Just received letter cofirming of change of bank details from my employer.

Nothing wrong with that but came from a company i have never heard of. It appears my employers HR department has outsourced its postal notification to its employees.

http://www.opustrust.co.uk/

Now did not give my express permission to do this. It seems there is nothing in the Data Protection Act to prohibit this the same way as the DWP use third party work providers.

Looking at a Section 10 notification to cease processing that data to a third party company. That though only if you can show substantial damage or substantial distress

Options please people.

The reason i am not happy is that 10 years ago was subjected to major ID fraud

The DPA allows data to be processed where 'the processing is necessary for the performance of a contract to which the data subject is a party' (http://www.legislation.gov.uk/ukpga/1998/29/schedule/2). I'd think that passing your bank details to a third party payroll provider meets that, as you need to get paid.

It is very common for employees to outsource payroll. To be honest I don't think you have any right to object.

The employer would still be the 'data controller' in respect of your data and is therefore responsible for meeting their other obligations under the DPA, such as making sure the data is held securely and so on.

they are supposed to only outsource to companies that promise to stick to the rules of the DPA in keeping your data safe etc. However, it often goes wrong as like when the baks outsource to places like India and your details get sold on to fraudsters.

I suppose you can bother your employer for details on how this company was chosen and what safeguards they have promised and whether the employer will indemnify you for all costs that you incur as a result of this. If everyone who is employed did this then the cost of answering all of the complaints may outweigh the savings expected from the outsourcing

I think it's worth noting that this organisation appears to be a mass mailer, they just print , stuff the envelope and post the letter. They're not processing beyond that and companies such as these are used by NHS Trusts, utilities suppliers and the government. It's basically an extension of the print function on the HR bod's PC that takes care of the physical act of printing, stuffing and posting usually at a much lower cost than doing it in-house.

If it is any consolidation, most of the large law firms outsource payroll too.

However, it often goes wrong as like when the baks outsource to places like India and your details get sold on to fraudsters.

something like this..

'In 2011, TalkTalk outsourced some of its call-centre work to the Kolkata (Calcutta) office of Wipro, one of India's largest IT service companies. Last year, three Wipro employees were arrested on suspicion of selling TalkTalk customer data...'

http://www.bbc.co.uk/news/technology-39177981