PRA - QQ Account - DPA Breach & Other Issues

[nuclearshark]

Morning all.

 

I received a lovely "Soft" letter as they described it from Portfolio Recovery Associates. A letter that I mentioned in Bank Fodders' recent thread on unsolicited communications from Debt Collection Agencies. The letter was one of those insidious tracing letters to see if a person lived at my address.

 

Something I know several do and I report each and every one who has tried it on.

 

I phoned PRA on to try and garner some information on the matter they wished to discuss with me.

 

I provided INCORRECT security information (Postcode and D.O.B) yet the agent continued with the call.

 

I have a recording of this call.

Unfortunately it hasn't captured the person I spoke to on the other end; only my voice.

But from my voice it is abundantly clear that the agent did infact continue the call and breach DPA.

 

Following on from this I drafted the below email and sent it to them:

 

Dear Sirs

 

I write to you today regarding the above account and an Information Rights concern I deem to be very serious.

 

I am gravely concerned that you have not handled my personal information properly and have not shown appropriate due diligence with my personal data.

You have also shown a serious incompetence on security checks when speaking with your customers.

 

On the xx.xx.xx I contacted you by Telephone and I was asked to confirm security details.

As your letter addressed to me recently did not reference any matter directly;

and your letter made it clear you were uncertain as to my true Identity.

 

I was not willing to hand over any personal information in case this was an attempt to gain my personal data for fraudulent purposes.

Therefore I provided INCORRECT security details when asked for this information.

The incorrect information I supplied was a Postcode AND Date of Birth.

 

Despite giving incorrect security information,

your Agent continued the call and went on to confirm the matter the letter was regarding,

account balances, previous addresses, payment dates and also tried to phish for further contact details which I refused to provide.

 

Considering your organisation continued the call after failing fundamentally BASIC security checks,

there was NO WAY that I was providing you any further personal information and I terminated the call.

 

This tells me you either:

A) Did not have this information to begin with.

AND/OR

B) Your agent showed a callous disregard for my Data Privacy and decided the Data Protection Act did not apply!

I have a recording of this phone call and I can supply it to you on request.

However your agent did state the call was being recorded so you may already have it.

 

As this matter is clearly regarding Debt Collection Activity for an account for which it is very clear you are unsure who the debtor is,

 

Financial Conduct Authority guidelines make it EXTREMELY CLEAR that all debt collection activity on an account must cease immediately

if the creditor and/or their agents are unsure as to the true identity of the debtor they seek.

 

Considering the wording in your letter and your failure to conform to the Data Protection Act,

It is abundantly clear you are uncertain to whom the debtor is you seek for the alleged debt.

As such, you MUST and WILL cease any recovery action on this account immediately when informed of this.

 

Further to the above;

I am informing you this debt is NOT acknowledged and is disputed in it’s entirety.

Having had a look in my archives, this debt has been disputed since late 2012

when I wrote to the Creditor and provided them an Account in Dispute notice to inform them I was disputing the account.

 

Considering your recent and quite frankly shocking involvement in this affair.

This debt is now in SERIOUS DISPUTE and I will be referring this matter to the Financial Conduct Authority for just this reason alone.

I will also NOT be making any offer of payment to, or acknowledgement of alleged debt.

 

I understand that before reporting my concern to the Information Commissioner’s Office (ICO),

Financial Conduct Authority and/or Financial Ombudsman Service

that I should give you the chance to resolve my complaint without the need to escalate further.

 

If, when I receive your response,

I would still like to report my concern to the above, but not limited to regulatory bodies,

I will give them a copy of your response to consider.

 

You can find guidance on your obligations under information rights legislation on the ICO’s website (www.ico.org.uk)

as well as information on their regulatory powers and the action they can take.

Also activities on debt collection can be found on the Financial Conduct Authority Website here: www.fca.org.uk

 

Please send a full response within 28 working days. If you cannot respond within that timescale,

please tell me when you will be able to respond.

 

If there is anything you would like to discuss, please write to me at the above address,

or respond to my email and I will respond within a reasonable time frame.

 

PRA have replied and refuted all of my complaints.

Even to be so bold as to say that the agent advised me that I had failed the security questions.

A blatant lie and really, really concerning.

The only thing they did click to was I am the person they wanted to speak to

and they sent me a copy of the CCA for the debt. A QuickQuid PayDay loan.

 

They didn't ask for any details of the dispute (Why would they, they just want an early summer party fund!)

so completely unaware that I am disputing the debt because I don't recall ever taking out a loan with QQ.

After my Toothfairy experience I wouldn't go near the vultures again!

 

So I have sent the following email to them again:

 

Thank you for your letter received by me this morning.

 

In the letter you have refused to uphold my complaint regarding inadequate security checks

and also refute your “Soft” letter is a breach of FCA Guidelines.

 

I can’t say I am surprised but you SERIOUSLY need to reconsider your actions and decisions here.

 

On the xx.xx.xx at xx.xx.xx I called Portfolio Recovery Associates and provided the incorrect security information.

Having listened to the recording of the call.

It is abundantly clear that your agent DID infact release confidential data with clearly incorrect security information.

 

Maybe you are referring to a phone call on the xx.xx.xx where I phoned you to request a copy of your complaints procedure.

Again after verifying incorrect information your agent did in-fact follow correct Data Protection Guidelines

and refused to take the call. That phone call was on the xx.xx.xx @ xx.xx.xx and lasted xx Minutes xx Seconds.

 

Need I remind you I have recordings of both phone calls.

 

The agent I spoke to on the xx.xx.xx confirmed previous addresses, Account Balance, The Creditors name

and other dates when payments etc were made. The phone call lasted xx Minutes and xx Seconds.

 

If you continue to suggest that your agent followed the correct procedure… This on it’s own is very worrying indeed... Are you a fan of films?

Take a watch of the First 10 Minutes of Identity Theft with Melissa McCarthy as the lead character…

Then you will see how real my concerns really are!

 

Your agent also stated that the call was being monitored for “Training and Monitoring Purposes” Maybe go and have a listen??

Because I have no reason to lie…

 

As for the letter you refute is a breach of FCA Guidelines… Maybe we should let them be the judge of that.

 

I’ll give you 7 days to respond to me and whether you will considering upholding my DPA Breach Complaint

 

I will not be discussing repayment on the account at this stage. Not until I have reviewed all the information you have sent me.

 

Feel free to reply by letter or email. I will acknowledge read receipts as proof of receipt.

 

So I have given them 7 days. I have prepared my complaints to ICO, FCA & FoS.

.. But will give them a chance in good faith to not be stupid...

 

However is there anything specific you think I should be doing right at this very moment... I'm all for taking these to the cleaners!

 

Thanks all.

 

NukeShark.

[nuclearshark]

Ok. Complaints in to FOS and ICO. They did not reply to my above email...

[nuclearshark]

Interestingly I went away for the weekend and returned to a letter from Macenzie Hall. Odd you think when I raised a complaint to PRA UK. Whilst I know they PRA own Macenzie Hall or vice versa (can never remember). It immediately made me think of the FCA ruling on Wonga for using different company names to imply a psychological fear onto consumers.

 

Anyhow. PRA did receive that E-Mail and Macenzie Hall have upheld my complaint on the DPA Breach. But there is a snag. The lady who has written to me listened to the call on the 7th July 2014 and has confirmed that I am clearly heard to give incorrect security details and personal account data was released. She was satisfied that a breach of their "Internal Policies" did occur but as the information was released to me as the account holder. They are not satisfied they breached the Data Protection Act in full. Shame I didn't get a friend to make the call

 

Nevertheless, this has gone off to FoS as they did not answer my initial complaint in a reasonable time frame and this reply has gone to them also. I will also copy the response to the ICO.

 

They also want to know more about the reason for the dispute, despite QuickQuid receiving the Account In Dispute notice. Not supplying a CCA, nor responding to my letters asking for clarification on when the account was opened etc. But nevertheless this is water off a ducks back.

 

Macenzie Hall also said their "soft" letter is not a breach of FCA Guidelines and have not upheld that complaint. I am yet to refer this on to the FCA and will do so next week. Now Macenzie Hall have responded I am going to highlight this very clearly that MH responded and not PRA UK which has cast doubt who owns the account. Also highlighting their decision on Wonga.

 

Worth sending a letter to Glasgow Trading Standards just to p155 them off even more...?

 

Any further advice and/or questions?

 

P.S.

 

I have no doubt PRA/MH are reading this thread. So feel free to send Meritforce around guys... My doorbell has never worked and I have no need to fix it. I'd hate to think you'd waste your colleagues fuel and expenses in parking just to stand on the doorstep in the rain pushing a broken buzzer like a muppet for 20 minutes... :|:smile

[fkofilee]

What a shame that no one has replied to your post... Well Please keep us posted.

Im not surprised at the response from MH with PRA etc.

[nuclearshark]

Had the following response from the ICO:

 

Dear Mr Shark

 

Thank you for your further correspondence in relation to your concerns about Portfolio Recovery Associates UK Limited.

 

You are concerned that Portfolio Recovery Associates UK Limited did not take the necessary steps to ensure that your personal information was not disclosed to a third party when you telephoned them on [redacted]

 

From the information we have now received it would appear unlikely that Portfolio Recovery Associates UK Limited Limited has complied with the requirements of the DPA in this case. This is because steps were not taken to ensure the security of personal information that they held when you telephoned them on [redacted]

 

We have written to Portfolio Recovery Associates UK Limited asking them to consider the information we have provided about this case and requesting that they take steps to prevent the situation from happening again.

 

The information we gather from complaints may form the basis for action in the future. However, based on the information provided in relation to this complaint, the Information Commissioner has decided that further action is not required at this time.

 

Finally regarding the letter you received from Mackenzie Hall dated [redacted] I have spoken to them and they have advised me that this was sent to you on the wrong letter headed notepaper and should have been from Portfolio Recovery Associates UK Limited. Both Mackenzie Hall and Portfolio Recovery Associates UK Limited are part of the PRA UK Holding Pty Ltd Group and complaints about both organisations are dealt with by Mackenzie Hall. We do not consider that any personal information disclosed to Mackenzie Hall by Portfolio Recovery Associates UK Limited for this purpose would not be compliant with the DPA.

 

Thank you for bringing this matter to our attention.

 

Yours sincerely

 

[Redacted]

 

I have also escalated the case to the FoS purely to spite them and an investigation is ongoing. I have since heard nothing else from PRA or Mackenzie Hall. Interesting how the ICO decided that by sharing information between brand names was not a breach of the DPA. But the FCA ruled that similar practice by Wonga/QuickBridge was naughty.

 

So in the absence of further letters, emails and calls from PRA and with the case now with the FoS I intend to do nothing until such times as they decide the be silly. That intercom is still broken