Written by John Kruse, one of the leading experts on Bailiff Law, this consumer friendly guide is essential reading for anyone who comes into contact with a bailiff.
The book is easy to understand and clearly explains the rights
a bailiff has, and also what they cannot do when collecting debts and repossessing goods etc.
a jacuzzi with Bananarama. I have not lived in Bolton since 1986
Posts
6,823
Barclaycard SAR Non-compliance defence in full
Here are my PoCs and Barclaycard's defence in my claim against Barclaycard for non-compliance of my S.A.R - (Subject access request) of last October.
I have now recieved all the data I requested and all that remains is my claim for damages. Maybe I should quit while I'm ahead? £200 is pushing it a bit! The full hearing is on May 15.
Barclaycard have offered to pay my Court fee of £36.
I have offered to accept my statements from 1986 in lieu of damages claimed. They have told me that these are not available as they only keep copy statements for a period of 6 years. They have not said that this data has been destroyed.
PARTICULARS OF CLAIM
1. The Respondent is a Data Controller within the meaning of the Data Protection Act and is responsible for the processing of data of which the Applicant is a Subject.
2. The Applicant had an account number XXXXXXXXXXXXXXXX("the Account") with the Respondent which was opened on or around December 1999
3. On 4 October 2006 the Applicant sent a Subject access request, pursuant to Section 7 of the Data Protection Act 1998 to the Respondent .
4. The Respondent has failed to comply, despite being directly instructed to do so by the Information Commissioner on or around 4 January 2007.
5. By virtue of the Respondent's failure to comply with the Subject Access Request the Applicant has suffered damage.
6. The damage caused is:
Extra costs incurred in addition to Court costs, due to the Respondent’s failure to comply- this includes the cost of additional correspondence and time spent preparing documents and seeking legal advice. I estimate this cost to be £200.
7. The Applicant seeks an order that the Respondent do comply with the Applicant’s Subject Access Request
8. Under the terms of Section 15(2) of the Data Protection Act 1998, where the Respondent contests that information requested under the Applicant’s Subject Access Request is not included within the scope of Section 7 of the Data Protection Act 1998, the Applicant requests that the Court inspects that information, and where it finds that the Respondent's opinion is unfounded, that it orders such information be included within the information supplied to the Applicant under his Subject Access Request.
9.The Applicant notes that, in the view of the Information Commissioner, it is likely that the respondent has contravened the sixth data protection principle, as this requires data controllers to process personal data in accordance with data subjects right’s.
10. Applicant claims:
(a) £200 extra costs incurred in addition to Court costs due to the Respondent’s failure to comply with the Applicant’s Subject Access Request.
b)£6.56 interest under the 1984 county court Act rate of 8%, increasing at a daily rate of £0.05 per day until settlement.
11. Settlement to be made in the form of cleared funds drawn on a cheque or banker’s draft, to be received within 7 days of decree.
12. Damages and costs within the discretion of the Court.
I believe that the contents of these particulars of claim are true
Signed:
Date:
Barclaycards defence. James, Boston & Sullivan, Solicitors, Belfast.
1) Save for any admissions made in this defence, Claimant's Claim is denied and the Claimant put to Strict Proof.
2) As regards paragraph 1 of the Claimant's PoC, no admissions are made.
3) It is admitted that the Claimant has a Barclaycard account with the Respondent.
4) As regards paragraph 3 of the Claimants PoC, it is admitted the claimant made a SAR to the Respondent of copies of statements of his account, some of which were dated prior to May 2004. The Respondent supplied and is willing to to supply copies of statemenst from May 2004 onwards for a fee not exceeding the prescribed maximum under the Data Protection Act 1998 of £10. However for statements dated prior to May2004, the Respondent advised the Claimant that a charge of £3.00 was required for each statement due to such statements not being held in a relevant structured filing system within the meaning of the DPA 1998 (the Act)
5) As regards paragraph 4 of the Claimant's PoCs, the respondent denies being directly instructed by the Information Commissioner to comply in or around 4 Jan 2007. Furthermore. in the alternative if the Respondent was instructed by the Information Commissioner to comply in or around 4 han 2007 (which is denied), the Respondent would intend that it has complied.
6) As regards paragraph 5 and 6 of the Claimant's PoC, these are denied by the Respondent and the Claimant is put to Strict Proof. It is denied that the Claimant has suffered damage; and that the Respondent would put the Claimant to Strict Proof as to his alleged loss and the steps taken to mitigate the alleged loss. The Respondent will contend that it complied with the Claimant's SAR and is willing to supply copies of the statements prior to May 2004 for payment by the Claimant of the required fee. The Respondent will contend that in the circumstances it is not liable for for extra costs set out by the Claimant as alleged at all and that such costs are unreasonable and the Claimant is not entitled to such alleged costs.
7) As regards Paragraph 7 of the Claimants PoC, it is denied that the claimant is entitled to an order. The Respondent will contend inter alia that the Claimant's SAR as regards provision of copy statements prior to May 2004 falls outside the scope of section 7 the Act.
8) As regards paragraph 8 of the Claimant's PoC, no admissions are made by the Respondent. The Respondent will contend that the Claimant's SAR as regards provision of copy statements prior to May 2004 falls outside the scope of section 7 the Act.
9) As regards the Claimant's particulars in paragraph 9, the Respondent denies that it has contravened the Sixth Data Protection Principle and puts the Claimant to Strict Proof in support of such an allegation.
10) As regards paragraph 10 (a) and (b) of the Claimant's PoC, the respondent reapeats paragraph 6 of this defence, namely that the Respondent denies that the Claimant has suffered any loss as alleged or at all and put the Claimant to Strict Proofs of any allegations of loss or damage and also as to what steps have been taken to mitigate any alleged loss or damage.
11) As regards paragraph 11 of the Claimant's PoC, the Respondent would contend that such settlement method pleaded by the Claimant is unreasonable and should not be granted by this Honourable Court.
12) As regards paragraph 12 of the Claimant's PoC, the Respondent would contend that the discretion of this Court should not be exercised since it is contended that the claimant's claim is groundless and he has suffered no loss or damage.
Also A couple of Glenn's will be useful to you - Glenn v Abbey and Glenn v Coop I think.
Please remember to DONATE! Help CAG keep up the fight!
Any advice or opinion is offered informally & without liability. Use your own judgment and if in doubt seek advice of a qualified and insured professional.
a jacuzzi with Bananarama. I have not lived in Bolton since 1986
Posts
6,823
Re: Barclaycard SAR Non-compliance defence in full
Well sent the ICO a copy of Barclaycard's defence and within minutes had an email back from the caseworker to tell me she had been in contact with Barclaycard who have once again promised to provide the statements.
Reference RFAXXXXXXX
Dear Noomill060
I am writing in response to the emails you sent to my colleague, Matthew Negus, regarding the Subject access request made to Barclaycard.
As a result of your correspondence I have contacted Barclaycard who informed me that they were not aware that you were missing any statements.
However I have provided them with the list of missing statements that you included in your email received earlier on today and they have confirmed that they will request these statements for you again and will ensure that they are sent to you as soon as possible. They have confirmed that they do not expect any fee for this.
I will contact you again once I have received confirmation from Barclaycard that the missing statements have been sent.
Yours sincerely
Laura Hennessy
Casework and Advice Officer
Re: Barclaycard SAR Non-compliance defence in full
HI Noomill060
Hephalump here long time no talk. Got 6 years back statements for one account hooray!!! But had asked for ones on another account which became redundant last year and have been told noway can I GET THEM AS THEY HAVE CHANGED THEIR SYSTEM-don't know where to go with this. Any ideas?
Re: Barclaycard SAR Non-compliance defence in full
Sorry to hijack this thread. I am sending lba to Barclays for non-compliance of DPA. I will then go to court and issue N1 for non-compliance. However,
I am asking for details of TWO a/cs; an old Barclaycard and a closed student a/c. How will this affect my N1, do I need to file two N1s, one for each a/c?
Re: Barclaycard SAR Non-compliance defence in full
My SAR requested details for both closed a/cs. I gave the a/c number for the Barclaycard a/c and as much detail as I had for the old closed student a/c.
I sent one cheque for £10 as I understand that this is all I need to provide for disclosure of all information on me held by this organisation.
Re: Barclaycard SAR Non-compliance defence in full
Originally Posted by noomill060
But make an official complaint to the Information Commissioners Office as well. They will take action against them.
My Woolwich (owned by Barclays) S.A.R - (Subject access request) was ignored and Barclays is now facing some serious compliance action from the Information Commissioners Office.
Noo, yes I have stated in my lba to Barclays that I will be both going to court and begining a complaint to the ICO.
Please can I ask one more Q here? Anticipating my POC and naming the two accounts, how would I list these?:
2. The Claimant (has/had) an account number (Insert Account Number) ("the Account") with the Defendant which was opened on or around (Insert date) (and closed on or around (Insert date)).
Would I put a/c XXXXX and then refer to the unknow a/c number for the Student Account?
Hmnnnnn?
a jacuzzi with Bananarama. I have not lived in Bolton since 1986
Posts
6,823
Re: Barclaycard SAR Non-compliance defence in full
You could simply say that
2. The Claimant (has/had) two accounts number (Insert Account Number) ("the Accounts") with the Defendant one of which was opened on or around (Insert date) (and closed on or around (Insert date) The second account was opened on or around (insert date) Applicant is unable to recall the number of the second account).
The Data Protection Act refers to all personal data held on you by organisations, the fact you cannot recall the account number isnt really relevant. Your name and date of birth will suffice
Re: Barclaycard SAR Non-compliance defence in full
Originally Posted by noomill060
You could simply say that
2. The Claimant (has/had) two accounts number (Insert Account Number) ("the Accounts") with the Defendant one of which was opened on or around (Insert date) (and closed on or around (Insert date) The second account was opened on or around (insert date) Applicant is unable to recall the number of the second account).
The Data Protection Act refers to all personal data held on you by organisations, the fact you cannot recall the account number isnt really relevant. Your name and date of birth will suffice
Thank you very much for this Noo, it will do nicely Had a busy day today, nice win from cap one from my N1 (blows smoke from her gun) watch out Barclays, here I come ...
The data controller is entitled to ask for a fee of £10 and two further pieces of information. Firstly, the data controller must satisfy himself that the person making the request is, in fact, the data subject. The use of a Subject access request form is advised, since the greatest breach of a data controller's security is for the data controller to satisfy a Subject access request made by a person impersonating the data subject. The use of the form goes towards proving that the data controller has adequate identification and verification procedures in place. Secondly, the data controller is entitled to ask the data subject for further information to enable the data controller to locate the information which that person seeks.
When the last of these three pieces of information has been obtained, the forty day period starts to run. It is advisable to put procedures in place to ensure that the receipt of the request and the further information is correctly dated so that an organisation knows how long it has to satisfy the subject access request.
Requirements
A data controller is not obliged to supply any information under subsection (1) unless he has received-
a) a request in writing, and
(b) except in prescribed cases, such fee (not exceeding the prescribed maximum) as he may require MAX £10
(3) A data controller is not obliged to comply with a request under this section unless he is supplied with such information as he may reasonably require in order to satisfy himself as to the identity of the person making the request and to locate the information which that person seeks.
10) "the relevant day", in relation to a request under this section, means the day on which the data controller receives the request or, if later, the first day on which the data controller has both the required fee and the information referred to in subsection (3).
Where to send
The DATA CONTROLLER is on record with the Information Commissioners Office, usually based at the Head office of the Bank.
You need to send the Subject Access Request addressed to
DATA CONTROLLER BANKS HEAD OFFICE ADDRESS
(Excluding Clydesdale and Yorkshire Bank) - Send to Leeds Address
* Misconception is that you can send it to your branch. This is not where the data controller is registered - so if you do or have done, then allow for the mail to reach the right person - i.e max 7 days.
Postage
Ensure you keep proof of postage!
Can I claim on a closed account?
Yes. When claiming on a closed account - try to put in the Branch that the account was opened at - your address at the time of opening the account - the account number if you have it (you do not need to have this!) or any other details so they can locate information about the account.
What happens if the 40 days are up
If you sent the letter to the data controller - wait 47 days. This gives ample time for the data controller to have identified you.
Then send the letter of non compliance as the link below shows and ensure again it is addressed to the DATA CONTROLLER.
I have allowed all the time it is now 57 days, what can I do.
You can file against them for non compliance and have allowed ample time for them to comply. They are definately in breach of the act and as your claim cannot begin till the statements arrive, it is important to wait till this time before filing.
You are then deemed reasonable to take court action as at 40 days from identification your information by law should have been with you. You have now allowed a reasonable period of time and can either make a complaint to the commissioners office.
YES - you can claim this back from the Bank for non compliance.
Can I claim costs for my time and inconvenience?
YES - for the inconvenience of having to file, looking for information and time taken to complete the form, find your rights, contact the bank to this point and the general cost of expenses of printing etc. £20 -£25 is reasonable as the cost of a litigant in person is £9.25 per hour.
What if they defend and say the information was not available?
We all know that the information and all data is kept electronically. The Bank may argue this point, however if you received bank statements, then the data is available or if you banked on line.
The only time when they are exempt from providing the data is if they don't have it, which may be down to wording - of the SAR so ask for help if they try to defend.
Defence such as not available in permanent form is not acceptable in that banks run fully operational computer systems! So ask if in doubt with their avoidance of giving you information if they defend.
Hope this helps.
CJ
To read more about the Information Commisioners Role
Under the Act it clearly stated that the Data Controller has 40 days in which to comply. This is 40 days from the date that they identify you as the Data Subject.
*Misconception is that it is the date they receive the letter
Sorry, not quite.
The data controller is entitled to ask for a fee of £10 and two further pieces of information. Firstly, the data controller must satisfy himself that the person making the request is, in fact, the data subject. The use of a Subject access request form is advised, since the greatest breach of a data controller's security is for the data controller to satisfy a Subject access request made by a person impersonating the data subject. The use of the form goes towards proving that the data controller has adequate identification and verification procedures in place. Secondly, the data controller is entitled to ask the data subject for further information to enable the data controller to locate the information which that person seeks.
When the last of these three pieces of information has been obtained, the forty day period starts to run. It is advisable to put procedures in place to ensure that the receipt of the request and the further information is correctly dated so that an organisation knows how long it has to satisfy the subject access request.
In other words, even if they have identified you as the subject, if the fee has not been sent, they can still delay. Hence our insistence that you should include the £10 from the start.
Apologies to people who I was in the process of helping, I may be gone some time.
Barclaycard SAR Non-compliance defence in full
) of last October.
Reply With Quote
Originally Posted by noomill060
Anticipating my 
Had a busy day today, nice win from 
