first time, and was not known at the time of the original compliant, he LGO rejected  his concern, on the grounds that it was NOT presented with the original complaint.  How absurd, however  quite understandable, as any comments from the LGO  might have created unwelcome situation for RBKC, which is NOT in LGO’s remit.

Had F  not asked for the copies,  which he received on 11th February 2012,  he would remain unaware of the ASAQ’s existence.  

In 2009 the Complaints process was streamlined and the ‘Local Authority Social Services and National Health Service Complaints(England)Regulations 2009, were enacted.

Of interest in F’s saga are the provisions of a number of paragraphs:

Paragraph 14 – Investigation and response

(c) where the complaint relates wholly or in part to the functions of a local authority, details of the complainant’s right to take their complaint to a Local Commissioner under the Local Government Act 1974(a); and

(d) except where the complaint relates only to the functions of a local authority,  details of the complainant’s right to take their complaint to the Health Service Commissioner under the 1993 Act.

Under consideration  here is the conduct of F’s assessment by his local authority for  the continued provision of Adult Social Care.  This assessment must be carried out in line with the Department of Health Guidelines. 

These assessments can only be carried out by local authorities; decision whether to provide Care is based in these assessments.  Therefore, the whole process is exclusively  the function of a local authority.

F should have been referred to the Health Service Commissioner, better known as the Parliamentary and Health Service Ombudsman by RBKC in Ms Daintith’s letter dated 18th May 2011, rather than the Local Commissioner, better known as the Local Government Ombudsman.

 

 

It was only in  September 2016 when F realised that amendment  to his  10th May 2010 ‘Information Sharing Agreement‘ was in fact a ‘NOTICE‘ in line with paragraph 10 of the Data Protection Act.

It can be seen from comments made in the  below statements,  that the ICO and his DPA do NOT provide any remedy to the complainant/victim of any  breaches of the DPA, irrespective  what distress/concern he may have suffered as a consequence.  Simply, the ICO/DPA could NOT care less about the victim.  

The ICO can ONLY  issue ‘retribution’ to the data controller,  the victim has to rely on paragraph 13 of the DPA and proceed through the Courts to received compensation, or even an apology.

The victim of the breach must apply to a Courts to obtain any compensation.  ICO is powerless to provide for this.

F found ICO’s ‘Data Protection Act 1998 – Section 10 – Guidance to staff.’

On 12th September 2016 he contacted the ICO for clarification.

,On 16th September 2016, ICO replied to F

On 27th September 2016, F responded to ICO’s comment.

On 27th September 2016, ICO responded to F’s comments.

 

F thought that he was  perhaps unduly protective of his personal information, particularly his HIV+ status and related information.

However, this was dispelled on 1st September 2015,  by the media and public  frenzy created by ‘accidental’ disclosure by  Soho HIV Clinic of its patients’ email addresses to other patients.

The event culminated in ICO’s Monetary Penalty Notice of £ 180,000, which is of interest.  He  did not need any evidence that the disclosure had actually caused any concern or distress to the individuals.  Individuals’  mere association with the Clinic was enough for him to issue such a sever Penalty.   At the time of the Notice, only 15 individuals  complained to the Clinic and 9 to the ICO, hardly a flood of concern.  

It should be noted that NO actual personal information, let alone any HIV related information,  was disclosed on these emails, which was merely a distribution of a  Newsletter.  It was merely due to the relationship existed between the   individuals and the Clinic, for the ICO to state that this  was ‘likely’ to cause concern and unwarranted distress.

It should also be noted that an email address is in NO way a definite confirmation of individual’s identity. 

Individual’s email address, before the “@” sign should be  64 characters long.  It can be a combination of any characters and numbers, arranged in one or two sequences, separated by a “‘.”  in a more recent address.

The identifier must be an unique string of characters and numbers,  in whatever  order.  It  merely identifies the email INBOX, but NOT the actual owner of it, the account holder.   

As a matter of interest, F  in order to maintain anonymity  in  his search for answers to a very sensitive matter, such as HIV, registered an email address, of an imaginary being, which he used to obtain answers, without disclosing his actual identity.  He could use this, as the identifier was UNIQUE;  it was NOT already in use by somebody else.

On receipt of a “standard” Windows based email message, the recipient would have seen the sender’s email address.   The   “To” field would show his email  address.  Should there be more than one recipient, this line may show 2/3 more addresses. In Soho Clinic’s case, it  may have ended with something like “and 780 more...”   The recipient must click on this number to see ALL of the other recipients of the same message.  It is questionable as to how many of the recipients would actually wish to see this information, which is NOT shown.   Taking into consideration the number of complaints, it would appear that the recipients would not have been that “rattled” to see familiar email addresses, which may or may NOT be of the person they may know.

Had these emails been sent by say, Tesco, nobody would have noticed.  It was only when a whiff of HIV  appeared, such a frenzy resulted.

It is a known fact that the Data Protection Act ONLY provides remedy in respect of the perpetrator  of the offence.  The ICO may issue a warning or a Monetary Penalty Notice, up to  £ 500,000.-

The Act DOES NOT provide for a remedy for the VICTIM of the offence.  The ICO has not got the legal powers and therefore  NO interest whatsoever in this respect.  He is not even  empowered  to compel the perpetrator to apologise, let alone pay any compensation.

In this respect, the VICTIM must avail himself  of the provisions of paragraph 13 of the Data Protection Act and take the matter to a COURT.  

It has been confirmed to us that a number of individuals are now claiming compensation from the Clinic, which is assumed to be considerable, FOR ‘ACCIDENTALLY’ MERELY DISCLOSING  their EMAIL ADDRESSES, which in NO WAY positively identify the subscriber to the Newsletter.

 

F learned that he should perhaps ask his MP for help with his concerns. Sir Michael should have at least considered them and advice as to what he should do next.

I would be naive that Sir Michael was not aware that a serious breach of CONFIDENTIALITY had occurred by RBKC’s disclosure of F’s HIV related information.

His staff should have perhaps undertaken some research, which would have shown that  handling of F’s specific information is governed by not only Common Law of Confidentiality, but also NHS Statutory Restrictions on data handling. 

Therefore,  F should NOT have presented his complaint to the ICO and eventually ask Sir Michael to sign and submit a complaint to the Parliamentary Ombudsman.   The matter should have been handled by the NHS, as  later advised by the ICO, in whose remit it is NOT to deal with this kind of information.

It is a matter of conjecture whether Sir Michael could have contacted RBKC and ask for them to have a new look at F’s concerns.

On 19th October 2012,  as required, F asked Sir Malcolm to sign and submit F’s complaint to the Parliamentary and Health Service Ombudsman, PHSO about the ICO’s handling of F’s request for advice about disclosure of his information.

That’s where Sir Michael’s involvement stopped.