Data Protection

tinkerbell28

Whether it is financial or not is not the point. Yes it obviously won't have an impact on ops credit score. If it isn't.

Using someones data to open an account with a 3rd party is however a huge misuse of information.

If you can be 100% sure it is them, the I would complain to ico.

unholyangel

What does their privacy policy state with regards to how they will process your data? In other words, for what purposes are they going to be using it for.

The problem you'll have is proving it. The company the account is with (i assume you mean just a user account and not a credit account?) probably won't give you the IP address and even if you had it, the ISP likely wouldnt give you the details of the account it is connected with.

yorkshire_terrier_owner

This is a little complicated, but......

The DPA specifically covers sensitive data such as DOB, financial info, security questions, etc etc. Your email and mobile number is contact info which is not nearly as sensitive so whilst it was wrong on the part of the rental agency, it may be pushing it a bit with regard to the DPA. If they gave any other information then it's more cut and dried. It sounds to me like it was probably a mistake on their part rather than anything deliberate.

However, if they used your details to open a credit account, that's fraud and not the DPA.

keyser666

battleborn wrote: »

It sounds like to me they have just used your details to request a replacement washing machine from there supplier, I assume they used your email and mobile number, so the suppler could arrange delivery to you.

You seem to assume a lot on here

frugal_mike

Will the act of signing up with a website form a contract? There will almost certainly have been terms and conditions to have been read and accepted. OP's data has been passed to the third party who may now sell it on. Whoever it was that signed up with her details didn't have authority to agree to their privacy terms. I would check and see what you might have been unwittingly opted in to.

More interestingly would be if a purchase had been made. Even if it wasn't Anabelle21's financial details used the website might still have thought they had a contract with her. That could have caused problems.

I imagine no harm was intended though.

shaun_from_Africa

yorkshire_terrier_owner wrote: »

This is a little complicated, but......

The DPA specifically covers sensitive data such as DOB, financial info, security questions, etc etc.

The DPA covers far more then sensitive data.
It also covers "personal data" and the exact definition of this is:

Personal data means data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

So if the OP has their name as part of their e-mail address or their identity can be traced back through their internet provider then they can be identified from this, hence there has been a breech of the act.

yorkshire_terrier_owner

You are correct re personal data, but my point was:

yorkshire_terrier_owner wrote: »

it may be pushing it a bit with regard to the DPA. If they gave any other information then it's more cut and dried.

It is tentative. To re-iterate, yes, the agent should not have set up an 'account', but if the agent thought they were passing on the details for delivery (which I have to say does seem a reasonable explanation) then this would fall under the 2nd principle of the act:

"Data must be used for limited, specifically stated purposes". If it was a genuine mistake and the agent was passing on very basic info for a business related purpose (which would have been passed on in any case, but it was just done in the wrong format) this is why it is tentative.

Yes, the agent should not have done what they did but I don't think it's completely clear that the act has been breached.