Thread: Trying to remove a default from HSBC

Hi Chris, I'm sorry that I do not have the answers to your questions, but hopefully with me giving your thread a liitle nudge to the top, they will be answered.

sorry to rain on your parade chris, i'm in exactly the same position with Abbey. don't bother going to the fos, they took 8 monthe to tell me that theres nothing i can do. even though abbey have said they were unsure of my post code (remarkable, thats the excuse for me not getting a copy of the default) also, amazingly, they sent me a cheque for £60 that was left in the account. this is 12 months after i paid the DCA the full amount owed (apparantly).

Hi Chris and all,

Unfortunately, I think there has been some presumption of information here, so I'm hoping to set the record straight without offending anyone.

As this is a Bank account, there are 2 important pieces of information;

1. The account isn't regulated by Part V of the Consumer Credit Act, as it will be subject to an OFT Determination under s.74 CCA 1974, meaning that it doesn't need to conform to the form/content of Part V.
2. No Default Notice is required for a bank account, but to be able to enforce the debt, the Bank will have to have followed the prescribed process of terminating the "agreement" as outlined in Part VII CCA 1974.

Now, as for 1., you can see my Barclays Bank Default Removal thread for more info, as all the technicalities relating to this issue are described there; (I know you've already read it, Chris, but others will find it useful too)

http://www.consumeractiongroup.co.uk...k-default.html (In Court THIS Friday, if you're interested!)

In short, the Bank will need to be able to show (which is unlikely) that they've complied with the OFT's Determination - to benefit under it, they must be able to show;

1. The creditor shall have informed [the OFT] in writing of his general intention to enter into agreements to which the Determination will apply;
2. That where there is an agreement between a creditor and a debtor for the granting of credit in the form of an advance on a current account, the debtor shall be informed at the time or before the agreement is concluded:
   - of the credit limit, if any,
   - of the annual rate of interest and the charges applicable from the time the agreement is concluded and the conditions under which these may be amended,
   - of the procedure for terminating the agreement;
   and this information shall be confirmed in writing.
3. That where a debtor overdraws his current account with the tacit agreement of the creditor and that account remains overdrawn for more than 3 months, the creditor must inform the debtor in writing not later than 7 days after the end of that 3 month period of the annual rate of interest and charges applicable.

The way most of these things go, is that you apply for an OD, get one, THEN the bank send you the letter - (as has happened in my case) IMHO, this means the Bank CANNOT receive the benefit of the OFT Determination, as they need to have sent the letter PRIOR to you being given the overdraft.

This does get quite technical, but here's how I'd play this; continue with the CCA letters, probably using the ones I sent in my thread, as they've been amended to include the details of how a OD is regulated under the CCA.

You definately need to send a DPA SAR, as you'll need evidence of the termination notice (if one was sent) containing those charges - (hey, why not reclaim those charges as you go along too!) IMHO, a termination notice that contains default charges making it inaccurate is tantamount to a Default Notice being inaccurate for the same reason. (The effect on your credit rating being the same, and the Woodchester ruling having a persuasive effect at least, if not binding in these circumstances)

Basically, they have to prove they've followed the process under the Determination or that they have properly executed the agreement under the CCA - if they can't show any of this, the debt is unenforceable and the Default entry should be removed.

gonna have to chris, want a new bike on credit and i'm stuuffed at the mo. will read up a bit more from cars post and case and see what i can do from there. good luck mate.

Right. Have drafted my next letter (below), much the same as Car's Barclays default (cheers mate ) but tailored a little to my own case. There's a few things I'm not sure about though:

1. Should I send it now or wait until I S.A.R - (Subject access request) them to see what they come up with in terms of the default / termination notice? I think that may be more sensible, but I don't want to lose the momentum so part of me wants to just fire this one off!
2. Also, the part where I mention the balance including penalty charges. Would it be best to leave this out for now until after the test case perhaps?
3. Do I send this letter to the same address as before, i.e. my branch address. Or to the Service Quality Team address as with the SAR?

As always, any advice would be appreciated.

Cheers

Chris

Dear Sir/Madam,
Re: "Default” showing on Credit File

With enclosure:
Formal notice to desist from processing or disclosing personal subject data, without consent or permission, under the
Data Protection Act 1998



I refer to my letter dated 15 January 2008, which was delivered to you, via Royal Mail Recorded Delivery, on 17 January 2008, and your responses to this letter dated 31 January 2008, 7 February 2008 and 7 February 2008 (via Metropolitan Collection Services. As you are aware, I have recently conducted an audit of my personal credit report supplied by Equifax. It is noted that there exists, within this file, a Default entry referenced as “HSBC Bank PLC” indicating a Bank account with a Default balance of £XXXX.XX.

In my letter, I made a request for a copy of the signed, executed credit agreements and true, certified copies of the original signed default notice for the above account under s.78(1) of the Consumer Credit Act 1974, as amended. In addition, a statement of account should be sent along with any other document referenced in the credit agreement. You have failed to fully substantiate information relating to any of the questions put to you in the original letter. I now intend to outline this failure, taking each of these issues in turn;

Failure to provide a copy of the signed, executed credit agreements;

Firstly, looking at the Default registered, as outlined above – I note from your reply via MCS on 7 February 2008 that;

“[You] are unable to provide a copy agreement and default notice, as the above outstanding balance relates to a managed bank account, and is not regulated under the Consumer Credit Act 1974.”

I must draw your attention to s.10 of the Consumer Credit Act 1974, as amended:

“10 Running-account credit and fixed-sum credit;
(1) For the purposes of this Act—
(a) running-account credit is a facility under a personal [consumer] credit agreement whereby the debtor is enabled to receive from time to time (whether in his own person, or by another person) from the creditor or a third party cash, goods and services (or any of them) to an amount or value such that, taking into account payments made by or to the credit of the debtor, the credit limit (if any) is not at any time exceeded; and
(b) fixed-sum credit is any other facility under a personal [consumer] credit agreement whereby the debtor is enabled to receive credit (whether in one amount or by instalments).
(2) In relation to running-account credit, “credit limit” means, as respects any period, the maximum debit balance which, under the credit agreement, is allowed to stand on the account during that period, disregarding any term of the agreement allowing that maximum to be exceeded merely temporarily.
(3) For the purposes of section 8(2) [paragraph (a) of section 16B(1)], running-account credit shall be taken not to exceed the amount specified in that subsection [paragraph] (“the specified amount”) if—
(a) the credit limit does not exceed the specified amount; or
(b) whether or not there is a credit limit, and if there is, notwithstanding that it exceeds the specified amount,—
(i) the debtor is not enabled to draw at any one time an amount which, so far as (having regard to section 9(4)) it represents credit, exceeds the specified amount, or
(ii) the agreement provides that, if the debit balance rises above a given amount (not exceeding the specified amount), the rate of the total charge for credit increases or any other condition favouring the creditor or his associate comes into operation, or
(iii) at the time the agreement is made it is probable, having regard to the terms of the agreement and any other relevant considerations, that the debit balance will not at any time rise above the specified amount.”

In your response, by assumption, you are advising that this default is in relation to an overdraft with HSBC and you state that the account “is not regulated under the Consumer Credit Act 1974”. As you can see by virtue of s.10, above, overdrafts are, indeed, regulated consumer agreements and therefore fall within the remit of the Consumer Credit Act 1974, as amended - as “running account credit”. Therefore - as you have no legally enforceable agreement - I contend that this debt is unenforceable under the Act, as a result. I also contend that there is no requirement to serve a Default / Termination Notice, for the same reason.

Finally, in relation to this account, I contend that the default registered is unlawful and illegal as it isn’t supported by either;

1. An agreement, regulated by the Consumer Credit Act 1974, (as amended) in which you can seek to enforce the agreement by “Defaulting” the account and registering such default against my credit file. Any reliance on the CCA to “Default” me in this way will therefore fail, as you do not have a properly executed regulated agreement under that Act. Or;


2. A prescribed “default” or “termination”, under the Consumer Credit Act 1974, (as amended) in which you can enforce this alleged agreement – as there is no regulated agreement, you can not rely on the Act’s terms to “default” or “terminate” the account.

I would also like to draw your attention to the fact that the default balance is made up, at least partially, of unlawfully applied penalty charges, making the default amount and, therefore, the entire default invalid.


I now contend that this debt is “unenforceable”, and the alleged contract is now “void” and in dispute. As such, I will not be sending further payment in relation to this account and I will consider any further attempt to collect the outstanding balance from you an act of harassment. I will also use these arguments as a complete Defence to any attempt to enforce these debts in Court, or via any other method.



I will now also contest that HSBC’s continued processing of my data is an unwarranted act and I enclose a Statutory Notice to that effect, which is deemed served as of the date noted on the Royal Mail's Recorded Delivery service audit.
My written permission allowing HSBC to continue processing, or disclosing, my personal subject data, does not exist. I also dispute HSBC’s “Defaulting” of my account, which is visible on my Credit Reference files, for the reasons outlined above. I, therefore, consider that any default appearing on my credit files in relation to these alleged agreements to be wholly unwarranted and unlawful.
As you are aware, I am afforded principled rights under the Data Protection Act (Data Protection Act), Schedule 1, Part 1 ("The Principles") in relation to the manner in which my data is collated, stored and processed. Of particular note, are Principles 3, 4 and 5:

“3. personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

4. Personal data shall be accurate and, where necessary, kept up to date.

5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.”

In my case, HSBC is processing data without my consent. Consent in this case meaning the lawful right to process my data, with my permission, with the Credit Reference Agencies – that information being “publicly available”.

This is confirmed in Principle 2 of the Data Protection Act, which states:

"2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes."

I emphasise the term "specified and lawful purposes" as in ‘those specified within the contract’, and no more. I also emphasise the term "shall not be further processed".
After scrutiny of all the relevant legislation, including the Consumer Credit Act (As Amended), the various Financial Services Acts and the Data Protection Act, etc., it is clear that there is absolutely no legislation that allows a lender or supplier (e.g. HSBC) to collate, process or distribute any other information unless there is express written permission from the data subject.

In fact, Section 10 of the Data Protection Act awards the real authority, regarding privacy of data, to the data subject, not the Data Controller. The Act is also very clear as to the rights of the data subject in respect of withdrawing permission to continue data processing and disclosure:

“10. - (1) Subject to subsection (2), an individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject, on the ground that, for specified reasons-
(a) the processing of those data or their processing for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another, and
(b) that damage or distress is or would be unwarranted.”

However, there is some exclusion provisions for Data Controllers, and Section 10 does continue with various exceptions to subsection (1) above, and these are quoted, in full, below:

“10. - (2) Subsection (1) does not apply-
(a)in a case where any of the conditions in paragraphs 1 to 4 of Schedule 2 is met,
or;
(b)in such other cases as may be prescribed by the Secretary of State by order.”

To paragraph (b), I can only presume that HSBC has not applied to HM Secretary of State for an order allowing you an exclusion, which leaves HSBC with the only remaining possibility of requesting an exemption under paragraph (a).

So, we must turn to the exemptions permitted in paragraph (a) to find where HSBC’s Data Controller may invoke his/her perceived exemption to the Data Protection Act, namely, those listed in paragraphs 1 to 4 of Schedule 2. I have reproduced these exemption paragraphs, in full, below:

“1. The data subject has given his consent to the processing.
2. The processing is necessary-
(a) for the performance of a contract to which the data subject is a party, or
(b) for the taking of steps at the request of the data subject with a view to entering into a contract.
3. The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract.
4. The processing is necessary in order to protect the vital interests of the data subject.”

It is my contention that HSBC’s supposed right of obtaining an exemption is not contained within any of these paragraphs. I have followed each in turn with my notation to give a clearer explanation, should there be any lack of clarity.

1. The data subject has given his consent to the processing.
That consent, as no legal agreement exists, therefore, also does not exist.
2. The processing is necessary-
(a) for the performance of a contract to which the data subject is a party, or
(b) for the taking of steps at the request of the data subject with a view to entering into a contract.
For both (a) and (b), there is no contract in existence.
3. The processing is necessary for compliance with any legal obligation to which the data controller is subject, other than an obligation imposed by contract.

According to the Information Commissioners Office (I.C.O.), exemption 3 includes all other statutory obligations for which the interests of national security and welfare override personal privacy.

These obligations allow for the provision of data to Official agencies and organisations, e.g. disclosure to crime prevention agencies (Police, Intelligence Services, etc), official Government agencies (DVLA, DSS, Passport Agency, etc.) and health authorities, etc., and for any other purpose not agreed within a civil contract.

We know that the three major credit reference agencies are not Government bodies, nor official agencies, but are “for-profit” companies - even though they like to think they are official. None of these three agencies are listed in the appropriate Data Protection Act Schedule that names the specific organisations that are permitted any such exemption rights.

4. The processing is necessary in order to protect the vital interests of the data subject.”

With reference to the I.C.O. again, this is interpreted as “anything that affects the data subject as a matter of life and death”. This clause is included in the Data Protection Act to permit data, like medical records or contact details, being disclosed in emergency situations. I do not believe that this case could be described as anything like a matter of life or death.

So, it is clear to see that there is neither statutory provision permitting HSBC’s Data Controller to assume continued processing rights of my data at his discretion, nor any exemption. I can then only assume that HSBC is relying on the Common Law – as already discussed, above, no such contract is in existence.

You are also, no doubt, aware that any non-agreed disclosure of personal data to third parties, without express written permission, is a criminal offence under Section 35, of the Data Protection Act.

In summary, in relation to this query, I am formally instructing you, as an authorised officer of HSBC, from this day onwards, to:

1) Cease to continue storing, processing or communicating my data; (s.10 Data Protection Act)
2) Remove all such data from automated process systems, as per the provisions of Part II, Section 12 (1) of the Data Protection Act, namely: (s.12 Data Protection Act)
a. “An individual is entitled at any time, by notice in writing to any data controller, to require the data controller to ensure that no decision taken by or on behalf of the data controller which significantly affects that individual is based solely on the processing by automatic means of personal data in respect of which that individual is the data subject for the purpose of evaluating matters relating to him such as, for example, his performance at work, his creditworthiness, his reliability or his conduct.”

Of particular note is the Acts own term “his creditworthiness”;

3) Cease to disclose any data relating to the agreements in question, or any other data relating to the Data Subject, to any third party including, but not restricted to, Equifax plc, Experian Ltd and Callcredit plc; and
4) Instruct Equifax plc, Experian Ltd and Callcredit plc to remove all data pertaining to your records on me, to the extent that no data entry in relation to Barclays will exist on my credit files.

You should be aware that you have, by statute, twenty-one days in which to either comply with my Notice, or give written notice stating your reasons and why you consider the Notice unjustified.

Any failure on your part to adhere to these statutory timescales will automatically be interpreted as your non-compliance with the legal procedure. In that case, you will be expected to unconditionally comply with my Statutory Notice or I shall have no alternative but to refer the matter to Information Commissioners’ Office, or the Court to seek an Order to that effect. Should it become necessary to refer the matter to the Court, then I shall also apply for Court fees and legal costs against HSBC. I shall also reserve the right to seek redress for damages as per the remit of the Data Protection Act, this including (but not being limited to) damage as a result of defamation of my character and damage as a result of having to pay higher rates of interest on loans and credit cards as a direct result of incorrectly recorded financial information due to HSBC’s negligence.

I trust that I have made my position clear, and that HSBC will now make a serious effort to understand its legal obligations and effect the changes I requested, within the timescales provided.

In any event, I shall expect a written confirmation from you acknowledging the contents of this letter within 5 working days, as per the Banking Code.

Yours faithfully,


Chris Wylie

Statutory Notice pursuant to s.10 and s.12 of the

Data Protection Act 1998.

Data Subject Notice;

To: The Data Protection Officer or Data Controller, HSBC Bank PLC

Data Subject: Chris
Address:

Subject data: "Default” showing on Credit File and processing of information relating to the Data Subject with third parties, both without consent, relating to the Data Subject

The recording of “Default” information by HSBC, without my consent, against my credit file without having an agreement regulated under the Consumer Credit Act 1974, (as amended) or a legal contract, or any processing by you of that data, in any manner, which would be unfair or inaccurate or which in any way, would breach The Data Protection Act 1998.

Therefore, take notice that I require that you cease from processing within twenty one days of the receipt by you of this Statutory Notice, or else that you do not begin to process any personal data of which I am the subject insofar as that processing involves the communication or passing of personal data of which I am the subject to any third party and insofar as the said data relates wholly or in part to the implementation by you of alleged defaults or contractual breaches or breaches contrary to The Common Law.

This Notice is given on the grounds that the processing or continued processing by you of the said data will be likely to affect my credit rating and my reputation and cause substantial damage and/or substantial distress to me and my family members in addition to that which has been caused to date. And that as the processing of the said data in the way referred to in this Notice would violate both the Principles and Data Subject’s rights of The Data Protection Act 1998, to do so would be both unwarranted and unlawful.

Signed,




Chris


Dated this, the 12th day of February, in the year two thousand and eight.