The Jersey Office of the Information Commissioner (JOIC) has ordered the Office of the Financial Services Ombudsman (CIFO) to improve its data handling.
In a public statement, JOIC issued a formal reprimand and told CIFO to update its process and procedures and improve its compliance.
The order follows an investigation by JOIC in July 2024 prompted by a complaint from an individual about the processing of their information by CIFO after they submitted a Data Subject Access Request (DSAR) to the ombudsman.
JOIC said CIFO had not adhered to its obligations under the Data Protection (Jersey) Law.
“The Authority is sending a clear message that the appropriate organisational and technical measures must be in place when organisations respond to a DSAR request,” the statement said.
“The findings in this case need to be publicised as this organisation is an ombudsman where consumer interest and protecting individuals’ rights is their focus.
“All organisations must make sure they have the appropriate measures in place to respond to individuals’ rights.”
In response to the statement, the CIFO Chair Antony Townsend said: “We deeply regret the confusion and doubt we caused the complainant in our communications with him in response to his data subject access request.
“This has been treated as a matter of grave importance and highest priority. We took immediate steps to put it right. We have appointed a new DPO, put in place new enhanced policies and procedures, undertaken training with all staff, and committed additional resource and funding to managing such requests.”
Townsend added: “We are confident that the steps we took will significantly reduce the risk of future breaches and ensure that our data protection practices meet the highest standards of integrity and transparency.”
