
Ask HN: How to react to a potential privacy breach? - yasserf
I currently have my taxes done by an accounting firm in the UK and as part of their service they electronically forward across physical letters from the HMRC (tax department). Recently I have received an email containing a letter about my taxes being late, along with a similar letter addressed to another company with a few details such as the delay, interest, total amount and their corporate tax UTR.<p>My question is, what is the correct response? I have currently just informed my accounting firm about their mistake.
======
davismwfl
Even good companies make mistakes. If they were receptive to you telling them
and addressed it with you then I'd be likely to give them a pass. Only time
this would differ is if I knew the company had a history of sloppy privacy
controls etc. Most likely this is a human being that was stuffing envelopes
and when they got to your letter they accidentally folded the other companies
letter and sent it to you unintentionally (or it was given to them that way).

My personal view, people often expect perfection until it is their own
mistake, I wish people would give others (including companies) the same
benefit of the doubt they'd like to receive when they make a mistake. Not
saying you aren't but assuming they at least apologized and said they have
addressed it I don't think there is any reason to do anything else. Of course,
if you know this company is sloppy, first why would you use them, but second
then it is more fair to raise this issue more publicly. But unless you want
your every mistake judged the harshest way possible, I say accept people (who
work in companies) will make honest mistakes, address it with them and move on
unless it is chronic or abusive.

~~~
yasserf
Hey thanks for the reply! Yeah I totally agree in terms of no one is perfect
and mistakes are made.

My thought pattern was more around whether I was/am meant to reach out to the
party whose letter I got to inform them so that they can make a decision on
how to respond, as it doesn’t impact me personally at all.

~~~
davismwfl
I think it is a personal choice, I don't think either is right or wrong in
this case. To be fair, my take on this would be telling them could be more
trouble for you then it is beneficial to them, partially depending on the
companies size. If the company reacts poorly to the news it could mean lots of
frustration and/or headaches for you, and in that way I'd be selfish and just
destroy the document and never mention it to minimize my distraction
potential.

