Good evening,
I have received an email from CPM which I believe includes some possible serious leverage in my favour. (I have not yet heard back from BW Legal since I sent the letter to them on 3rd October, and also from my previous portal submitted letter previously on 28th August)
Interestingly it seems CPM have given my data away 'inadvertently' or as the describe it
an ″incident in which personal data relating to you was inadvertently disclosed to an unauthorised individual″.
I do note that they did not inform me of this on any earlier occasion, only after the previous email you advised me to send advising them they have not correctly completed the SAR.
Below is a copy and paste of their email,
..............................................................................................
″Subject: Re: Subject Access Request (SAR)
Dear Mr [xxx],
We acknowledge receipt of your correspondence.
Following a comprehensive review, we confirm that all personal data currently held by Countrywide Parking Management in relation to you and the referenced Parking Charge Notice has been disclosed in full, up to and including today’s date.
For your reference, we have attached the RingGo receipts that were submitted with your original appeal, along with a copy of the letter that was generated on 29/08/25.
Please note that our records are maintained in accordance with our data retention policy and statutory obligations. Certain categories of information are retained for a fixed period and are securely purged once that period has expired. As such, data that has been lawfully deleted in line with our retention schedule would no longer be available for disclosure.
Having reviewed this matter in full, we are satisfied that we have met all of our obligations and commitments under data protection legislation, and therefore, we are unable to provide any further assistance on this matter.
For the avoidance of doubt, you retain the right to raise any concerns with the Information Commissioner’s Office (ICO).
We remain committed to ensuring full compliance with all obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Kind regards,
Administration Team
Countrywide Parking Management Ltd″
..............................................................................................
Please find their data breach letter below which they included as an attachment on their latest email. The email was dated 13th October, the data breach was from 29th August. They never sent the letter to me electronically or to my new address, where other threatening letters from BW Legal have been arriving successfully.
..............................................................................................
″29th August 2025
Issue date: 03/01/2025
I am writing to inform you of an incident in which personal data relating to you was inadvertently disclosed to an unauthorised individual.
On 28th August 2025, as part of a Subject Access Request process, we mistakenly shared your personal data, which included your full name, address, contact number and email address, with another individual. The error was identified on 29th August 2025, and we took immediate steps to request the return and secure deletion of the data.
We want to assure you that:
The error was a genuine administrative mistake and not the result of malicious activity.
We have contacted the unintended recipient, who has confirmed that they have deleted the information and will not retain or use it.
We have reported this breach in line with our obligations under the UK GDPR and Data Protection Act 2018.
We recognise the seriousness of this incident and sincerely apologise for the distress this may cause. We have taken the following steps to prevent this from happening again:
Additional staff training on handling Subject Access Requests.
Implementing extra checks to ensure responses are only sent to the correct individual.
If you have any concerns about this matter, please do not hesitate to contact our Data Protection Officer at [insert contact email/phone number]. You also have the right to raise a complaint with the Information Commissioner’s Office (ICO) should you wish to do so: www.ico.org.uk.
Once again, we apologise for this error and thank you for your understanding.
Yours sincerely,
Benita Excel
Data Protection Officer
Countrywide Parking Management Ltd″
..............................................................................................
P.s. I tried to include the attachments on imager as usual but it seems to have been 'blocked' in the U.K. hence why I copied and pasted it.
Thank you in advance.
Show Posts