Jump to content

mrabody

Registered Users

Change your profile picture
  • Posts

    93
  • Joined

  • Last visited

Everything posted by mrabody

  1. You've suffered reputational damage. You've also been denied the ability to obtain credit, or have had to obtain credit at a poor rate.
  2. I wouldn't suggest that they acted negligently. I'd assert that they deliberately did this in order to punish you and to exert pressure on your to pay. Don't give them the benefit of the doubt. What sort of costs have you incurred as a result of their behaviour?
  3. I figured if Barclays didn't want to comply with the law they should pay for the privilege.
  4. I finally have something to report on this matter. After a long delay due to the Court misplacing the file, I attempted mediation with Barclays in late January I think (could have been February) which, as expected, was a complete failure. A court hearing was set for early March and two weeks beforehand the parties exchanged the evidence they intended to rely upon and filed it with the court. Then, in what came for as a BIG surprise, I received an order from the court adjourning the hearing to early June following an Ex Parte application by Barclays. Totally bizarre but there you have it. I was annoyed but not overly fussed because it was obvious from their filings that Barclays had no leg to stand on. Then the meeting was adjourned again until the 18th of June (presumably due to Covid). When given lemons you need to make lemonade which is what I proceeded to do. With the hearing adjourned I was able to do some sleuthing and turn up further evidence of information that Barclays had not provided in response to my SAR from April 2019. So I prepared a supplementary witness statement and filed it with the Court and served it on Barclays solicitors. Then, about a week before trial, I was contacted by Barclays' solicitors offering a settlement for the full amount claimed but without admission of liability. Part of me would have liked to take it to trial and get a judgement, but the lockdown has hit our family's finances hard so I decided to accept the partial win. I may or may not continue my quest for a full answer to my SAR through a Part 8 Claim but in the meantime I'm savouring my victory. I've attached a redacted version of the court order. Redacted Court Order 18.06.20.pdf
  5. Yesterday I received a letter from HMCTS offering mediation. I was going to agree but I think given the total gulf between the two parties I'm going to tell them there's no point to it.
  6. I've had a response from Barclays' solicitors to my offer to settle. It's a big fat no. They absolutely refuse to hand over the personal data I have requested but are willing to entertain reasonable offers. I wrote back telling them that they can't buy me off for a couple of hundred quid and that having professed a wish to settle they need to pull their fingers out and make an offer I can accept. But wait it gets better. They also sent a letter saying they've complied with their duties under the GDPR and that the allegations I made in my pleadings are no longer applicable and that I've brought new allegations into the claim which require my pleadings to be amended. Except the two things they claim are new are right there in black in white in my Particulars of Claim. I don't know whether it's sheer incompetence and inability to read and comprehend legal documents or whether they think that as a litigant-in-person I could be easily bullied into dropping the claim but needless to say I've set them straight on this matter.
  7. They're claiming an exemption under Schedule 2 of the Data Protection Act. Not applicable in this case as I pointed out in today's correspondence. I put forward an offer to settle which would see them pay me less than I'm claiming and provide me with the personal data I have requested. I've given them a little over two weeks to get back to me. Given their solicitors' uncanny ability to misinterpret the provisions of the DPA, I expect this will keep rumbling on until it's passed to Counsel, or goes to a hearing.
  8. I've been overseas for the past seven weeks on family business. Barclays is defending the case. They recently demanded proof that I sent them the SAR when I said I did. Luckily I always send these sorts of things 1st Class signed for so they got both proof of postage and proof of delivery. They continue to explicitly refuse to provide me with some of the personal information I have requested.
  9. The only businesses more hated than banks are debt collectors, and unlike Banks they're not a necessary evil. In my (admittedly brief) experience, the quickest responses I've had to Subject Access Requests since the GDPR regime came into effect are from DCAs and Bailiffs.
  10. So today I finally received Barclay's "substantive" disclosure of my personal data. Incomplete of course. And there was the small matter of Barclay's including somebody else's personal data mixed in amongst mine. Since this data included the person's email, I emailed and advised them of Barclay's failure to keep their data secure. I believe Barclays will shortly be receiving another complaint. Ah Barclays, your malice is only matched by your incompetence. Needless to say, the court case continues.
  11. Claim form and Particulars of Claim Issued and served. Service has been acknowledged by their solicitors, TLT LLC. In the meantime, TLT send a letter saying that Barclays does really really intend to honour my SAR request. More entertainingly though, they don't believe they owe me anything. With respect to damages, the letter concluded on the following note. "Damages With regards to your request for "non-material damages" and "exemplary damages", these claims do not appear to have any legal basis. We would like to remind you that the General Data Protection Regulations (GDPR) does not confer on the Bank some sort of duty of care that, if breached, entitles you to a monetary claim as you appear to believe. The Bank does not view itself as being liable to you for any sum of damages and/or compensation. We trust that the above clearly explains the Bank's position. " I could have just left it and allowed them to humiliate themselves in front of the court but being the kindly person that I am I sent a helpful email pointing out the relevant sections of the GDPR and the DPA 2018 and suggested that they make the effort to read them. SMH.
  12. Their solicitor as advised that they are still trying to assemble a substantive response. I replied to say that while I'd very much appreciate a substantive response at this stage due to Barclay's pattern of ignoring, obfuscating, and delaying any such substantive response to my SAR, it wouldn't be sufficient to end the court action - only a complete admission will do that.
  13. Heigh Ho! Heigh Ho! It's off to court we go! Claim form submitted to MCOL last night.
  14. I did get a couple of replies from Barclays - of sorts. First they wrote to advise me that they were unable to comply with my Subject Access Request because after conducting a search they could find no evidence that I had ever bought a Standard Life product from them. I'm glad that's settled - as I too was unaware that I might have bought a Standard Life product! Pity they didn't actually bother looking for the account information that I had referenced (hint hint guys, it's explicitly referred at the beginning of my Subject Access Request). A day or so later I got an email from their solicitors asking for a fortnight's extension. I sent them a copy of Barclay's correspondence - pointing out that it's an insult to my intelligence and granted them an extra week which expires tomorrow. Having just got back yesterday from overseas I found that Barclay's has sent another letter acknowledging my SAR and advising that they might phone me to discuss my request and confirm my identity (What do you mean "confirm" Kemosabe? I sent sufficient documentary proof with the original SAR way back on 26th of April 2019 ). Following that they advise it may take them up to 30 days to fulfill my request though it could take up to 90 if they decide it's complex. Undoubtedly for such bears of little brains it IS complex. At this pace I could have granted them an extension of six months and I wager I'd still have to issue proceedings. Muppets.
  15. It's the purpose for which the data is transmitted. It's perfectly proper in this case for the bank to contact the CRA and advise them to remove the information relating to this account from the customer's credit file. It's not proper for the bank to send the customer's details to a DCA to try and collect on the now non-existant debt. It would be equally wrong for the bank to subsequently contact the CRA and tell them that the customer is in default on this account.
  16. Generally speaking, all three would be data breaches, although in the case of (1) A data controller could withhold some information if they had legitimate reasons for doing so. With respect to (3), a Data Controller can, take longer than 30 days to supply the data if there are large amounts or there's some complexity to answering the request, but they must let you know within 30 days that this is the case.
  17. The GDPR regime is more robust in spelling out the Data Controller's obligations and the Data Subjects rights, and it explicitly allows you to sue for non-material damages.
  18. There's nothing complicated at all. The LBA allowed them 14 days to make a substantive reply. Either they do or they don't.
  19. Now, I could leave this be for the time being and await further communications from Barclays' solicitors but I'm a believer staying on the offence so I've dashed off a quick email asking whether TLT are authorised to accept service should it be necessary to issue a claim.
  20. Well, colour me surprised. Barclays seems to be taking this seriously. Today I received in the post a letter from TLT Solicitors who advise me that they are awaiting instructions from their client on this matter. Barclays seems to have acted with alacrity in this as the letter is dated a mere three days after my Letter Before Action was sent. Of course, past performance is no guarantee of future conduct. Time runs on. Tick Tock.
  21. When was the SAR made to your former employer? Was it before or after GDPR came into force (25th May 2018)?
  22. 1. I'm pretty sure I came across it on this forum. 2. Yes you're correct in that having case-law precedents is useful - generally speaking courts are bound by case law as defined by decisions and judgements of superior courts - in this case the Court of Appeal. Of course the Halliday decision is only binding on a lower court to the degree that the circumstances of the case before the court match those of Halliday. For instance, say you send an SAR to a bank and they respond with a holding letter within ten days, and then supply you with four boxes of your personal data going back 25 years but it is sent out two days after the 30 day limit imposed by the GDPR/Data Protection Act 2018 - yes, you've technically suffered a data breach, but given the amount of data provided and the fact that the Bank has kept you informed of what's going on, it's extremely unlikely that a Judge is going to agree that the damages from Halliday are applicable.
  23. Take a look at Halliday v Creation Consumer Finance Limited. The claimant was awarded £750 for distress for what the court held to be a minor breach. https://www.hempsons.co.uk/news-articles/damages-distress-awarded-breach-data-protection-act/ In your case I would suggest the breach is considerably more serious as HSBC has lost your data. They think it may have been destroyed but they have no proof. The fact is they have no clue as to where it is or who has it. So in addition to the potential loss of your PPI refund I think the distress component is considerably higher than in Halliday. How much higher I cannot say - but you need to start canvassing the case law on damages for distress. http://www.bailii.org/ew/cases/EWCA/Civ/2013/333.html
  24. I've drafted the claim for the N1. I haven't drafted the particulars of claim yet. With respect to the ICO, having been told by the defendant solicitors in another GDPR matter I recently settled that "The ICO is better placed than the court to decide such issues (it is the UK authority empowered to look at DPA complaints) and my client is content to be bound by any decision the ICO makes in that regard." doesn't inspire much confidence in it.
  25. And no, I haven't complained to the ICO. My understanding is that they've been snowed under with complaints since GDPR came into effect. Small Claims Court is easier and quicker and most importantly, control of the process remains with me.
×
×
  • Create New...