Hi I don't know where this question sits but basically, here is the situation. I have a friend who's account details have been breached by someone within the bank. There was a specific transaction that was made on her account which was leaked to her family and this has caused a lot of personal issues in her family. Apparently her brother claims that he knows someone who works within the bank and he obtained the information through that bank employee. She is adamant that no one but her and the bank would have known of the transaction and she always shreds her bank statements and disposes of them properly. She went to the bank today to complain about this but the manager wasn't helpful and said that she needs to put it in writing along with the name of the employee who has leaked the information but she doesn't know who it was. This is clearly a breach of data protection but she does not know how to pursue this further. Is there anything she can do to get the bank to thoroughly investigate this and ensure that such leaks do not occur again? Would the police get involved if it was reported or does it not class as a criminal offense? Thanks for your help Rob

I have to write it like this to keep it brief but here is my question a person refuses to go through data with a company who is harassing them with phonecalls the calls continue so the person starts to record them repeated DSAR requests of the companys recordings of the calls are refused as the company say they may be considered sensitive data some time later, the issue of harassment gos to court transcripts are provided to the court and the company the company refuses to accept that they have harassed the person the person wins the court case the company appeals the courts decision the company then say they want the phone to take a copy of the recordings and will even pay for it to be done the person considers the recordings to be their own personal data but is prepared to let the company have a group of the recordings that would be considered malicious calls and criminal behaviour and which the company have denied making this is a way of saving the time and costs that would be incurred in extracting all of the calls the call can be confirmed as made by the company as they match the call logs provided if the transcripts have been entered into the court, can the company demand that all of the recordings are entered into the court as well? or can the person withold the recordings as they believe that the recordings are their own personal sensitive data?

Can I request personal Data from my Mortgage/Loan lender?It is a joint account so do I request as joint information or individual.Also do companies charge for this?

A few weeks ago someone on this forum noticed, when logging in to a DWP website, that they were receiving HTTP redirects to an IP address outside the UK. Unfortunately I can't remember who it was or which thread - sorry folks. Anyhow, the worry was that data was being stored on server farms in the US. Obviously this would be a concern since the nation where the data is physically located would have jurisdiction. I thought the concern to be unfounded - I was fairly sure it would violate the DPA - but hey, Freedom of Information requests don't cost anything and take five minutes to send. So I asked the DWP about it. The short version of their response is that no, data is not stored on servers outside the UK.

http://www.lancashiretelegraph.co.uk/news/hyndburn/10110170.Firm_refuses_to_refund_tickets_to_Hyndburn_residents/

Hi Do any of you know how to get entries removed from 192.com and similar sites. I've noticed that a few of my familys details are wrong (including my partner who is listed as 20 when she's really 36!) I'd rather that the details were not on there at all as I find it really intrusive - it's my data to give out to those I choose and I certainly haven't chosen to allow 192! Many thanks

hello group , i have just uncovered a fraudulent additional loan of £50,000, taken out august 2007 on our joint mortgage of £95.000 taken out july 2007 5years ago , all monies have now been paid of.. with the £50 k loan paid of within six months.. i have spoke to the building society and written in,, i have received four documents of a joint application. .and the signatures are all not mine they all had discrepancies my mobile number last digit changed , all other numbers were of the other owner and so on ,i knew nothing about it till now. .they have told me it was all done through the post and possible branch visit in manchester. .the 50k was wired to his saving account with them on the 20 th august , i now beleive it was to pay off his shortfall on a mortgage he had with them when he sold his apartment at the end of august 2007, ..a good friend of his worked at that branch and was dismissed in 2009. i was completly shocked by the whole thing as i had paid my half £125000 cash off the purchase of the house .and the other owner £30,000 ,with then a joint mortgage of £95.000 ..this meaning that the additional loan of £50 k went into my equity. .I then thought why didnt notice it on experian on my credit file as i check every year, the £95k was on there, i checked with equifax the £95k was on there to .I telephoned both and enquired, ,no they had received any details of the £50 k . i phoned the ybs, ,they got back two hours later ,its on call credit check.. . i asked hows one supposed to keep on eye on your credit files when this information is missing of two of the main agencies. .it all look like a concealment for me not to find out about. ..i ahve yet to go the police with my findings.. .anyone give me anymore advice. i ll be most obliged

The Government are opening up Data for Transparency You can look through what Data is available and download the csv files. Here's the link for the Dwp Data available. http://data.gov.uk/data/search?q=dwp

Hi all, we have a bit of a problem, we have sent a letter to Wonga three weeks ago trying to pay off our £700 loan over three months due to financial difficulties. After three weeks i get a phone call from my son telling me that they have actually sent a response to our letter to his email. Our account with Wonga has nothing to do with our son at all. My husband and my son have the same first name, but my son also has two middle names which he made known to Wonga when he first took out a loan with them. So just because of the same first name, they automatically assumed that it was my son who sent them the letter. We have been in contact with Wonga, making clear to them that they have breached the Data Protection Act, which they admitted to. They made us the offer of writing off all interest and £100 off the original debt. We are not satisfied with that and want more. I need to write a letter to them to let them know that the account is now in dispute due to them breaching the DPA. Can anybody give me any advise on how to formulate this letter to them? Thanks in Advace Dani

Very disturbing http://www.dailymail.co.uk/money/cardsloans/article-2231040/Payday-borrowers-face-Christmas-credit-shock.html

I sent an Account in Dispute letter (12+2+30) to MKDP in February and heard nothing since then until today. It may be a small detail but they have transposed the last 2 digits of the reference number they have used. They write: “At the current time we must apologise as we are still unable to resolve your query. We are however currently liasing with their client [the bank], and as stated previously MKDP LLP take great care to ensure that such matters are dealt with in a professional manner and apologise for the delay in resolving your query.” I was under the impression that a DCA could not continue to hold data for this length of time, any advice? are they acting unlawfully and is this harassment?

http://www.dailymail.co.uk/news/article-2222220/Drug-firms-risking-lives-hiding-bad-trials-effects-medicines.html

Hi everyone! I have a question regarding payslips and a third party wanting to see them. We have been employed on a contract in UK where we are to meet a minimum pay structure. We have issued a company statement to the effect that we meet or exceed these rates of pay, but we have been asked to provide evidence by supplying one of our operatives payslips to prove it. Is this legal? Surely this would contravene all laws under the Data Protection Act. Please advise as we are not sure how to proceed. Many thanks.

I had a visit from a bailiff a few weeks ago who had been sent by Phoenix Commercial Collection in relation to unpaid council tax. First of all he added unfair charges to the bill even no there had been NO levy on goods etc. To cut it short, I contacted my council who accepted my payment plan direct (after the bailiff and Phoenix refussed it). My problem is this.... I checked the register of certified bailiffs and the bailiff that visited my property is not on it. I contacted the Ministry of Justice directly who have now confirmed in the writing that there are only 2 people with that name on the register. I live in Preston and 1 is registered in Reading, the other in Manchester but BOTH of them EXPIRED a few years ago. Can anybody help me as I beleive that Phoenix have broken data protection by passing my details to a third party (i.e the bailiff), as the bailiff is not registerd. They must also be breaking some other kind of law by using an un-certified bailiff. PLEASE HELP i do not mind private messages, or replies on here.. but really need advice as what they have done is WRONG.

hi everyone, I'm new here and would really appreciate some advice about data protection. I am married, and the house and nortgage is in my husband's name only because we married when he already had his house. We are consolidating to help children at university and applied thriough a broker for a secured loan. We were told that as I have a financial interest in the property it would have to be a joint appluication. My husband asked for £10,000. The broker obviously accessed his and my credit files and proceeded to go through every credit agreement that not only he had, but everything that showed up on my credit file as well even though that credit is in my name only. My question is, were they allowed to go through my credit hstory and agreements with him? They obviously did it because they tried to persuade him to take out a larger secured loan. I feel that this specific information should not have been divulged to him and I feel quite unhappy about it. Whether ot n ot he was aware of it or not is not the issue but I'm astonished that a broker can just go through everything with my husband without my persission. Is this actually allowed? Would really appreciate your knowledge. thank you

Hi, would anyone have an idea whether this is a breach of the Data Protection Act? I sent a CCA request to a DCA (MKDP) acting on behalf of Nationwide, they have sent me a copy of an application form, but also some letters that were sent from a different DCA about my old Halifax account in 2001! They have also supplied a copy of an old Experian report which has credit information (account balances, limits, etc) about 5 members of my family, they even have information about my grandad who died in 1995. Does anyone know why they would send all this and where would they have got my halifax info from?!!

Hi all - I am currently putting together a claim and in the course of doing so issued a DPA notice in accord with the latest ICO advisory notices. It appears that many of us are being misled by the institutions as to how we must make DPA applications. I hope the following "Information Commissioners Office" advisory notes will be helpful to many CAG members currently dealing with issues . Just two examples:- 1 - It is NOT legally necessary for an applicant to write to a specifiied Office address. You can write to any office of the organization concerned. 2 - It is not a legal requirement to fill in any organization's 'Forms' - and there is lots more so........ Check out these comprehensive set of notes from the ICO - they make for great reading - they are uncomplicated, easy to digest, can save you from bureaucratic nonsense, a must read - I recently put £10 into a current account, then sent a secure e-mail message and gave authority for it to be withdrawn to cover their DPA cost and requested copy of all personal data since A/c opening, Data to also include ALL digital tape recordings etc etc........... got results in 18 days! The ICO government site address is :- http://www.ico.gov.uk/for_organisations/data_protection/the_guide/principle_6/access_to_personal_data.aspx

Hi, I am new to this site and have joined as I need some advice on the following please. I recently wrote to RBS to submit a claim for PPI, they returned all my paperwork with a letter stating that they could not trace the account. They requested I send a £10 cheque payable to the Data Protection team and to resubmit my paperwork. When you read on you will sense the irony of this. Inadvertently included with copies of my original paperwork there were two pages of what appears to be a screen shot from their data base. These pages displayed names and addresses and credit card numbers of not ony myself but several other people (23 credit card numbers in total), all who reside in close proximity to myself. As I am an honest individual as soon as I realised their error I called them and raised this as a complaint, I did not however give them all the names and numbers as requested. It has taken them nearly two weeks to respond, which quite frankly I think is outrageous. In the latest letter (which is unsigned) they apologise for the error and claim that they are taking this seriously and have requsted that I return to them the information that I had recieved. They also claim that they have contacted the customers that are named on the list, but I do not believe this as I did not divulge who they were. I am obviously reluctant to let them get away with this and feel that this should be brought to someones attention but just not sure who? I am certainly not inclined to send the the £10 to the Data Protection team as requested, as thepaperwork that they sent in error pooves that they already had this information. Someone suggested that reporting this to the press may be a good idea, but I am not sure about this, I just want to make sure that they do not get away with this and treat this seriousy, which so far I do not believe that they have. Any suggestions/comments will be appreciated Thanks Gill&Ian

This isn't about going to west africa and being hit for updating facebook automatically with roaming and that. I understand hardware and computers and no way will I enable my Android smartphone to play merrily with PAYG data while I sleep, so I don't want that service. It can update applications and stuff when it is at home with the wireless broadband, as far as I'm concerned. Of course, I have BT broadband that includes hotspots and so on and the local pub, etc, have free wireless because various companies do that, e.g. little chef, etc. So I'm mostly sorted and if not I can wait 'til I am to check the BBC news website. All was well until maybe a year ago. I was offered a deal where I could get free data access just by topping up my call credit, £15 a month got me a good bandwidth that I wouldn't be exceeding that month so I did that for a bit but quickly had large call credit that would take ages to use so I packed that in and went back to how I was. But, it turns out that I was paying for my "free" data from some point. I dunno because they don't give you a monthly bill on PAYG, it might have been from day one, it might have been once I stopped topping up, either way all the money I put into the account was gone recently and that's how I found out they are charging me daily rates for having data on my phone, which is something I certainly never signed a contract for to and wouldn't want to have anyway because I don't need it. Talking to Virgin through the phone was a waste of time, the drones just try to sell me something and when I escalated to a manager (or, another drone, I suppose) I got told to send email into their customer services, which gets a reply along the lines of "we hope to reply within five working days" but nothing else. I repeated this at least once and nothing. I've now switched to vodafone (yes, I see most of the posts in here are about them being a problem!) and after two tries at the PAC code, which varies each time, I'm assuming I will get rid of Virgin fairly soon. But it annoys me intensely, I know exactly what I wouldn't and didn't agree to and ended up with precisely that and it cost me, I suppose, £50 to £100. I've sent in the "meet the escalation criteria" complaint to Virgin and I'll do the arbitration thing but this isn't about money, it's about punishing them for bad behaviour. I don't mind losing money during the process but how much does a small claims court action actually cost? Assuming arbitration is a flop, naturally. Thanks in advance. Dang I hope vodafone aren't going to be worse. I was with Virgin for about a decade, maybe more, until the wheels fell off.

Hi everyone. Right, I'm going to try not to rant, and try to talk sensibly, but if I do appear ranty its just because I'm absolutely livid. I've just been on the phone to Vodafone for an hour and a half, after already speaking to them for over half an hour this morning. I received 2x£25 returned direct debit charges from Santander this morning. I questioned them about it and said that even though its for the same direct debit they won't return one of the charges as the direct debit was returned twice. I called Vodafone about it to find out more info and fine out that my data bundle had been removed from my account on 23rd May. I don't know why, I didn;t request its removal, and wouldn't as I have a smart phone, and use a lot of internet. Whilst on the phone the second time I looked at my online Voda account at the same time and also questioned why in June my line rental was £15 more than every other month for the basic service charge, not additional usage charges. So the reason for the direct debit not being met, was that I had £50 in the bank, enough to cover my phone bill of £30, but was charged over £60. It turns out that when I took my new contract out Vodafone took it upon themselves to change the billing cycle of my existing line without telling me. They also removed the data for no reason on my existing one on 23rd May. They also charged me £14 for a line I never had. I have spent 2 hours in total today trying to sort things out, and the best they could do was tell me that someone will call me in the next 24 hours, probably tomorrow now. I asked if no-one could call me tonight as I am working tomorrow. They said no, just 24 hours. I said OK, will they leave a voicemail if I can't answer, and the ladies response after a 15 second silence was just to make sure I am available when they call. I am now down £50 bank charges, have been overcharged £65 up to now for the Data, and £15 for an additional line. My main questions are, a) will Voda refund my bank charges, either on cash or by way of a credit, and b) Since they changed my services without telling me, is this a significant enough change in my terms and conditions for me to be able to cancel my contract free of charge? I am absolutely fuming. And even more incensed that the people I spoke to today at customer services seem to not listen, and repeat the same nonsensical things over and over again. Sorry, rant over. Any help greatly appreciated. Thanks

I took DWP to Tribunal to appeal a Carer's Allowance overpayment. To find out what information they held on me and my husband we put in Subject Access Requests. We received back 2 sets of documents (thick in my husband's case and very thin in mine). I assumed that they had the right to withhold quite a lot of information because my case was still active. My Tribunal was heard (and I'm pleased to say I won). Less than a week after the Tribunal the Data Protection Team in Glasgow wrote to both of us saying in essence, "whoops we made a mistake and didn't send all the information we should have done. Do you still want it?" We didn't - our reason for asking for it had past and we felt like having a rest from DWP and all their machinations. Now I am going through the DWP complaints procedure and this failure to disclose is one of the complaints I am making. Out of the blue we've just received some bizarre letters from the Data Protection Team in Cardiff thanking us for our original SARs (now over a year ago) and saying they'll issue the records ASAP. I think we should probably let them do this but take this to the Information Commissioner's Office (ICO) once they've sent everything to check that this time they really have sent everything they should have. Is there anything else we should ask them for like compensation or something? and how do you judge what compensation they should make? Should we think about taking them to Court? (we won't get Legal Aid and can't afford a solicitor so we'd have to represent ourselves but it seems fairly straightforward - but are there any bear-traps we can't see as amateurs?) All advice very welcome on this.

I have just replied to a letter from ebay regarding an item that I purchased (cost less than £4 including delivery) but the fact that I had updated my data after moving last year and they still had my old address in their system, which they issued the trader with as the postal address prompted me to take this issue further. Requesting advice comments regarding when to put the brakes on as know I can get carried away, and When I do get my data from them, what are the options regarding taking this further to recover all cost Below is The reply I got Followed by my reply back to Ebay .. As they are winding me up now all I originally wanted was an apology... But they seem to want to play the blame Game Hello xxxxx Thank you for writing back to eBay with regard to old address provided to the seller. I apologise for the delay in replying to your email, and any inconvenience this may have caused. I have reviewed your account and found below registration address & postage address: From March 08, 2010 - July 19, 2012: xxxxxx From July 19, 2012 - present: xxxxxx As the item purchased on 8th July, 2012 system will not display your new address to the seller. If the item has not been accepted at your old address, it should be returned to the seller. You need to contact the seller to see if they have received it back. I hope this answered your question. Kind Regards, .................................................... Dear xxxx That information is from the page hidden behind the page with the 3 parts that are updated when entering the change of address page... Even in your initial contact reply sent out when the issue was first raised shows the area the data was taken from with your std email template would not be changed Subject: How to change your account information - SR# xxxxxxxxxx - If your primary postage address is different from your registration address, update it as soon as possible. Here's how: 1. From the "Account" tab in My eBay, click the "Addresses" link. 2. Click the "Change" link to the right of the information you want to change. You may need to sign in again. 3. On the "Registration Information" page, update your information. 4. Click the "Save Changes" button. 5. Review your changes. If you need to make any corrections, click the back arrow on your browser to return to the previous page. 6. Click the "Submit" button. --- Note --- -- If you have a PayPal account, make sure your account details are up to date. -- Make sure your postal address is correct. -- If you have multiple eBay accounts, be sure to change your registration information on each account. Follow the above and you end up with the following:- Registration address: - Updated Last Year 2011 xxxxxxxx Primary postage address: - Updated Last Year 2011 Your main postage address for purchases xxxxxxx Primary return address: - Updated Last Year 2011 Your main return addresses where buyers can return their items to xxxxxxx All changed 2011 ... using the CHANGE link on the right of each of the addresses The Address that you pointing out was found after finding out that the Item was posted to the Old address under the link view all postal addresses... The 8 Principles of the Data Protection Act 1998 Includes Accurate and kept up to date - data subjects have the right to have inaccurate personal data corrected or destroyed if the personal information is inaccurate to any matter of fact. Only create and retain personal data where absolutely necessary. Securely dispose of or delete any personal data which is out of date, irrelevant or no longer required. Hold regular reviews of files and discard unnecessary or obsolete data. Keep all personal data up to date and accurate. Note any changes of address and other amendments. If there is any doubt about the accuracy of personal data then it should not be used. As the information was updated in the 3 front end visible areas in the account address area of your web site this makes Ebay responsible "If there is any doubt about the accuracy of personal data then it should not be used." "Hold regular reviews of files and discard unnecessary or obsolete data." Hence why I now require ALL information relating to me including all Data and Date time stamps as I am certain that you have breached the Data protection regulations. I have been to the old Address and the people living there advised they have not received any Items in our name - we also paid for Mail redirect for a year after moved (which expired beginning of June). The Item was for under £4.00 and your customer service policy appears to be Put up a wall, the customer requires educating... send them a guide which basically mentions part of the issue...they will go away. If they continue look reasons they you can blame them or the trader. Without even checking the full history. I am about to spend a further £10 for the ALL the Data held on your systems (nearly 3 times more than the Item that has caused this issue to be raised) and probably less than the cost of Ebay investigating and replying so far. This will now need to go to your legal department for investigation as I am taking this issue further with the governing body the ICO as the Data policy EBAY has in place does not appear to be compliant with the data protection act 1998, when it comes to regular reviews of files and discard unnecessary or obsolete data For the future the word sorry would have gone a long way!! and cost far less Regards

I recently moved cities and duly completed and paid for redirection of my mail. I assumed that this would all be straightforward however.... a few days ago I received a catalogue in the mail from a company that I have not used for about 5 years (sent to my previous address). This company did not have my previous address, rather one from 5 years ago. Then today I received a letter offering me about £400 in vouchers to spend in DFS addressed to me at my new address. (I have never had any dealings with DFS) On the bottom of their letter they clearly state that they obtained my information from the Royal Mail Redirections Database. Now if you look at the RM Redirections forms, Section 8 - "Use of your Data" has 3 opt-out boxes as follows: 1. Royal Mail Group and other selected organisations would like to send you, by post, offers and information concerning products and services relevant to home movers. If you do not wish to receive these, please mark ''X'' in the box 2. I wish also to recieve such communications in email format. (Please mark ''X'' in the box.) and 3. At no extra cost, we can provide your new contact details (of each type) to organisations that already have your equivalent old contact details so they can update their records. (Such organisations include public bodies.) This may help reduce the risk of ID theft and environmental impact. If you do not want this, please mark ''X'' in the box. I had an extremely heated conversation with a young woman who seemed unable to grasp the concept that my personal information was just that "Personal" and that they had no right whatsoever to disseminate it to other organisations (apart from those legally entitled to it such as DSS, DVLA, Police). However after a 20 minute search amongst the thousands of forms that must have come in within the last 6 weeks, she came back to me and claimed that I had not ticked the boxes to opt out and that therefore they were entitled to pass my information on to whomever they wished. What an interesting concept! Am I to take it that we are no longer protected by the Data Protection Act and that because the Royal Mail is such a large organisation that they are feel exempt from prosecution for abusing their customer's personal information? Nowhere in the above do they make it plain that their intention is to make your information freely available to every company in the country (and probably worldwide too) for their marketing purposes. This is a totally unscrupulous and abusive use of personal data held by them and supposedly protected under the Data Protection Act. I have also written to the CEO of DFS, Ian Filby (sent via email) as his is the name under which the letter was sent requesting a copy of the information that they hold on me and immediate removal of my information from their databases. I have also let them know that should I find that they have subsequently passed on my information whether for "Free" or for "Financial Gain" that I will seek damages. Is there anyone or any organisation that can prevent/act on the little person's behalf to prevent abuse of information such as this? plugin-SocialRedirection-1.pdf

Calls are not really important, but data is needed for outside the hotel. Have PMRs for calls between each other when out "together". If the worst comes to the worst, I have a roaming sim at 15p meg^-1.