I had a situation with Southeastern a while back. One of their Revenue Protection Inspectors issued me with a Penalty Fare somewhere in the region of £68, so I was legally required to provide them with my name and address. I appealed on the basis that the ticket I presented to the inspector was valid for the journey I was undertaking, only he wasn't sufficiently trained on how to determine the validity of tickets. The favoured approach is issuing a Penalty Fare or calling the British Transport Police over verifying the validity of the ticket. The appeal was upheld because I was right about the ticket. Because I presented a valid ticket for inspection, there was no way I was giving Southeastern any of my money towards that Penalty Fare, so I made a part payment with a £50 Rail Travel Voucher. I later lodged a Subject Access Request to Southeastern for all information they held on me. In the response, I found out that a member of staff from the Independent Penalty Fares Appeals Service (IPFAS, part of Southeastern) decided to email out my details to various entities, not all of which were Train Operating Companies. The IPFAS were trying to find out the origin of the voucher I had paid with. I reported this suspected breach to the Information Commissioner's Office. This was the ICO's response.

Hello lovelies, I'm here for some help again, if you wouldn't mind? I'm a regular Arriva bus user because of the location of my house. The bus service on the route is the most unreliable service and more often than not, the bus is late or doesn't turn up. Just to give you an idea, so far this month on the one route I take, the buses have been 89 minutes late! So of course I make a complaint every single time. Each time I put email contact only. They have previously rang my phone number that's been on their system but after telling them email contact only, they've been pretty good about emailing me. They have offered to send me free travel tickets as an apology for the delays, which I have accepted and emailed my address across. I made further complaints via email, and one was made over the phone. During the phone call, I told the man that I wanted a response in email only. I have come home today to find that someone has taken it upon themselves to write and send a letter to my address! As you can imagine, I am absolutely fuming! I've spoken to my sister about this to see if she knew who I could contact as I am not happy at all. She's informed me that it's a breach of data protection. Is that correct? And if so, who do I now contact? I'm not really happy to let this slide, since I've made it clear every time that I do not want to be contacted in any other way. Hopefully this angry ramble makes sense! Thank you! Kayleigh

Hi All, Slightly odd question, have looked though the forum but cant seem to find anything on it. if the data provided to 3rd parties about you by your credit card company is factually incorrect, are they in breach of the DPA or CCA, If so do you know what section? Also who is responsible for ensuring the accruacy of the data displayed on the CRA, the supplier or the CRA? Ross

Hi, I was going through some old paperwork and I found the initial letter which Advantis sent to my new address about a year after I moved in... It read: Are they allowed to just give out my information i.e. full name, with middle names and previous address? If not, what'd you advise I do about it? I personally am really not happy that they're just firing out letters with my name and addresses on it without knowing where they go.

Hi, Really concerned. I wont say who I have the DMP with but they are one of the most popular and talked about DMP's that carry a small charge. Anyway. Some stupid advisor or whoever was on their email system, decided to send a group email. the DMP sent the group email saying thank you for being customers etc etc. the stupid thing is, they copied in the entire contact list. So the DMP, sent an email to all their customers but did not blind copy, they have openly shared all of our email addresses with one another. I have since received emails from countless people on DMP's with this same company, from their personal email address as they have seen my email address from the DMP company. They all now know I am on a debt management plan, we normally all use first and last names on emails so it says my full name, address and states that I am on a DMP. What can be done here? what should be done here? This is obviously a breach of the data protection act but who is to blame? who should people complain to? Thanks.

Hi, not sure if this is the right section to post - mods feel free to move to a more suitable section if necessary. Any advice on the following issue(s) appreciated. I work for a large employer and we are told that in a couple of months our payslips will no longer be printed on-site. Our BACS wage payments will continue to be processed by our employer's accounts dept as usual, however our payslips will no longer be physically printed. We will have access to all payslip information via a 3rd party website using a personal / work email address and password (apparently the 3rd party are used by other companies already and use proper web access encryption etc). Initial indications are that employees will be able to opt out (either due to no web access at home or for personal reasons) from this on-line payslip system and continue to receive traditional printed payslips as we do now, however our employer expects the number opting out to be the exception rather than the rule. If opted out then it is not clear if the payslip information will still be sent to the 3rd party or not - opted out employees will receive a printed payslip but not receive access to the 3rd party on-line system. Now, With regard to DPA requirements, does our employer have the right to pass our name, hourly rate, salary, NI number and tax code to this 3rd party. I do not think we have signed anything on our employment contracts permitting personal detail disclosure to 3rd parties and there is nothing (yet) within the employers HR procedures regarding this. Before the system goes live we will have slips to complete with an email address to be used for the sytem and a 'tick box' to agree to the system - will this cover the company regarding DPA? Thanks for any observations and input.

I've been cold-called by a claims company (even though I'm on TPS - but that is going to the ICO as a complaint, it's at least the second time by the same company). I let the caller tell his story and wasted his time so that I could gather more information about the company making the call. He sent me a whole load of forms with the company details and his initials on in the post too. What worried me is the amount of detail he had - the loan company, the broker, the amount and date of the loan, the amount of PPI, the reason for the loan, plus of course, my contact details. The only thing he didn't have was the fact that I'd reclaimed the PPI years ago all by myself! Where do they get this level of detail from, and what rights do I have over this information anyway? Has there been a DPA breach by the loan company, the broker or the CRAs? OMWO

I got a phone call this morning which went something like this. "Sorry to bother you but can I speak to xxxxx xxxxxxx"? I said I was speaking. "The caller then said I'd just like to confirm we can still contact you at (and stated my address)"? Alarm bells went off at the back of my last remaining braincell and I asked who was calling. We are 2F. I asked from where. Hull. I asked why she was calling me. After some evasive tactics, she eventually said they had a client who had been trying to deliver correspondence to me. I asked again who she worked for and why she was calling me and that I believed she was breaching DPA (and I meant by deceptive tactics). I told her I was ending the call... there's really no point getting into a conversation with debt collectors on the phone for all the reasons stated in these threads. When I google 2F Hull, it comes up with Westcott - who are also mentioned all over these threads. So, is this a new tactic? To call someone out of the blue without even trying to establish they're actually talking to the right person? Just wondered if anyone else had calls like this from 2F Hull?

Hi all, Hope you can help, apologies if this has been covered elsewhere, or if this thread is in the wrong place. I've received 2 e-mails over the past 3 weeks from a high street bank relating to a complaint, which isn't mine. The information includes bank details, the details/ history of the complaint and named contacts within the bank who have been dealing with it - including the chief exex. The blurb on the bottom of the e-mail demands I must send this back and not forward it on etc. I won't be disclosing the bank etc publicly, but I'm currently in dispute with the same bank and have issued the chief exec emails of details of my complaint some months prior to receiving this. What are my options? I don't want compensation etc for the above breach, but are concerned the bank cannot handle data securely? Should I contact the bank, raising a formal complaint? The ICO? FOS? OFT? The original complainant? I don't want to let this drop, but not sure where I should go? Any ideas and in what order I should make the complaints? Sorry for rambling, I'm still fairly new to this. :?:Thanks for your help.

Afternoon all, I've had the following e-mail from Past Due Credit Solutions regarding a Three Mobile account for £116.00 I am a Three Customer and hold 2 accounts with them, both of which are well up to date. I have checked my CRA's and there is a default registered and it actually shows 3 accounts. Tad confused where this third one came from?!! I had been ignoring their e-mails to be honest and I have made no telephone contact. However here is the rather worrying e-mail: There is also this little statement at the top of the e-mail... What the do they think they're playing at then? The contents of the email is clearly confidential as it contains account numbers and financial balances. Lets assume I never received this e-mail because I had an Out of Office and it went to a colleague. That is fairly likely to happen in my case, as I attend regular hospital appointments and use out of office to redirect my e-mails to a friend to deal with. What would you do here then? Or am I making a mountain out of a mole hill Cheers Caggers and have a good weekend

Well it happened today, my first month of claiming job seekers allowance and i have been put on this mandatory work activity. i will not go into the draconian attitude of the benefit Adviser, but i need a bit of advice. She thrust a piece of paper under my nose to sign, it was a Data Protection Act waiver to the MWA provider ATOS. I declined signing it and all she said was it does not matter as they are our approved provider What personal data can the DWP pass onto the work place provider ATOS, without my express consent many thanks

First my apologies if this is in the wrong Forum, as it is to do with the Communication Ombudsman this one seemed appropriate. OK, this is quite a long problems that I am going to try to summarise so my apologies if I haven’t included everything I needed and please ask questions if you need more information. BackgroundAround 3 years ago I had a problem with Three in which they broke the terms of my contract, they also stole £30 from my bank account after the contract was cancelled. Three refused to allow me to make a complaint and so I took the matter to the Ombudsman. I provided proof of the theft of the £30 by providing my bank statements that showed the money going out and never coming back in. I showed details of how Three had failed to uphold their end of the contract and I showed my repeated attempts to complain to Three and how I never got a reply. My case After waiting over a year for the Ombudsman to rule on the case I was informed that they were finding in favour of Three on all claims, I asked for a review as I knew for a fact that Three were in the wrong, I waited another month and was told that after the review they were still siding with Three, but that I had the option to take the matter to court if I wished. I suspected at this point that my case had not been investigated properly – since simple matters like the theft of £30 from my account had been found in Threes favour. I decided that I would take the matter to court but realised that without proof that the matter was not investigated that Three could simply claim that the Ombudsman had already ruled on this matter and I would likely lose the case. To this end I requested a SAR report from the Ombudsman – to which they informed me I could only make payment via cheque which I was unhappy about but I sent them a cheque immediately. This was in August 2012. Where the problems began The required 40 days passed and I still had not received my SAR report, I contacted the Ombudsman again and they claimed to have never received the cheque. I sent a second cheque which they also claimed not to have received, I sent a third cheque, this time via recorded delivery – and this time I got a reply to my letter but still no SARS report, they claimed not to have received a cheque again. Now in February 2013, and having waited 7 months for a SAR report I decided to take the matter to the ICO ICO ruling number 1 The ICO ruled that they could not say for a fact that the Ombudsman had received the cheque, and thus could not uphold my complaint. They did however order the Ombudsman to give me bank details I could make a BACS payment to, and that once that payment was made they would need to get a SAR report to me in 40 days. I did this and the Ombudsman confirmed receipt of my payment. Further issues 40 days came and went and I received no SARS report. I contacted the Ombudsman and gave them an extra 10 days to get it to me but got no reply. After the 10 days I contacted the ICO again and they asked me to give the Ombudsman a 14 day ultimatum to get the SAR report to me. I did this, and copied the ICO into my communication to prove I was chasing this. The Ombudsman refused to reply. ICO ruling number 2 The ICO, seeing that I had now waited 64 days for my SAR report (from the date they could confirm I sent payment) decided that I did have grounds to complain. They also advised that I could begin a court case for my financial loses and compensation for the Ombudsman breaking the law. I gave the Ombudsman an extra week to reply and then began the court proceedings. Ombudsman finally replies A few days after issuing the court case the Ombudsman finally replied saying that they had sent my SAR report to the wrong address and saying that they would send it out again. They claimed to have done nothing wrong (despite the fact that they admitted breeching section 4 and 6 of the DPA) and insisted that I end the court case as “they are not legally responsible for their rulings”. I replied that I have not begun the court case about their ruling but that it was instead about them breaking the law and is for compensation for my financial losses as a result of that – including the fact that I could not begin a claim against Three and expect to win in court without my SAR report. SAR report finally arrives My SAR report finally arrived and as I suspected proves that my case was not investigated. None of the questions I raised were actually asked of Three – and the “evidence” that the ombudsman accepted that Three had done things (like reply to my complaint and send me back the money they stole) amounted to nothing more than the notes on my Three account that said they had done this – they could provide no actual letter or emails to this end nor any proof of a payment actually being made, yet the Ombudsman still found in their favour. Once I have finished with my Ombudsman issues I shall begin my claim against Three. ICO final ruling The ICO has finally ruled that the Ombudsman did break section 4 and 6 of the DPA – but that at the moment they will not take the matter further, but will review this if they get further complaints. Court case And now we get to the crux of the matter – the Ombudsman are now again trying to get me to cancel the case as criminal charges are not being pursued against them and they have provided me with my SAR report. I maintain that they still broke the law and I should be allowed compensation for that fact. Whilst I accept that I can now begin my court case against Three, so no longer wish to claim for my financial losses for that, I still feel that their conduct in breaking the law in this case deserves to be punished. Do I still have a case for this in the courts, or will I now be ruled against since the ICO is not pursuing the criminal case and the Ombudsman has now sent me my SAR report, if 40 days too late? There is still the issue of the Ombudsman having provided my details to an unknown third party? When I raised the case everything that I claimed was true at the time (i.e. I had not received a SAR report) – and whilst I accept that their actions since then mean that I now have one surely I still have grounds to win most of my case against them?

Well not totally confused as I have spent the last couple of hours reading the stickies above regarding CPR for Document disclosure. However I am wondering were a DSAR sits in all of this ? In a Nutshell, CPR part 18 for clarification of any documents you are sent CPR 31.14 for disclosure of any documents they mention in a statement in of cases (POC) Now where does a DSAR fit into all of this ? How does one request to see documents that have never been mentioned ? e.g. DN, DoA etx ? How does one prevent a claimant producing a document in court that they have previously failed to mention, or more importantly photoshopped at the last minute.

After racking up a few victories against banks and DCA, I'm now itching to take a fight to them. Because I know, given the chance to take me to courts regardless of the merits they would. The Issue: My bank who I have had no problems with except a deteriorating level of customer service and increasing incompetent level of customer service has disclosed my confidential details which has caused me to incur financial loss. I opened a business bank account with my bank by phone and was told there would be some paperwork I would need to sign and return by post. The letter never turned up. A week later, I informed the bank and they sent out another letter, which again failed to turn up. However another letter did. First of all the letter showed clear signs of being tampered with, the letter was addressed to me, however the contents did not pertain to me. They belonged to another customer and contained all of his intimate banking details, name, address, bank account numbers. I can only assume that a similar letter containing my personal info, has been sent elsewhere or been intercepted. Due to this I have had to move all of banking to another bank, which has been at some considerable expense as the task has been time consuming and has prevented me from working. Do I have a claim under DPA ?

Evening all, wondered if anyone could offer some advice on a DPA breach by my employer? The facts are these: I have a disability I work for one of the 'big six' energy companies My manager keeps a folder with my data in it - as to be expected The folder contains things such as letters from my consultant so therefore gives my addresses, sick notes, occupational health reports and emails. One of these emails categorically states that I have HIV The problem is this: My manager has been keeping this file on his desk for months, in a building which could be accessed by 500-1000 people. It has never been locked away. I have raised a grievance citing various issues, this being one of them. I have also raised this with the data protection officers within the company. My question is that this is clearly a breach, do I have any further recourse against my employer and/or my manager personally? He told me today the reason he doesnt keep the file locked away is because he doesn't have space for it!

FOA Lee, I have sent you a e-mail regarding the above would appreciate a call please number in e-mail Thanks Anon55

Hi, Apologies if the answer to my question is elsewhere on this site - I have looked and, while there are indications that P2C have broken the rules, I want to be certain before I take things further. I arrived home after a few weeks away to find two cards had been put through my door from P2C. Neither card was in an envelope and both have my full name handwritten on them. One of the cards contains the following (the bits I've highlighted in boldblue were handwritten): We called today to make contact with you regarding your _Natwest account, Ref: xxxx Debt Officer. This is followed by a request to call a mobile number "within the next 24 hours to avoid any further action". Just wondering whether the fact the card contains my name, along with indication I am in debt with Natwest is breaking DPA/OFT (or any other) rules? I've been in touch with Natwest and they've confirmed that they sent P2C around as I haven't responded to letters they've sent about one of my accounts (I have an authorised overdraft on this account, but haven't made a credit to it for a while so they've classed it as being dormant). While I'm in a position to credit my account and make this all go away, the heavy-handedness of Natwest has really riled me - I've complained to Natwest but they've basically told me to go away as it was my fault for not crediting my account. Any advice on whether I've got grounds to lodge a complaint with OFT greatly received. I'd also happily take my gripe with Natwest further if there are grounds for doing so. Thanks.

Happy New Year everyone. I could do with some advice regarding an apparent breach of the DPA. Last year my father sent a SAR to MBNA with a view to reclaiming PPI. MBNA informed my father that they had no information, etc. and he'd never had an account with them. My father complained to the Information Commissioner and provided dates for the accounts, account numbers etc. In September, the ICO ruled in my father's favour and lo and behold MBNA refunded 5k in PPI. In November, I sent a SAR to MBNA for my information. I received their package today and contained within it were letters between MBNA and my father, and MBNA and the ICO in respect of my fathers complaint. Obviously I've made my father aware of what's happened today. Any advice on what to do next? Should my father and I contact MBNA or should we contact the case handler for my father's complain? Much obliged!

Hi to you all. I was making a complaint to Barclays when a customer service advisor did a credit check on a loan for £7100 for 60 months without my permission,but the loan got declined because the customer service advisor did wrong information by spelling my middle name wrong,other details wrong. So I lost 50 points off my excellent credit score,I have made a complaint,but Barclays don't seem bothered. I have asked for £250 goodwil for the stress of messing my credit score,but they admit that this could have happened,but they will not offer me a goodwil. So I have passed my complaint to the FSA,their are waiting for their reply,asked for the recorded call to prove it. So any advise would be helpful.

Some weeks ago I parked in a service area and complied withall the signage and rules they had, which they have admitted in a letter vaguely. The problem arose because thereequipment was faulty and did not record my car details correctly at the parkingterminal. However they had ANPR on sitewhich showed the car entering and leaving. So my question is ita breach of the Data Protection act section 55 to apply for my details fromDVLA as no infringement of their rules was committed? Also is it a breach of the BPA rules they use to access suchinformation? And if I ask them to remove all data relating me and my carfrom there records do they have to do it?

Affidavit's Wanted Please Preparing for the case ahead, clydesdale I know will use the "it was only a one of administration error" line alongside their proposed defence. I want to show the court that infact failure to provide documentation under section 7 of the DPA 1998 is rife across the industry but in particular within this bank. I am trying to collect as many affidavits from people who have banked with clydesdale and had problems of this nature to use as evidence that this is not a 1 time occurance. 3 Years and still no data from them. Anyone willing to help?

After seeing a personal advisor at the jobcentre i have been sent a DPA1 form to sign, about keeping sensitive information. Does any one have any idea what this about Many thanks

Is there a vodafone rep available asap. as mum's account has gone awol and we have another user's account.. . rang today was promised a call back within 3 hours 4 hours came and when then phoned back and got told he must be telling you the wrong information its more likely to be 24-48 hours. . arghhh totally unacceptable .. if i can access this chaps information and i mean all of it then i have potential to commit fraud as does the person who has mine?? why are you NOT taking it too seriously

So took out a payday loan with Paycheck Credit, i'm in arrears but thats already underway and getting sorted by DAS. This is regarding the number they provided (paycheck) when dialed it took me through to toothfairy finance (select option, difficulty applying to get an advisor) told the guy i was recording the call, he agreed (only 5 mins max on my phone to my dismay) Now the man kindly explained that he was from toothfairy, but had access to all of my details for paycheck, i probed him asking is this not unlawful? The man then went onto explain that they were sister companies and therefore were able to share info. Yet i've never received anything other than a text from toothfairy? Is this a breach of the DPA? Finances are sorted this post is more about getting info so i can make a uber complaint to OFT so hopefully thse guys will be getting shut down

This just occurred to me earlier. The other week, I went to Phones4U to buy a new mobile. I chose it, the assistant got the box, everything cool. I open my wallet and hand her £80 in cash (£70 phone and mandatory £10 top up). Assistant: "oh, if your paying in cash, then you can only have the phone if you buy a £20 top up!" Me: "Why?" Assistant: "Because, if you pay by card, Orange will get your name, address, bank details etc, and thus offer the phone with only £10 top up" Firstly, there is no sign in the shop, or indeed in Carphone Warhouse that states you have to buy more credit if paying by cash. Secondly, if I walk into Phones4U and buy a phone on my card, at what point in that transaction have I authorised Phones4U to pass my personal data, ie, everything they can harvest from my Visa Debit Card, to a seperate company, Orange? There are no signs stating that anything I do means I am waiving my data rights and allowing them to pass my details on, I am not asked to sign a waiver, indeed, a normal transaction is, choose phone, assistant scans phone, I put my card into machine, pay, get my receipt, walk out. Surely they are breaching Data Protection?