data protection

wills7

Reaper, NFG thank you for your posts, i take what you say on board.

tom188

wills7 wrote: »

Do you think it's right that banks can apply for stuff for you and can break the Data Protection Act whenever they like?

no i dont. but i dont see why you should get compensation for something that has not caused you any loss.

complaining about a breach of the dpa is quite understandable, demanding compensation is not.

jonnyb

Wills, a question :
have you actually seen a copy of your credit file, showing the search by your bank, specifically relating to a credit card ?

I ask because some banks will use their own internal data without referring to credit ref agencies.

The data protection act governs what they can do with your data, and you might well find in some small print relating to your existing financial products with them, that they might offer you other products from time to time. Usually when you sign up to financial products, the small print allows them to re-search your file for various reasons.

I agree whole-heartedly with Tom188. They have not been negligent; they have not caused you financial loss. If you want to waste your valuable time trying to get compensation that you are not entitled to, go ahead.

gem4

Halifax sent me a credit card I hadnt asked for.
The covering letter said....'Good News, we are sending you our new mastercard with £2500 credit limit. Your card will arrive shortly and pin by separate post. When it arrives please phone us to activate it.....etc etc...'

When it arrived, I cut it up and disposed of the pin, then phoned them up and told them to cancel it since I never asked for one. No big deal.
I was a bit miffed that they had sent it without asking me if I wanted it but I guess they wouldnt send them out willy-nilly to all and sundry. I didnt lose out anything so no problem really.
Take the money and run

smithja

Hi Wills7

It might be worth going to the CAB with this one, or if you can understand it (I know I have problems with some pieces of legislation), read the Consumer Credit Act 1974 . It outline that it is illegal to issue unsolicted credit cards and there maybe something in there about compensation. I do agree though that you should take the compensation even if you would like more, they are unlikely to offer anything higher. As "newfoundglory" stated it is only in certain circumstances, and what you and I might think would be something compensation should be paid over, like in my case my father has the same name as me and they divulged all my details to him over the phone, is not that serious and I dont think even qualifies for compensation.

As far as the search with the CRA's go, you can have them removed and all of the application "reversed", and data wiped, because it was a breach. One email to the CRA, copy it into Alistair Buchanan (he is the Information Commissioner) his email address is on Google, and they will have it removed very quickly. I have had 4-5 searches removed from my record over the years by challenging the CRA when the search was carried out without authority. They last one was two searches removed by LloydsTSB after I applied for a current account over the phone and they messed it up, so I had to apply again over the phone, and then again in a branch.

I would also try not to take to heart the derogartory comments some people make on this board, I have had a few people attacking me. Your concerns are legitimate and the bank obviously acknowledges this otherwise they would not have offered you any compensation. As I said it is both a breach of the DPA, and of the Consumer Credit Act, I think the latter one actually holds more weight in your case.

Hope this helps.

James

smithja

Giving it more thought, I think the bank can be fined under the Consumer Credit Act but not sure about compensation. As I said I would accept it, as there was no real loss, although data protection is and should be treated very seriously, as what is called "data creep", where things end up where you might not like them to be can happen.

olly300

wills7 wrote: »

Does anyone know what the maximum compenastion claim is for breach of the data protection act?

I get annoyed by companies sending me unsolicited marketing material and ring me up so have used the Data Protection Act (DPA) many times just to get them to leave me alone. (It works if the company is UK based.)

If the issue is over marketing material from a company you have purchased/used services from before around 2004 ( I can't remember the exact date) unless you have specifically opted out they will send you this information and it is legal to do so. It is a breach of the DPA now to assume via websites or other literature that someone specifically opts to receive marketing material unless you ask them to whether they are a customer or not.

Under the DPA you can only claim money for actual loss that you can prove. The amount of compensation for stress, injury to feels etc. is nominal i.e. you will be lucky to get £50 of the offending party and you may have to take them to court to enforce them to pay out. So you are better of trying to enforce the breach under another law which carries more weight if you want compensation.

What you are suppose to do with any breach is write to the Data Registrar of the company stating what the breach was refering to the principles of the DPA, what finiancial losses you have suffered and ask them for compensation for the losses. In addition you need to inform them that you will take the matter further and give them 28 days to reply. After 28 days if they haven't replied or sorted the issue out you need to write to them again giving them another 14 days. The letters must be sent by recorded delivery as lots of companies claim they haven't received them if you don't. After the 14 days you need to report them to the Information Commissioner on a form you can download from the website - http://www.ico.gov.uk/upload/documents/library/data_protection/forms/data_protection_complaints_form.pdf

The Information Commissioner will then investigate the matter and reach a conclusion. In most cases the investigation is just a letter to the Data Registrar of the company asking them about the breach. In the case of banks and large companies they either ignore the letters or have already admitted their breaches to the Information Commissioner so no action is taken.

After the Information Commissioner has reached their conclusion, you should issue the company with a letter before action and then take the company to court with all the evidence as you are more likely to win your case.

To find the Data Registrar of the company the simplest method is to search through the company literature i.e. look on the company website. There is also a list of data registrars of companies on the Information Commissioners website. Some companies do not show up as they are either too small so don't have to be registered, registered under the parent company or not registered in the UK but in another EU country.

wills7

Thank you for all your comments - i've spoken to the bank to resolve the situation, i've recieved a full letter of apology aan recieved adequate compensation for this. I'm happy with the outcome and with the way the bank have dealt with my complaint.