Energy Firm passed my data on

Manxman_in_exile

I may have missed this, but how do you "know" that procedures were not in place?


"However, if a customer has been impacted by this failure then they are entitled to recompense. That's how it works." What do you rely on here? The fact of human error doesn't necessarily entitle you to compensation by itself.


"Would you not agree passing on information to a debt collection agency is a serious and important transaction?" I've already agreed with this. Read #42 again.

"If you do agree that, would you then not agree that this data being passed should be thoroughly checked and, as far as possible, ensure that everything is correct?" Depends what you mean by thoroughly on the one hand and as far as possible on the other. Personally, I would substitute "reasonable" for "possible". It would be possible to double-check, triple-check, quadruple-check etc., but would be unreasonable. The law is more concerned with reasonableness rather than what's possible.


"If you agree that, would you then not agree that a failure in this case where a completely innocent individual is subjected to erroneous demands from a debt collection is not acceptable? Where it does happen, said innocent individual is then entitled to recompense? No?" Read #42 again. If you want to push for more than £50 go ahead. It doesn't look as if anyone here is going to agree with you more than that - and most don't even agree with that.


[Sorry - quote function not working properly for me]

Manxman_in_exile

Ah - I see the ICO identified the procedure as inadequate.

bandana22

boo_star wrote: »

About £50 should do it.

You might be correct ...... too low .... or too high. I suspect if a claim is successful it would be more than £50. However, every claim is different, and it is for damages and/or distress.

boo_star wrote: »

I'll point out that the largest post-GDPR fine to date was the BA one which amounted to roughly £366 per person affected. These are people who had their personal details and card details harvested by criminals and whose data is likely to be used in future for identity theft and card fraud. You want £500 for a company erroneously handing over your personal details to a regulated UK-based company who, at worst sent you a few nasty letters and annoyed you with a few phone calls before it got sorted.

But you see, therein lies your lack of understanding ..... you are dismissive of the case as being 'a few nasty letters' and 'a few phone calls'. Why should I be subjected to any 'nasty letters' etc due to the failure of a company? Unfortunately you would not make a suitable judge to sit on this case ....

boo_star wrote: »

You're being completely unrealistic.

Well if I listed all the times I complained to companies and the amounts of compensation they paid you might think different. I have had many payments from £20 to £500+.

Companies don't pay unless they are at fault ....

bandana22

Manxman_in_exile wrote: »

Ah - I see the ICO identified the procedure as inadequate.

Correct. It is not ME saying their procedures failed .... I did say that all along .... but the ICO has now officially confirmed in via the ICO's own investigation.

born_again

waamo wrote: »

I might be in the minority here but I think passing someone's phone number to a debt collector is a fairly important deal. I mean who wants debt collectors ringing them demanding monies you don't owe?

But as soon as the collection agency uttered can we speak to XXX which was not the customers name. Then it is clear it is a simple error.
Had they had the OP's name, address etc then that would be a good case. But a simple telephone number.
Given the way some people change their numbers. It could be a case of that number was that persons previous number and it had never been updated.

Why would the energy company check the details they held? As far as they are aware they are correct as given by the debtor.

Think of it like this. You move and get given the same telephone number as the previous occupant had. They fail to pay the utility bills and inform the co's of the updated details. Is that a breech of GDPR if the debt is passed to a collection agency and they then contact the you owner of the house?

Manxman_in_exile

bandana22 wrote: »

Correct. It is not ME saying their procedures failed .... I did say that all along .... but the ICO has now officially confirmed in via the ICO's own investigation.

But the ICO says the breach was insufficiently serious to warrant a fine(?).


What claim would you be making in those circumstances? Distress?


If you really want to pursue this, try asking here: https://www.consumeractiongroup.co.uk/forum/59-data-protection-and-default-issues/


You'll find they're a little slower to respond than here.

bandana22

Manxman_in_exile wrote: »

However, if a customer has been impacted by this failure then they are entitled to recompense. That's how it works[/I]."[/COLOR] What do you rely on here? The fact of human error doesn't necessarily entitle you to compensation by itself.

Compensation is dependant on the degree of loss and damages. That might be minimal to a substantial amount. That's what judges are for.

Manxman_in_exile wrote: »

Depends what you mean by thoroughly on the one hand and as far as possible on the other. Personally, I would substitute "reasonable" for "possible". It would be possible to double-check, triple-check, quadruple-check etc., but would be unreasonable. The law is more concerned with reasonableness rather than what's possible.

Correct. Can the company demonstrate they took all reasonable precautions. In this case ICO says they did not. Thus it becomes an avoidable error.

Manxman_in_exile wrote: »

. If you want to push for more than £50 go ahead. It doesn't look as if anyone here is going to agree with you more than that - and most don't even agree with that.

Certainly I think a breach of GDPR would be more than £50. That is, one that is officially verified by the ICO and the company being reprimanded by the ICO.

bandana22

Manxman_in_exile wrote: »

But the ICO says the breach was insufficiently serious to warrant a fine(?).

Correct. The ICO do not want to go issuing fines as far as possible. However, if a breach is severe they will. They will also record the findings from this case and if another case is brought against the same company then a fine would be more likely. It's cumulative.

Manxman_in_exile wrote: »

What claim would you be making in those circumstances? Distress?

Correct.

Manxman_in_exile wrote: »

If you really want to pursue this, try asking here:

.consumeractiongroup.co.uk/forum/59-data-protection-and-default-issues/[/URL]

I will look at this also. Thanks.

born_again

bandana22 wrote: »

Compensation is dependant on the degree of loss and damages. That might be minimal to a substantial amount. That's what judges are for.
.

So to cut to the chase.

You received a phone call about a debt that WAS NOT in your name.

So where is the distress or loss in that?

bandana22

born_again wrote: »

But as soon as the collection agency uttered can we speak to XXX which was not the customers name. Then it is clear it is a simple error.
Had they had the OP's name, address etc then that would be a good case. But a simple telephone number.

Not as simple as that. If it ever happens to you, then you will find out. It took a deal of time, phone calls, emails etc etc to find out what happened. All the while, you do not know where your data is or what is going to happen next. Believe me, not a desirable situation.

born_again wrote: »

Why would the energy company check the details they held? As far as they are aware they are correct as given by the debtor.

They have an obligation to ensure that any data passed on to a third party is correct. If they pass on data to a third party that is belonging to someone else they are in breach. Thus they have a responsibility to have procedures to ensure the data they are passing on is correct. Its not a case of saying, well Joe Smith told me his name was Tom Jones so I believed him and passed on Tom Jones name.

The key word here is 'responsibility'.