I have been playing snail mail ping pong with Nat West for several months now. I took out a gold card/ current account with them at the beginning of the nineties and closed the account in 2004. I was involved in bank charges litigation with them up to the end of 2006. I'm unsure whether I had PPI on this account and so I sent a letter to their PPI complaints department. They said that they weren't able to locate any account details and that I should send a SARN to their data protection department. They were unable to locate any data either. I supplied them with address data and details of where I held my account. Nat West have suggested that they would routinely destroy data six years after account closure which means that they would have done so in 2010. Given that PPI claims entered the mainstream in 2008, I am surprised that NAT West and presumably other banks have been able to destroy data that could well have been used as evidence. I would be interested in knowing whether anyone has recently been able to obtain credit card/ current account data more than six years after account closure.

Good afternoon Caggers I purchased a 2nd property by re-mortgaging my current home. The Spanish property market collapsed and my house was not built. I am claiming my deposit back, however my current mortgage company does not have any history of my borrowing extra funds during 2006, nor do they have any history of the mortgage. Where do I stand on this? They have openly admitted they have no paperwork. maybe I can hold them to account for that and say that I paid it off???? Your help is greatly appreciated!

Hi Again.... I have a problem that I ought to have dealt with, but have not because I had more pressing issues: 4 sets of serious or urgent litigation that had deadlines, or financial priority: I had and still have a collapsed lung, I sadly have a deceased mother in law, a baby, who ended up in special care, while my wife almost bled to death during an emergency c section, I've bought a new house that the surveyor messed up big time on, I have had 2 new jobs, 2 surgeries and a tumor in my colon. I know they are not excuses for delay, but it has truly been a crap few years and this issue is the last unresolved pain in my side. All the issues above happened around the time of the N power debacle, or since. Some time around 2013/14 I moved into a house and the N Power Direct debit stopped. I had used NPower at a previous address. My dad had been paying as he is a kind man and he offered to when my wife and I were broke 10 years ago and he never stopped paying (despite me asking him not to). Npower screwed the bills up and I didn't pay the incorrect bills. At all times, I felt there was an ongoing complaint/ issue. Eventually the correct bill came and I paid it. The end? No. I applied for a loan or mortgage (cannot remember which off top of head) and was rejected. I had a default registered with Experian by Npower for the period where we were in dispute. The defaults are numerous and are all over the place. I wrote to Npower, Experian and complained to the FOS and got nowhere. What can I do, the defaults are only with Experian and they are utterly inaccurate. I am stuck. I need help with this.

Anyone else had one of the emails reporting a data breach by Trusted Quid? Have I got any recompense towards them over this?

I've just been glancing through a worksheet provided by my local council on the new GDPR rules. One of the guidance notes states that: "You must tell people in a concise, easy to understand way how you use their data." It also states that "consent" for your data to be used in different ways must be freely given, pre-ticked boxes will not be sufficient. i.e. a seperate consent is needed for each type of use the data is intended to be used. So...where the DVLA is concerned I am quite happy to give my consent for a record to be kept of when my car is taxed, insured and MOT'd. However I do not give my consent for any personal details, such as registered keeper, to be given to any third party. I wonder how this would stand up when the new regs become law on 25th May 2018?

Just wondering about this: As a part of an investigation at work, one of the emails sent to me by the case investigator was mistakenly sent to a person in the NHS trust who isn't part of the investigation. Does this constitute a breach of confidentiality and/or data protection?

I signed a franchise aggreement (unfortunately) and I would like to know if the : personal guarantee`s that was included is legal, if it was not witnessed, at the time of signing, and their is no provision for a witnesses signature, is there a set format for this, and could it be deemed invalid and/or, not binding? when is a deed not a deed? Your advice would be welcome. Thanks!

Here is my best attempt at summarising my dealings with Peachy: Date Borrowed Repaid Interest/charges 20/12/13 0200.00 02/01/14 0227.00 0027.00 03/01/14 0500.00 03/02/14 0645.00 0145.00 0500.00 03/03/14 0630.00 0130.00 04/03/14 0500.00 30/04/14 0677.00 0177.00 01/05/14 0250.00 29/05/14 0075.00(rollover) 0075.00 27/06/14 0327.50 0077.50 27/06/14 0500.00 25/07/14 0193.74 0141.00 29/08/14 0156.48 0089.05 26/09/14 0157.76 0060.82 31/10/14 0177.07 0056.69 27/11/14 0044.88(rollover) 0044.88 23/12/14 0047.25 (rollover) 0047.25 30/01/15 Final payment due: £162.51 principal + £61.75 interest + £5.00 fees = £229.26 Repayment failed Total borrowed: 2450.00 Principle repaid: 2287.49 Interest + fees repaid: 1071.19 TOTAL REPAID: 3358.68 Principle outstanding: 0162.51 Amount claimed: 0996.09 Interest @ 8% (08/06/16): 0158.98 Total claim: 1155.07 Not surprisingly I have a late payment marker on my credit file, and have received twice-weekly text/email threats of a default marker for the last 18 months (together with "borrow more money!" emails every couple of days). SAR was sent on 5/5/16 with £10 postal order, deadline is 16/6/16. I have received no communication from Peachy other than threats/marketing, until yesterday, an email stating "We are pleased to inform you that we have successfully collected your loan payment" of - you guessed it - £10. They've used the SAR fee on my outstanding balance. Looking for guidance on how to proceed. I think I have enough information without the SAR to go ahead and complain/claim, but I'd also like to make a complaint regarding their handling of DPA requests - can anyone advise? Thanks in advance.

Hello I have an ongoing modest valued claim for noise induced hearing loss against three former employees that failed to provide protection, my current employer was not involved. I have recently issued a DSAR to my current employer and found that they have the particulars of claim including loss for damages against the three former employers!. Is this not a breach of the data protection act? why should a company not being sued have this information??? Thanks.

Hi all, As I have posted in similar threads I got myself into a real mess with payday loansicon, going back to divorceicon/unemployment in 2009. At its worst, between May 2012 and January 2015 I had nearly 140 loans with over a dozen lenders, in an endless bucket brigade of borrowing from one to repay another. I walked away from the whole toxic lot in January 2015 and am now redressing the situation. Without going into the entire borrowing history, one of the many lenders was 247 Moneybox, from whom I ended up receiving a default for £483 in May 2015. I submitted a formal complaint just under a fortnight ago requesting repayment of interest and charges (£742.26) plus interest (£182.54) plus removal of adverse data. Response received today: "Please take this email as acknowledgement of your complaint. We will now investigate the issues you have raised within the timescales as set out in our complaints procedure below. A little concerned by the calculations you have attached - you seem to have some balances which are not payments or interest on your account. Concerned you may be adding transactions on from another lender. I also note you make no reference to your current outstanding balance of £687.00, towards which you have made no repayments to date. We are aware that there are many forums and templated letters available on the internet to exploit any previous credit commitments under the wholly subjective banner of affordability. To compare our actions with the reported behaviour of other lenders is inappropriate. We are confident that the required assessments were carried out prior to the advance of all loans. We are able to substantiate fully the information on which lending decisions were based. Our relationship was based on responsible lending in addition to responsible borrowing. We provided you with all the facts about our product and the charges and costs involved. We treated you as a rational individual able to make a credible decision as to whether to borrow or not. For our part of the relationship we acted on the information available to us at the time and the prevailing regulations and guidance at the time. We are happy as a gesture of goodwill to resolve today by writing off your current outstanding balance of £687.00. We can also remove all negative information from your credit file." I'm trying to obtain a mortgage at the moment so I'm more inclined to accept the offer and have the data removed asap than to dig my heels in and fight for more money.

I have to be very basic in the info i give for legal reasons but wonder if i can get some advise Person A, Purchases a Holiday in Person A's Name. Person A Invites Person B to join the Holiday. Can a Council Contact the Holiday company and request booking info who was on the list if they wanted to check out person B where Person A is not subject of any involvement / investigations. can the council / under data protection obtain this info legally? Person B is under investigation by council and Person A is not in any way linked to this other then the invite to come on Holiday.

An investigation was underway on Friday night after the personal data of up to 44 million British consumers was feared stolen by hackers in a massive cyber attack. The information commissioner said it was investigating how the hack on Equifax, a US credit rating firm, affected UK customers, many of whom will be unaware their data is held by the company. Equifax and its UK subsidiary companies state on their websites that they represent British clients including BT, Capital One and British Gas. There are fears that customers of these companies could now be affected. BT said that "many companies in the UK" used Equifax services and said that it was "monitoring the situation closely". The Information Commissioner's Office (ICO) has urged Equifax to alert affected UK customers as soon as possible, and said it will work with the relevant overseas authorities on behalf of British citizens. http://www.telegraph.co.uk/technology/2017/09/08/equifax-hack-britons-data-watchdog-investigates-ukimpact-major/

I changed address at the end of March 2013. The energy supplier at the new address was British Gas. Amid ongoing PDL/council tax/bailiff hell I received the first gas/elec bill at the end of November 2013, in excess of £900. A DD was set up to pay for usage plus arrears. It was the first of several as I would agree the DD amount/date with Bgas who would then increase the amount and/or change the date - making if effectively impossible to budget. The DD ranged from £261 to £593. My partner's son took his own life at the end of August 2014. A friend offered to rent out a spare house to us in a different area to give us a welcome change of scene. We could stay for 5 years, which would give us a chance to heal our wounds. I paid the final gas/elec bill on 19th Dec 2014. The elec was nearly £600. Having just moved house, and just before xmas, it bounced. I set up a new DD for the energy supplies to the new house totalling £321, the first to be paid on 19th Jan 2015. One (elec £220) bounced. Bgas also attempted to take out the previously unpaid amount (nearly £600) the following day (bank account balance £21.78). It bounced. And so it continued, the bills being paid by a combination of wobbly DD's and ad-hoc debit card payments. I gradually extricated myself from PDL hell by a)giving up on paying them off and b)not taking out any more... I lost my contract at the end of October 2015 and, with no savings or any other form of contingency, had to bridge a month long wage gap with - you guessed it - a £1500 loan from myjar (£3000 by the time I paid it off). It barely covered the bills. In 2016 our friend/landlord announced the house was being put up for sale and evicted us. We moved again at the end of July 2016. I received final bills from the previous address (gas £323.30, elec £535.78) and paid in full on 18th Aug 2016. I retained Bgas as energy supplier due to the debit balance (859.08) at the time of the house move. Bgas demanded a security deposit of £90 & £215, which I paid. Their email explains: "What happens to your deposit If you've paid all your bills on time, we'll refund it after your first year with us. But if you haven't, we'll use your deposit to pay any debt you might have. Even if it's a different gas or electricity contract." Bgas also supplied me with 2 "sales order numbers" pending setup of my new accounts. Over the next few weeks I signed into my accounts to check progress (they'd advised me it could take "up to" two weeks or thereabouts). Thinking the delay might have something to do with the old elec account, I contacted them and asked them. They had no record of the account or the arrears. Okay... 8 months later (not unusual for bgas, given my previous experience) I had still heard nothing from them but received a letter from Scottish Power giving notice of gas/elec arrears of several hundred pounds and application for a warrant to enter, noting that - as our dog had woofed when they came to the house - they would also be charging us for the attendance of a dog handler, advising that this was "likely" to be distressing. A quick phonecall confirmed that Bgas had never supplied energy to us, the arrears related to a former tenant, not us, and new gas and electricity accounts were duly set up. I contacted Bgas requesting the return of my security deposits, which they have repaid by cheque. Meanwhile, my 74 year old mum fell ill and was admitted to hospital at the end of March 2017. Cancer tore through her like wildfire, so much so that a formal diagnosis had not been reached by the time she was discharged into our care 3 weeks later. She died at home 3 days later. I am the sole beneficiary of my mum's will, and the executor of her estate. She left me a modest house with about £20k outstanding on the mortgage. My intention was to obtain a new mortgage on the house to pay off the existing - a loan to value of less than 25%. I have approached mortgage advisers and have been told I COULD obtain a mortgage but for one thing: the outstanding Bgas account from December 2014 is showing as "status 6" on my credit report and has done for the last 22 months. If they had defaulted it within 3-6 months of the original late payment (i.e. March-April 2015), it wouldn't trouble the lender, and I would qualify for the mortgage. However, it had taken them until August 2016 (when I contacted them and was told they had no record of it) to mark it as a late payment at all! I feel a complaint to Bgas is in order for their persistent late billing, excessive variation of DD amounts and dates, gross inefficiency, lack of communication, and tardy, incompetent and inaccurate processing of my data. Would appreciate advice as to how to structure and target my complaint. Email to mark.hodges@britishgas.co.uk ?? Thanks in advance!

Originally I had accounts with Egg, Barclaycard and Goldfish which had all become Barclaycard by the time I defaulted sometime around 2009. These accounts have since been bought by Cabot and one has been farmed out by them to Westcott. It turns out that 2 of these 3 accounts have the wrong date of birth for me. The month and year are correct but the day date is not. I know that at some time in the past all three accounts had the right date of birth as it was used as a security question in any telephone conversation - of which there were many. One of the accounts is the one with Westcott and was the first to become noticed when I failed security. The other is direct with Cabot. To cut a long story short Westcott DEMANDED my birth certificate which after some protest I duly provided Their action was to change the date of birth on the account About year ago the account with Cabot reared its head too and in that time they have been trying to obtain the original agreement from Barclaycard. They have recently responded that Barclaycard are unable to supply the original agreement so they have also changed the date of birth on my account and as far as they are concerned the complaint is closed. My contention is that the one unchangeable event in ones life is the date you were born and that if these are my accounts the data is corrupted or they are simply not my accounts at all. Unfortunately I can't verify any of the history as during a house move 6 years ago the box containing all my financial records was lost. I am tempted the contact both the Data Protection registrar and the Financial Ombudsman and to tell Cabot that this is the action I am about to take. Should I be doing this or is there some other action I should take. The sums on the 2 accounts together exceed £20,000 and I have been paying £1 per month on each for the last 8 years or so Thank you for your advice in advance

As reported on Parking Prankster... CEL have been ordered to pay £905 in compensation & costs for breaching the Data Protection Act in regards to a private parking ticket. Ouch! http://parking-prankster.blogspot.co.uk/2017/05/motorist-awarded-900-for-data.html

Evening I have recently resigned and am on garden leave I was in commission based sales I copied my sales data to a USB drive and left it in a cupboard at work My employer has said I copied data and is threatening legal action but the info has never left the premises I cannot go into work now to prove it How can it be theft when I have not removed it from work?

I live on a canal boat, for which I am required by the 1995 British waterways act to have a licence, the licence is a statutory requirement, British waterways was changed to a charitable trust some years ago but the legislation that governs licences has not changed, the trust is now falsely claiming that this licence is now a contract which they can add their own terms and conditions to without any recourse to parliment, and can cancel at any time they choose if the boat owner breaches any condition they have invented. The trust has now " re interpreted " the 1962 transport act section 43 and are claiming this gives them the authority to do anything they want, but they can't hide the fact that licences for boats on their waterways were not invented until 1975, and a public right of navigation existed on all their waters until 1968, so whatever way you interpret this section of this act it cannot possibly apply to licences. BW never claimed it had any such powers and post 1962 sought the consent of parliment for four new sets of bylaws, and 11 further waterways acts. The trusts is doing this because the law gives boat owners certain statutory rights which the trust wants to con them out of, many boaters already believe that the licence is a contract with contract terms and conditions, it sounds so right, but it is not true. I have taken the trust to task over this in a reasoned and polite way, they have banned any of their staff from speaking to me, and blacklisted my email and phone, they have also stated to me in writing that they will refuse to issue or renew a statutory licence unless their contract is agreed to, agreement to a contract or anything else is not a statutory pre condition of this licence surely must be illegal, the contract illegal and therefore unenforceable ? I and all other licence holders are being forced to agree to a contract we do not want, which the law states we do not need to obtain a licence, the Trust is blatantly breaking the law, which for them has no consequences, without funding a very expensive judicial review of the legislation we are at a loss to find a way to challenge this.

'The payday loan firm Wonga has said up to 270,000 of its customers may have been affected by a data breach. The firm said it was "urgently investigating illegal and unauthorised access to the personal data of some of its customers in the UK and Poland". The firm said it began contacting borrowers on Saturday and was offering support through a dedicated phone line. The information stolen includes names, addresses, phone numbers, bank account numbers and sort codes.....Around 245,000 of the customers affected are based in the UK with the rest in Poland....' http://www.bbc.co.uk/news/business-39544762

Have you ever tried to make a subject access request to Lloyds bank and been told that they don't keep data longer than six years? Well basically it's a lie – but you wouldn't expect anything else from Lloyds bank. They use an archiving service in Andover and you can get data going back at least 2001. Their address is: – DSAR Unit Lloyds TSB Customer Service recovery Charlton Place C46 Andover SP10 1RE And they even have a telephone number: – 0345 0707124 Although I don't know whether people are prepared to speak to you. Apparently the same archiving service is used to store data relating to TSB, Lloyds TSB, RSP, Halifax Bank of Scotland. In other words all the usual suspects who have ripped you off over the years and then try to obstruct you from getting a full data disclosure. You should still contact their head offices or your branch for your data disclosure, but when they come back to you and say that there is only six years then that is the time to start objecting and to make complaints to the information Commissioner. You can make an SAR request directly to the data centre as well, of course.

ABTA Data security incident March 2017 READ MORE HERE: https://abta.com/news-and-views/news/data-security-incident-march-2017

Hi Guys, Need your advice on this unusual problem. Sorry story is a bit long. I’ll spilt it by bullet point to make it easier to read: 1. 23 Dec 2016 – went to the store made small purchase requested £50 cashback. Was deep in my thoughts. Felt a bit awkward at the end of interaction with cashier who started behaving strangely by completely ignoring me and started chatting with colleague. After packing few purchased items I was waiting patiently not realising what for. Felt as something did not finish - no eye contact from cashier, no thanks / goodbye. I’ve felt a bit strange and waited for much longer that socially acceptable in such situation and then left the store without exchanging a word with cashier. 2. Few day later realised I did not had my cash. As I was not out of the house since visiting store I could not have spent it or lost somewhere. 3. Waited for store to open again and went to speak with manager on 27 Dec 16 to ask them for my cashback and checking CCTV to confirm it was not given. Duty manager said he cannot view CCTV but checked till for that day and there was no extra cash in the till. He also found small receipt with my signature that confirms I’ve received cash. Signature seemed to be mine but I do not remember signing it nor receiving cash. 4. I’ve got my receipt with cashback on it. I am guessing I was asked to sign small slip confirming I was given cash and then was given my store receipt. That triggered me into thinking I got what I needed and made to forget about my cash by cashier starting to completely ignoring me. 5. I’ve spoken to customer services and same manger again who were pointing at each other saying I need to request CCTV footage and pay for it and that only store manager / area manager can view CCTV. 6. 6 Jan 16 spoke to customer services who then spoke to store manager who then checked till records again stating no extra cash was reported on that day. 7. Managed to speak to store manager in person on 6 Jan 16. Did not get much was just fobbed off making it sound it was my fault and I should have checked cash in store and they conducted their investigation. This person was quite elusive did not wanted to talk. Said nothing I can do. Both managers felt a bit arrogant almost as if they were saying good luck with that! If you know what I mean. 8. 6 Jan 16 stated electronic communication with customer services sending all above information via web form. Starting message with I am making formal request for CCTV footage under Data Protection Act 1998 confirming I am happy to pay for it. Providing all relevant details timing till number etc. 9. 18 Jan 17 sent them all above information in registered letter. 10. Did not get any response for around 10 calendar days and called them again to chase up for reply. 11. Received reply on evening of 20 Jan 17 (Friday) stating they passed for investigation to area manager. Provided instructions for requesting CCTV and how payment should be made. Advised that I need to contact police if I felt there was theft. 12. 20 Jan 17 I replied via e-mail and asked to place hold on the footage to ensure it is not overwritten as I’ve read somewhere that their retention period is 30 days. 13. 21 Jan 17 (Saturday) send request for footage as per their instructions. 14. 26 Jan 17 received letter stating request is outside of system storage capacity. 15. Chased them up for finial outcome of area manager investigation knowing what they will say. 16. 16 Feb 2016 Received response stating CCTV has now been overwritten they conducted till review and no extra cash was found. Nothing else they can do and I can contact the police. My view on that is that they ignored my initial request under Data protection act sent to them on 6 Jan 17. Purposely delayed providing instruction for requesting footage and timed it so that I have 0% chances of making it successfully and that it reaches them before 30 days retention period to cover up for their employees. I’ve seem to exhausted my option to get this resolved with the company and looking for advice on taking this further. I feel up to taking them to small court claiming for postage, petrol cost for number of trips inconvenience and original cashback. Just wanted to get your views on chance for success and some help with small court procedures if will be going that way. Thanks for reading!

Dear all, I unfortunately suffer from chronic depressive illness and have done so for many years with the condition significantly worsening over the past few years. In the year 2011 I had been subject to police investigation. I attended a police interview on a voluntary basis. Due to my debilitating depression I had an appropriate adult also attend this interview who I understand was a social worker at that time. The social worker, without my explicit consent, went on to record the details of the alleged criminal charges I faced on the NHS Trust’s IT system and within my electronic patient records. This information is categorised as highly sensitive information as defined under section 2 (h) of the Data Protection Act and the Trust seemingly recorded this information unlawfully. Their response however is that the processing of this information was 'necessary for medical purposes'. The criminal matter has been long since disposed of in my favour however the Trust are continuously processing this information wherever and whenever possible. I am not clear on whether or not explicit consent was needed here. It seems to me it was. I should be most grateful for any input.

Wonder if BiliffCos and DCA;s will suffer on this one? EU GDPR on data processing regs might make it difficult where a debt and associated data is being passed around freely, also implications for Credit Reference Agencies, and Marketing companies as Data Subject must give explicit consent for the data processing From the article link below: http://www.idgconnect.com/abstract/24102/from-insular-us-firms-spammy-marketers-who-gdpr-hit-hardest ‘Privacy by design’, ‘access rights’ and ‘breach notification’ “One of the changes due to be implemented in GDPR is the explicit recognition of the concepts of ‘privacy by design’ or ‘privacy by default’. Businesses will now find themselves subject to a specific obligation to consider data privacy at the initial design stages of a project as well as throughout the lifecycle of the relevant data processing. Overlay the current privacy requirements in individual countries and you have a whole new box of worms. “Under GDPR individuals will have the right to obtain confirmation that their data is being processed and have access to their data. GDPR clarifies that the reason for allowing individuals to access their personal data is so that they can verify the lawfulness of processing. This in itself will pose huge challenges for organisations with the whole process of giving access to data subject and providing proof of legitimate processing. “This will incur the highest fines stipulated in any legislation. Organisations are notoriously bad at detecting breaches and the average, only 20%, are detected by organisations themselves, the rest are notified by third parties.” Rashmi Knowles, Chief Security Architect EMEA at RSA

Afternoon everyone, I have an issue with Eon Energy. I checked my credit score as I'm about to apply for a mortgage and saw that I have 2 accounts with them. One current one which is up to date and in £250 credit, and one earlier one that has lots of irregular missed payments and is closed and marked as settled. See image... I've been over and over with them for weeks about this and they can't really explain it. They said at some point I switched providers and then came back. They also have no record of me being a client prior to 2013 yet they have been reporting on late and missed payments during this period. This has gone to the Complaints department, then Alternative Dispute Resolution department and to their datashare department. Their datashare say the info is valid and they will not amend anything. Only step now is the financial ombudsman, I really don't have the energy to deal with this. I'm leaving Eon for another energy provider as I've had enough. What I ultimately want to know is, will this 2nd Eon account from 2012-2014 showing missed payments affect my mortgage application? Other than this, my other accounts are 100% in excellent order and my wife's credit file is also 100% excellent.

I have an ongoing tribunal this month with my previous employer, but a question i have is this. I asked if i could come to the office to collect some paperwork that was important to me, they replied that i could get access for this. Now i work away and usually have limited acces to emails, my previous employer then went through my laptop bag and scanned (as directors they would not have done this) my personal medical paperwork (and made comments about this that were derogatory and in depth so they have obviously read them) and my personal financial paperwork stating that i had numerous debt letters. Now they also copied in my wife (she did not work for them or had ever met them and had not given them her email and neither had i) and my union rep and their legal team, they suggest that i was hiding this information from my fie (which i most definitely was not, this was to cause problems as they never included her in any emials prior or post). Surely this must be a data protection breach as i have given them no permission to do this and my wife. Please can someone advise.