A controversial outsourcing company is facing questions over its data security procedures after it admitted sending a recording of a disabled woman being assessed for a disability benefit to another claimant.
Capita, which has faced repeated criticism over the last decade over its handling of its personal independence payment (PIP) assessment contracts, was awarded new government assessment contracts worth £565 million last September.
But now its suitability for that work, which will see it carry out hundreds of thousands of assessments a year for a range of disability benefits across the Midlands, Wales and Northern Ireland, has again been called into question.
Capita has admitted mistakenly sending the recording, but it claims – wrongly – that the blunder did not constitute a data breach because the claimant was not identified by name.
Robert Dickson, a former builder from Bromsgrove, has tried three times – unsuccessfully – to apply for PIP because of the extra costs he faces due to COPD, mental ill-health, chronic bronchitis, ADHD and fibromyalgia.
As part of his latest attempt to secure the support he needs, he was assessed by telephone last month by a Capita assessor, but when Dickson saw his assessment report, he realised the nurse he had spoken to had not accurately reported what he had told her.
But he had also asked for the assessment to be recorded, and so he requested a copy of the recording.
Just days later, Capita sent him a link to the recording – and a text message with the password to access it – but when he began to listen to his assessment, he realised he had been sent the recording of another claimant, a disabled woman, being assessed.
Eventually, after a series of phone calls, Capita asked him to delete the recording, which he has done.
But he said Capita has refused to alert the disabled woman to its error.
Although Capita admitted that he had asked for the assessment to be recorded, it told him it had been unable to find the recording.
Now he fears his own assessment might have been mistakenly shared with another claimant.
Dickson said: “I was blown away. I was thinking, ‘Why have they sent me this?’ And then I started thinking, ‘What’s happened to my recording?’ because I am quite a private person.
“I think these people at Capita should be held to account. They ruin people’s lives with their actions all the time.”
Only last year, the information commissioner reported how “a large number” of organisations had reported breaches of personal data by Capita, following the company being targeted in a cyber-attack, while reports also emerged that it had been storing people’s information in a publicly-available online location.
Capita told Disability News Service (DNS) that the incident with the recording was caused by human error, and that because there was no information on the recording that could identify the disabled woman who was being assessed, it was not a data breach.
That is not correct, as the Information Commissioner’s Office told DNS that personal data can be “information about who you are, where you live, what you do and more”.
Capita said it was now introducing extra checks before audio files are shared with claimants, and it claimed that Dickson’s own assessment had not been recorded.
A Capita spokesperson said: “While no personal data was shared incorrectly, this was a regrettable error and we apologise to those impacted.
“This was an isolated incident, and we are taking steps to make sure it does not happen again.”
Again, this statement appears to be incorrect, as the woman’s personal data was shared incorrectly, according to ICO’s definition.
Despite the information on ICO’s website, Capita continues to insist that it did not breach the woman’s personal data.
Capita has also been unable to explain how it can be sure this was an isolated incident.
DWP refused to say if Capita had informed it of the data breach, and whether it would investigate whether this had happened to other claimants.
It also refused to say if it believed that claimants could trust Capita with their data, including recordings of their assessments; what action it would take following the data breach; and whether it still maintained confidence in Capita, after awarding it two major assessment contracts.
A note from the editor:
Please consider making a voluntary financial contribution to support the work of DNS and allow it to continue producing independent, carefully-researched news stories that focus on the lives and rights of disabled people and their user-led organisations.
Please do not contribute if you cannot afford to do so, and please note that DNS is not a charity. It is run and owned by disabled journalist John Pring and has been from its launch in April 2009.
Thank you for anything you can do to support the work of DNS…