Removal of defaults help!!!

never-in-doubt

Dave3066 wrote: »

Latest response from MINT with just over a week until the 40 day period of the initial SAR timescale left.

"As explained to you in my previous letter, as your account has been closed for some time, we are unable to verify your identity without additional documentation......."

They then go on to state:

"The letter dated 6 May 2010 (which contained the sensitive information that they were happy to send me without verifying my identity) was sent by our Recoveries Department, who are not a Data Protection Department and the information contained in their letter has no bearing on this request"

I thought anyone who held information on people was subject to the requirements of the DPA? Irrespective of which department they are!

Any suggestions on how to proceed?

I think I will report them to the Info Commission now and copy that letter too.

I've also noticed that they've asked me to sign and return my letter "to avoid further delay"

I think I'll be including something about that too :rotfl:

Cheers

Dave

Oh my lord what a bunch of idiots!

Put it this way, if they retain data about you (personal) then they are a DP which means they must adhere to DPA1998 - the department is irrelevant, they are trying their luck.

Send a complaint to the ICO who will enforce they comply with your SAR - I had the same with CallCredit (the CRA) and the ICO told them to respond to my request and warned them.

As your case is similar in nature, ie they are refusing to back down, just complain to the ICO and send a copy of all letters to date.

Dave3066

Letter of complaint, along with copies of all correspondence and proofs of postage and receipt, sent to the ICO today

Sit back and wait to see what happens now.

Dave

Dave3066

Well it's been just short of 3 months since I wrote to the ICO and apart from getting confirmation that they'd received my complaint I've heard nothing else yet. Anyone know how long it takes for these guys to follow up?

Dave

never-in-doubt

Dave3066 wrote: »

Well it's been just short of 3 months since I wrote to the ICO and apart from getting confirmation that they'd received my complaint I've heard nothing else yet. Anyone know how long it takes for these guys to follow up?

Dave

Ring them and ask - can take anything upto a year to be honest.....

Dave3066

I got my response from the ICO today.

They have said in summary:

"In this situation in order to get a response to your SAR, I would suggest you reply to MINT with the ID they requested.

I understand you are concerned that previously information was sent to you by MINT without requesting ID; it appears this information was not sent in response to a SAR. MINT however still needs to ensure compliance with the 7th principle which states:

'Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data'.

Therefore, when deciding what measures to take in relation to the 7th principle, particularly in terms of distribution of data, the data controller must take into account the nature of the data and the harm that might result from unlawful processing or loss of that data.

Banks and Building Societies routinely send out financial information to customers in the form of statements and letter responses in the normal course of business, it is not necessarily a requirement of the 7th principle to request ID before sending out financial information.

I understand your frustration in what appears to be an inconsistent approach by MINT; however, I need to point out that when responding to a SAR a data controller is entitled under the legislation to request ID in the format they choose."

!!!!!!! :mad: