There is much argument about this I recently asked the ICO for a definitive
answer to this and there is not one.
It depends on the view of the data controller as
to what is personal data, the can supply, they
may not supply it and may direct you sect 77/78 of CCA 1974.
I suggest doing both.
Any Letters I Draft are N0T approved by CAG and no personal liability is accepted.
Please Consider making a donation to keep this site running! Nemo Mortalium Omnibus Horis Sapit: Animo et Fide:
I should of mentioned that this is now with a DCA, but after reading some threads it seems if you send a CCA to the DCA ( lol i think there could be a song there) they usualy write back saying they will ask the originator for it.
Do you think its better to send the CCA to the credit company or the DCA?
So would a SAR to a DCA only be of use to show harassment/dates/ownership/who sold to them?
Or are there any other uses?
Would I also be right in saying given the nature of DCAs they would be very economic with details in their reply?
The ICOs reply for a ''definitive'' answer was basically there is not one.
yes, you said.
seems clear to me that it would be p data, following the ICO's own technical guidance/flow chart re 'personal data' linked above. (of course, if a particular original 'agreement' is not 'identifiable' eg (which is unlikely), then it would not be data as defined subject to a SAR! not much odds though, as if there is one it will usually be sent at some point in either case)