Virgin, mystery extra line: 2 judgments for Data Protection breaches - so far!!

[BankFodder]

Well they've had two clear extensions in response to the very minor communications they made with you – so maybe it's time to issue the next claim.

I suggested that this time is over £600 which will allow you to put the sheriffs in – but I can't imagine that this one will go as quietly as the others. I suppose I feel a bit nervous about putting in a claim for that value – I feel rather daring about it.

On the other hand, it doesn't do any harm to put that size of claim in – except that if you lose (unlikely) or if the amount you are claiming is reduced (extremely possible) then you may take a loss on the expenses incurred bringing the claim.
On the other hand you would still be quids in overall.

It seems to me that as all the efforts we have made so far to try and move them into some kind of action have come to nothing, maybe is the time to make this claim for a dramatic sum. The cost of enforcement using the sheriffs are typically about £2000 – to be borne by the defendant.
You would have to instruct the sheriffs on a no-enforcement-no-fee basis – which is absolutely the normal. You instruct sheriffs by going to the website of one of the many companies and then start the process directly. The County Court judgement has to be transferred-up to the High Court and I think it costs about 60 or 70 quid which you get back if the enforcement is successful. If the enforcement fails then that is the extent of your losses.

[BankFodder]

By the way, the next step in this as I see it will be to prepare a case and to issue a claim for their breach of statutory duty in respect of the inaccurate processing of your data – on the basis that you have made substantial enquiries and they are unable to show any evidence that you have had any dealings with them in respect of this handset or the associated account.

Also a breach of contract and that they must have applied the data which they legitimately hold about you in respect of the legitimate account to the mystery account in order to be able to set it up and to use your address and your credit details to contact you and also to blight your credit file.

They would be bound to defend this and they would have to supply some credible evidence. Whatever evidence they supplied – but which they hadn't provided as part of SAR would simply compound their data protection breach.
One would hope that they suddenly became aware of the problem and in order to stop the proceedings going any further, would start talking to you about a substantial compensation as well as deleting all trace of this – but I think it would have to come with an admission of liability and not simply a without prejudice gesture of goodwill.

That's the plan – but nothing else has gone to plan – so why should this?

 

[BankFodder]

No it doesn't. But does the 50 quid difference affect anything? Other than just a feeling about it?

In fact I was going to suggest £610 to make sure that you are well over the threshold – but as I say, I feel as if I'm being a bit daring about it. It's a crazy figure to go for – but on the other hand, the objective is to get them to wake up

I imagine that the reason they sent the note round in a car was because they realise that they were at the deadline.

[BankFodder]

Quote

Claim amount	Paper form fee	Online claim fee
Up to £300	£35	£25
£300.01 to £500	£50	£35
£500.01 to £1,000	£70	£60
£1,000.01 to £1,500	£80	£70

 

Hearing fee

Quote

 

 

[BankFodder]

Quote

The claimant submitted a valid Data Protection Subject Access Request to the defendant on XXX date. The claimant has unilaterally extended the compliance date on two occasions but despite this, the defendant has not made a complete disclosure and is now in breach of their statutory duty. The defendant is fully aware and has acknowledged the claimant's complaint on several occasions. This is a continuing failure by the defendants of their statutory data protection obligations and have already breached two previous subject access requests and in respect of which County Court judgements have been awarded against them. The claimant has been put to great trouble and has suffered enormous distress as a result of the defendant's failure to provide the personal data which they hold about him and his account. In view of the time extensions granted to the defendant, the claimant's distress has continued for a considerable time and accordingly the claimant seeks damages of £610 plus costs.

Something like this?

[BankFodder]

Well I'm pleased it wasn't me who suggested the split infinitive - 

[BankFodder]

Amazing.

They seem to pay out without blinking – you don't even get a letter of protest.

Maybe we ought to go into the SAR business. If we sent one every couple of months and a couple of hundred quid a time – it would be some useful spending cash.
 

I hope that the cheque has gone some way to relieving the distress caused by the nondisclosure

[BankFodder]

The clock keeps ticking....

[BankFodder]

Interesting. I'd suggest that you tell them that you won't do anything on the telephone and that everything must be in writing and that meanwhile the clock is ticking and the timeline is nonnegotiable

[BankFodder]

Also they must understand that the SAR failures – including the present one – are distinct from the substantive issue of the misuse of your account details, the setting up of a mystery account, the trashing of your credit file, sharing of your personal data with third parties (yet to be verified by an SAR) – the actual damage and reputational damage caused by that as well as the distress caused by that.
They need to understand that these all issues of inaccurate/unlawful processing of your personal data.

They must not confuse the issues or the compensation.

Also, I'd advise that in any negotiation you tell them at every step that you will come back to them – and then we can discuss it here.

I'm trying to figure out what it's all worth and am wondering whether £5000 is achievable in addition to complete deletion of all data, a written admission and explanation. The problem is that we don't know yet with whom they have shared this data. That's another thing we need to find out

[BankFodder]

I would suggest that if they come up with an offer – that of course, it must include full deletion of but also we need to know who they have shed the data with and they will have to delete and correct everything.

 

In any contact now, best to insist that the conversation is limited to the question of the ongoing SAR.

I think they need to understand that you are not in a position to discuss anything else or to negotiate anything else until you have seen all the information you need so that you are on an equal footing with them. They are perfectly informed. You are imperfectly informed.

Once we understand exactly what has happened and have seen all information, then you are in a position to discuss with them how the matter will be handled.

If it is clear that they have inaccurately/unlawfully process your data then this itself is a breach. I will say that the way forward is to issue proceedings on it once we understand the situation, and then be prepared on certain conditions to allow them to sign the Tomlin order which if they comply completely with the conditions laid down, would prevent the matter going through to a judgement.

The Tomlin order would basically means that they would know that a judgement would be hanging over their heads and it will be up to them to address everything properly in order to avoid judicial scrutiny of their behaviour

[BankFodder]

In case you get a judgement on this one

 

https://thesheriffsoffice.com/

 

https://thesheriffsoffice.com/instruct-us/instruct-us-money-judgment

 

and don't hang around

[BankFodder]

I have a feeling that it is straight days – but keep on checking with money claim and when they lift the gate then you know it's the time to go for judgement.

How amazing

 

[BankFodder]

Well I suppose this revenue stream was a bit too good to last.

I suppose you had simply better keep an eye out. You never know they might miss the deadline for filing a defence.

If they do file a defence it will be interesting to see on what basis they are doing that.

Maybe they are starting to engage and the mystery will begin to unravel

[BankFodder]

The DQ is the directions questionnaire.

The "bar" prevents you from applying for judgement.

So this means that a defence is on its way to you and you should receive it very soon. When you do receive it then please will you post up in PDF format. It will be very interesting to see what they say.

 

[BankFodder]

Will have a look but please could you try to get them into PDF format using a telephone app – Adobe Scan. If you don't have an ordinary scanner then that will probably do the trick.

[BankFodder]

I've had a quick look.

It certainly seems to me that their defence has nothing to do with your claim. They seem to be basing the defence on the substantive issue which as far as I know you haven't raised with them in any claim at all.

To save everyone going back again, maybe you could just post up your claim for us to see please.

As you say, the defence predates the claim –!!! Incredible.

Secondly, they seem to be saying that you haven't followed any pre-action protocol – and so far as I am aware, you certainly have.

Thirdly they don't seem to have addressed the point of your claim which is that they are in breach of your subject access request.

Is there anything I've missed?

Also, is there anything useful in what they say that points to documents which you haven't received at all in previous SARs?

Any other points that they make?

I'm going to ask you to perform an exercise with this – and the approach might come in useful in the future.

If you could open up a Microsoft Word document – tabulated into columns.

In the first column, please could you reproduce each paragraph that they have presented in the defence and in the right-hand column please can you put your comments in respect of that particular paragraph.

I think that will make it much easier for us to see exactly where we are – and as I say, I think this will be a useful approach later on.

[BankFodder]

So, any comments?

Also, have they inadvertently let slip anything which helps us to understand the substantive issue of the mystery phone? Have they made any inadvertent admissions?

[BankFodder]

Thank you.

The two CCJs are not relevant to this. They don't form part of the pre-action protocol for this particular action.

The rest of it is interesting and we will have to think about it.

What is very interesting is that they've identified the store where the phone was sold. Can you please tell us where store was and also send them an SAR. I think this SAR can relate quite specifically to this particular account/phone.

If this means that for the first time they have identified the store – this means that this information has been missing in respect of previous SARs. That itself is evidence of a breach of the data protection rules.

I think that the fact that the Sim card has been used or not used is irrelevant. Not having been used is not evidence that you didn't order it. It is any evidence that you never used it.

In terms of this signed credit agreement – is that something which you have seen previously as part of previous statutory disclosures?

The final part of your post relating to change a signature – I don't fully understand the moment.

Also, please could you attach your tabulated file so that we can actually see your responses to the point they are making in the defence.

You haven't addressed the point that I made that their defence doesn't seem to respond at all to your claim. Is this correct?

[BankFodder]

Also, we have to be careful to separate issues which relate to their failure to respond to your SAR – and which is the substance of your most recent claim – from the other information that they have provided in the defence which has nothing to do with this statutory breach claim.

We must be very careful to keep these completely separate. They obviously have not appreciated the distinction between the two issues and we can use this to our advantage

 

I now understand the point that you are making about signature.

You are suggesting that if there had been an agreement originally it would have been signed with your old signature. You changed your signature – can you please give us the date – and also can you please explain what prompted you to change your signature and why you are so aware of the date.

What you are saying now is that they have supplied an agreement which apparently is signed by you but which bears the signature which you were not using at the time. The inference is that the document has been deliberately forged.

This is an extraordinary and very dangerous allegation. We have to be very careful

 

[BankFodder]

Here is the particulars of claim which I believe you filed – which I have taken from your post dated 18th of March

 

Quote

'The claimant submitted a valid Data Protection Subject Access Request to the defendant on XXX

Despite being fully aware of this and acknowledging the claimant's complaint on several occasions,the defendant has failed to submit a complete disclosure. The claimant has extended the compliance date twice with no effect. 

This is a continuing failure by the defendants of their statutory data protection obligations, who have already breached two previous subject access requests and as a result have had County Court judgments awarded against them.

As a result of the defendant's failure to completely provide the personal data held about him and his account,despite being granted two time extensions,the claimant has been put to great trouble and has suffered enormous distress which has continued for a considerable time,and according the claimant seeks damages of £610 plus costs.'

 

[BankFodder]

Am I right that their defence makes absolutely no reference to your present claim for non-compliance with your SAR – except for a reference to the damages you are claiming?

In other words, there is no denial at all that they failed to comply with your statutory request.

Also, could you just confirm the date that you supplied the SAR so that we can get rid of the XXX above

[BankFodder]

I have three burning questions.

you say that they have identified the shop where the mystery handset/account was set up. It's in Exeter you say but it is now closed down.
Do you happen to know the date that closed down?

Is this where you bought your own legitimate handset?

 have any of the SARs produced your own legitimate subscription agreement?

 

[BankFodder]

Okay. Here is my view as to what has happened.

There was a rogue employee who accessed your personal details – and maybe the personal details of other people to set up fake accounts and to steal the telephones.

 

[BankFodder]

Presumably this is in response to the DQ – but I wasn't aware that you have to file a reply to a defence in a DQ