Sar Letter

amersall

What year was the PPI and have you tried asking the bank?.
If you send a Sar, give as much info as you can, name(s) old address, the years etc.
Ask for all info they hold on you and not just one specific item, be aware that they may only hold records for a certain time, if there is no info available with the Sar it is not worth pursuing, unless, you have some info.

OceanSound

Lodged a SAR with Halifax to obtain my personal data. I first did this by email, then using twitter direct messaging. Halifax refused to accept these insisting that I write a letter, enclosing a cheque for 10 pounds.

I then sent the request by post, enclosing a cheque. By this time several months had passed.

After acknowledging receipt of my postal letter and cheque for 10 pounds, Halifax still failed to send me the data within 40 working days.

I complained to the ICO, about the various shortcomings. Here is what the ICO said:

The Data Protection Act 1998 (DPA) states that a subject access request must be made in writing, this can be by any means (email, letter, fax ect).

Halifax refusing to accept a subject access request by email would not be compliant with section 7 of the DPA and I have made Halifax aware of this and requested that they update their procedures to ensure compliance in the future.

About using one payment option (e.g. cheque) as a barrier:

The format in which Halifax request the fee would be up to the organisation in line with their procedure, however should this option not be available to an individual the organisation could not use this as a barrier and would need to consider further payment methods.

In this case we decided that it is unlikely that Halifax has complied with the requirements of the DPA.

This is because they failed to respond to your subject access request within the required 40 day time frame.

As explained I have now contacted Halifax with our decision and asked them to take all relevant steps to ensure subject access requests are complied with in the required 40 day time frame in the future.

Nasqueron

Halifax are allowed to ask for £10 payment for the DSAR, so logically you requesting it by email / twitter can be bounced with a request for payment as they did.

They should have responded in 40 days however and the ICO has done their job in reminding them of their responsibilities which is good to see.

[Deleted User]

OceanSound wrote: »

About using one payment option (e.g. cheque) as a barrier:

If you sent a Postal Order, for example, it shouldn't be refused.


After all the kerfuffle, was the SAR of any use?

OceanSound

Halifax are allowed to ask for £10 payment for the DSAR, so logically you requesting it by email / twitter can be bounced with a request for payment as they did.

I don't think you've understood what the ICO has said. Email/twitter request cannot be bounced, just because there is no fee attached. However, the 40 day deadline will begin only when they receive the payment.

When I made the SAR request by email, Halifax specifically told me

...please write to the following address with a covering letter explaining what information you require:

[Address]


Please enclose a cheque for £10.00 payable to Halifax."

Then I made the request via twitter direct message. They said the Same as above.

..and the ICO has done their job in reminding them of their responsibilities which is good to see.

Glad you think so. First the ICO only found that Halifax had only failed to comply with the 40 working day time frame. I had to remind them about the Section 7 breach and not allowing to pay using another method. When I made the SAR using twitter direct messaging, I tweeted Halifax support to ask them how to make payment via bank direct transfer. They refused and said, I have to write to the address they gave and enclose a cheque for 10 pounds.

Nasqueron

OceanSound wrote: »

I don't think you've understood what the ICO has said. Email/twitter request cannot be bounced, just because there is no fee attached. However, the 40 day deadline will begin only when they receive the payment.

I understood exactly what you said based on the information here, you haven't provided all the details such as what the rejection by the Halifax actually said.

You emailed them and said you wanted a DSAR, they said you need to pay for it. You ignored that and tried to get them to do it via Twitter, again you were told you need to pay for it. They are allowed to demand payment so telling you to pay for it was fine, the fact you ignored them telling you that doesn't mean they did wrong.

OceanSound wrote: »

When I made the SAR request by email, Halifax specifically told me

Then I made the request via twitter direct message. They said the Same as above.

How were you planning to pay for it via email or twitter when they want a cheque?

OceanSound wrote: »

Glad you think so. First the ICO only found that Halifax had only failed to comply with the 40 working day time frame. I had to remind them about the Section 7 breach and not allowing to pay using another method. When I made the SAR using twitter direct messaging, I tweeted Halifax support to ask them how to make payment via bank direct transfer. They refused and said, I have to write to the address they gave and enclose a cheque for 10 pounds.

Because that was the only breach. The bank does not have to accept payment in a way they don't want or don't have the facility to setup! You seem to think YOU dictate to them what payment methods they accept, you don't. The ICO correctly ruled that they hadn't done a response in 40 days. The ICO have said before that the organisation is allowed to specify what payment methods they accept and so long as they accept a valid payment method that is fine - the ICO has clarified also that if you want to pay, say by PayPal but they do not have a PayPal account they are not required to accept that payment, nor do they have to setup an account. Similarly, if an organisation can't process card payments or didn't have a facility to process a bank transfer to pay for this, they don't have to accept it! This is in the ICO's own guidelines!

OceanSound

If you sent a Postal Order, for example, it shouldn't be refused.


After all the kerfuffle, was the SAR of any use?

Some of it. I'd say 60%. it all came to 1Kg of paperwork. previous statements, letters they've sent, call log of each time I called them, the lot. some mundane stuff like codes used, even though most of the codes I've never heard of/used. I think they have to include codes/abbreviations by law. A couple of bits missing. e.g. I asked for "a breakdown of all fees/charges and the term or condition you rely upon to claim that fee or charge". Also, "terms and conditions that were in force when my current account was opened and any subsequent amendments to these terms". With terms going paperless, one thing to watch out for (Unless you download them each time they are changed - do they email the terms to you?-- do they ****). does the bank always tell us each time they are changed?, even if they do, how many of us go and download it.

[Deleted User]

OceanSound wrote: »

S. I think they have to include codes/abbreviations by law.

They simply have to send you everything that has been kept on file for your account. What they don't have to do is explain what the Banking codes/abbreviations actually refer to.

OceanSound wrote: »

A couple of bits missing. e.g. I asked for "a breakdown of all fees/charges and the term or condition you rely upon to claim that fee or charge". Also, "terms and conditions that were in force when my current account was opened and any subsequent amendments to these terms".

You've misunderstood what a SAR actually is. There will be no records specifically attached to your account of terms and conditions, as they are not personal information unique to you. The bank don't have to provide breakdowns of charges as part of a SAR either.


What exactly are you trying to achieve? Do bear in mind that Bank charges haven't been recoverable since the Bank's won their court case in 2009.

OceanSound

They simply have to send you everything that has been kept on file for your account. What they don't have to do is explain what the Banking codes/abbreviations actually refer to.

For everything included with the SAR, they DO NEED to explain codes. Here is my source:

ICO document called "Subject access code of practice Dealing with requests from individuals for personal information" (just do an online search - I cannot post links)

check page 57 of 58, which says:

9. Does the information include any complex terms
or codes?
NO Go to step 10
YES You must make sure you explain the codes so that the information can
be understood. Go to step 10

Your welcome.

You've misunderstood what a SAR actually is. There will be no records specifically attached to your account of terms and conditions, as they are not personal information unique to you.

Don't know about "misunderstood". I copied those two parts from a template letter published in a forum similar to this one (don't worry I know you will never allow this to happen in this forum - without someone pointing out the error). If I have time I will correct the thread on that site re. terms and conditions and the breakdown of the charges/fees. It just so happens that I only included these parts in the letter I wrote, not the email and twitter direct message.

You are right in that I don't think we can ask for a further breakdown of charges/fees as part of a SAR, but as part of the revised laws to do with transparency on bank charges, banks have an obligation to provide a breakdown of charges/fees on your statement. So, for example, foreign ATM withdrawals, now appear "itemised". Non-sterling transactions appear with the exchange rate clearly visible on your bank statement. Whereas, before these laws came out, we just saw the amount for the WHOLE transaction.

SAR is for personal data, FOI requests are for data relating to public bodies (COuncils, central government, other public organisations. e.g. Information Commissioner). FOI law dosen't cover banks. Although, I hazard a guess that if I ask my bank for previous Terms and conditions (not as part of a SAR) they would probably provide it out of Courtesy.

Do bear in mind that Bank charges haven't been recoverable since the Bank's won their court case in 2009.

I'm afraid we are not on the same page on this one. I am not talking about overdraft bank charges. re. overdraft bank charge claims, The 2009 ruling doesn't set a blanket restriction on claiming. Those in financial hardship can still claim back and banks arnt' allowed to charge ridiculous fees for going a few pence overdrawn.

Search: "thisismoney Bank charges: How to reclaim unfair fees" (without the quotes)
Also search: "moneysavingexpert Reclaim Bank Charges" (without the quotes)

The last one should be familiar.

[Deleted User]

OceanSound wrote: »

I am not talking about overdraft bank charges. re. overdraft bank charge claims, The 2009 ruling doesn't set a blanket restriction on claiming. Those in financial hardship can still claim back and banks arnt' allowed to charge ridiculous fees for going a few pence overdrawn

Are you in what the bank would deem financial hardship, though?

Even if you are, then it's still a futile exercise to send a SAR asking for all charges applied to the account. Historical charges are not refunded and typically Banks will choose to refund only those applied in the last six months. They may not even choose to refund at all, choosing account management or freezing interest for a period instead.

The 2009 court case really did end the Bank Charges bandwagon since the Banks are no longer obliged to refund ANY charges and have only to be seen to be treating fairly those in financial hardship.

If you send a complaint about bank charges, make sure you don't mention the words "unfair" or "excessive" ( or indeed "ridiculous") and be prepared for a grilling during which your (recent) statements will be examined to ascertain whether you are actually caught in a cycle of charges from which you cannot escape and, if so, whether the cause is genuine hardship or simply consumer spending.


As to the Bank having to explain codes etc as part of a SAR, that ICO guideline
is a new one on me and I don't think Banks comply with it unless pressed by the customer.