Breach of Data Protection Act

vax2002

Post details of the debt, you may be paying a statute barred account to a debt shark.
post up some details and dates

vax2002

Plus as you are now aware of the compromise, you should inform the banks fraud team, other wise they wont cover you, ask them to cancel the card and then set up a standing order, once you have "explored" the debt with the experts on here, you might not have to pay anything.

complyordye

The cards been changed. There was a small balance left on the debt, but the original creditor is not pursuing it as I am threatening them with legal action for their lack of due diligence and due care when appointing a debt collection agency to act on their behalf.

LannieDuck

It's a slight tangent, but in answer to the questions about health visitors and data protection earlier in the thread - there are extensive guidelines about how patient data has to be handled, enshrined in the 'Caldicott guidelines'.

Electronic data should be encrypted, or at the very least password protected. If it's on paper, it should be locked away securely when not in use. If the guidelines aren't followed (and something goes wrong), the person responsible will probably lose their job, and their department could well be faced with a complaint under the Data Protection Act.

unholyangel

complyordye wrote: »

The cards been changed. There was a small balance left on the debt, but the original creditor is not pursuing it as I am threatening them with legal action for their lack of due diligence and due care when appointing a debt collection agency to act on their behalf.

I'd get that in writing if i were you.

I've had a similar situation where they agreed to write off the remaining balance in exchange for not filing a complaint about their breach. Few years later, I got a letter from a debt recovery company chasing that same remaining balance.

Having it in writing will mean if they do chase it down the line, you can dispute it if not already statute barred.

terra_ferma

scottishperson2 wrote: »

I think we have to disagree there. The data was given to an authorised agent who brought it to the clients house. Happens all the time, doctors and midwifes do it on home visits etc etc

Half you medical records are probably on a laptop or memory stick kicking about in a car as we speak. Leaving the laptop in a cafe as you drive off is where the problem occurs, not that the data is on the laptop.

A clear example of why advice on forums like this should be take with a pinch of salt, you get people who don't have a clue
There was not need for them to carry unsecured financial information with them.

terra_ferma

George_Michael wrote: »

Quite possibly, but if they ended up in the wrong hands, all I would have to worry about is some scammer finding out about my ingrown toenail and last years kidney stone.

I'll have to disagree here, medical records can be highly sensitive, in some cases. People may not want others to know of mental illnesses like depression, or HIV, abortions, miscarriages, injuries from rape or domestic violence, suicide attempts.

arcon5

The difference is it could be justified to carry medical records when visiting a patient in the home - I can't think of a single reason they would need to carry the card details so this is a risk that could absolutely be eliminated.

terra_ferma

arcon5 wrote: »

The difference is it could be justified to carry medical records when visiting a patient in the home - I can't think of a single reason they would need to carry the card details so this is a risk that could absolutely be eliminated.

I'm sure health professional have appropriate guidelines to follow, and I doubt they would need to carry someone's whole health files with them when doing home visits. They would take their notes and add to the file when they get back to their office.

I've found out that health information is classed as sensitive information and needs to be treated with additional care.
I'm surprised that financial information with high risk of fraud is not classed as sensitive.

Sensitive personal data means personal data consisting of information as to -
(a) the racial or ethnic origin of the data subject,
(b) his political opinions,
(c ) his religious beliefs or other beliefs of a similar nature,
(d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),
(e) his physical or mental health or condition,
(f) his sexual life,
(g) the commission or alleged commission by him of any offence, or
(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.

Here there is a case study of a GP having medical unencrypted medical records stolen from an unlocked car.
http://www.gponline.com/Medeconomics/article/997497/Medical-records---Data-protection-law-strengthened/

(not directly relevant to OP case, but adding to the discussion)

arcon5

terra_ferma wrote: »

I'm sure health professional have appropriate guidelines to follow, and I doubt they would need to carry someone's whole health files with them when doing home visits. They would take their notes and add to the file when they get back to their office.

I've found out that health information is classed as sensitive information and needs to be treated with additional care.
I'm surprised that financial information with high risk of fraud is not classed as sensitive.

I'm not talking about whole files of medical files, but a medical professional could justify the need to carry medical records to a clients home (obviously relevant documents).

There are rules surrounding this issue but i'm not sure how far they extend. I know you have to be PCI Compliant but i'm not sure if this is just to store the card details electronically or not.

I'm sure there will be some visa/mastercard/etc rule or something that prohibits it. I would be very surprised if there wasn't.

Might research it at some point if I get time