I received a letter from Cabot Financial claiming they own an old debt of mine from four years ago amounting to £7800. This debt may be genuine as I went through a very bad time during my divorce mentally and lost my business and home. I thought all my debts were settled at that time so I would like to challenge them as my credit file shows no debt. I have sent a prove it letter and would like to know my next step, a CCA request or SAR request should they persist. I have read that sometimes unsecured debt cant be enforced because the relevant paperwork is lost, is that correct? I am about to retire and have no assets. Thanks in advance

Hi all, I have submitted a GDPR request to Cabot for an old credit card debt which I was paying of as part of a DMP I had until a couple of years ago (and stopped paying as I did ask for the CCA and cabot did not comply). Cabot provided all the information they “had”. They provided (as part of the GDPR the CCA ) however there is no mention or any confirmation that the debt was passed on to them or any correspondence made by them that they now owned my debt (i.e from the previous company, initially Egg, then “according to the notes I could find from Cabot “ idem but absolutely no mention of any communication of either purchasing the debt or correspondence made to me notifying that they were the “rightful” owner” … .not sure if the above makes sense .. I was under the impression that a Debt management company had to prove that they actually owned the “debt” and had to ensure the debtor was notified IF the debt was sold or no? Also it seems that several letters which I have received were not attached to the “GDPR” documentation (thought again they had to provide a copy of any correspondence sent?)

Recently, DWP paid me 7,000.00 backdated payments for sickness / ESA claims as a result of numerous complaints made about 3 work capability assessments, each of which having a medical report made by a nurse which omitted information. 2 of the work capability assessments were recorded. The oral recordings of the assessment differed from the medical notes made by the nurse, this has been shown on 2 occasions when comparing the oral recording with that of the medical report. Pointing this out to DWP - I was ignored for several years, complaints being answered but nothing being done in respect of the complaints. To have a 7 thousand pound payment years after may seem great - reality is that it is all used to pay debts to family who supported me during the time DWP refused to. My data request is for a copy of a report made by a Dr. [redacted] who conducted both investigations into my last 2 work capability assessments. This doctor could not find anything wrong with either of my work capability assessments between that of the actual recording and that of the written medical report. Whereas, other medical professionals have noted several elements whereby the assessments are unfit for purpose. DWP refused to give me this data surrounding the doctor's investigation previously despite my many reminders. Again, in my latest assessment, DWP are refusing to give me this data. The data request was late (it needed reminding). Not only was it late, it did not contain any of the information I had asked for. I had asked for specific information surrounding the 2 investigations made by Dr. [redacted], this should have been 10 pages at the very most. What resulted was at least 3,000 pages (some duplicates) of the entirety of my comlpaints with DWP... In addition to someone elses name and national insurance number (totally unrelated to me) in amongst the data. I wish for specific data surrounding the doctor's investigation. I have an N1 court claim form - are there any templates I can use to make a claim under GDPR forcing DWP to comply with my request? --- The request is for data to aid in other complaints and essentially show that the assessment is unfit for purpose and even when complaining about it, a Doctor answers complaint saying everything is fine - when it is not.

GDPR, In 2018 I sent a request for CCA/Prove it letter to Idem they never replied or sent the info back. However they kept sending letters/calling to contact them etc, duly ignored as the CCA request was not fulfilled. About 10 weeks ago they sent a letter stating that as they could not get hold of me they decided to pass ALL my details to a company called “callresolve”. After 5 weeks I received a letter from callresolve stating that my details were passed on to them by Idem and that they will send someone over. About 2 weeks ago a lovely (sarcasm!) gent arrived at the house, all with a long black coat (not making this one up I swear) and a lovely badge from “Callresolve” anyhow, as he did not look like your average postman, I asked what he wanted. He said before he could tell me he had to “confirm” my details… I said “ah ok that would be good” and he started “if I could confirm the address” (yes that was right on the front door), I looked at the house number and pointed out at the street sign outside…. He said it was process, then (and this is where it gets quite interesting) he asked for my Date of Birth (to which I replied , I had one and I was happy with it). Anyway at that point I also added that he could “Jog on” and to ensure his coat would not get stuck on the porch. The question is, as Idem ignored any “prove it letter” or even CCA and without my authorization they passed on my private details to a third party. Are they in breach of GDPR guidance. As I thought under the new regulation ALL information can only be passed to third parties with someone’s explicit agreement (I never gave that agreement to Idem. I also got rather annoyed and called Idem, told them that I was still awaiting for the CCA and prove of debt (i.e deed) they said they were not obliged (rightly so I believe, ) to send me the deed of assignment however I asked them if they could confirm and send the confirmation of when they told me of their “Ownership” of the debt, they stated as it was sent in 2009 they did not have a copy (?) Could someone confirm what information I could ask for and if anything else I should be weary of? Idem seem to have got hold of a phone number which I seldom use, and also an email address which I used to set up a DMP years ago (but was still going on last year but NOT for Idem)….are they under obligation to let me know how they got hold of my data and who provided to them? Is there a template for GDPR ? and also what is the process to lodge a complain and to whom? The ICO (from what I can read, would limit itself to “remind” Idem to comply with requirements) Hope the above makes sense!

I have a friend who has been messed around by a company for over a year regarding a potential debt issue when he expressed that the added strain of the length of time he had been waiting for their replies and dealing with the issue and misinformation he had been given had made him feel suicidal. He was expressing how bad their service was. A month later, after he sent the letter, he received a call from the police. He had to explain that he was not going to kill himself and had never had that intention either and when was this a police issue?. The company had coldly reported him and not sent any warning of this to my friend. He just received the call out of the blue. If he had not happened to have been around, apparently a police car would have been sent around. He was distressed by this and has never had anything to do with the police before and certainly not police cars outside his home. He said it felt like an act of bullying on the companies behalf. Not only was this a breach of data protection during a conversation with a company, but surely this can't be the correct thing to do?

Just over a year ago my wife was driving me into town in her car on a day when the ground was snow covered. My wife stopped at the foot of a hill when she saw that a car half way up the hill had stopped and was clearly in difficulties. The car then began to slide back down the hill very slowly and with cars behind us, my wife had no way of moving out of the way. The sliding car came to a halt when it bumped into our car. Driver admitted fault and exchanged details. A few days later got the go-ahead to have the car repaired and paid the £95 excess to the repairers when the repair was complete. Contacted wife’s insurance company to ask how to reclaim the excess and was told that we would have to reclaim from the other drivers insurance company which they said was Aviva. Aviva was not the insurance company named by the driver. However, phoned Aviva and because they said that the details we had provided were wrong they would not discuss the case and that we should again contact our own insurance. And yet we had provided the drivers name, the registration, phone number and the other relevant details as given by the driver. Contacted our own insurance again by email to verify or correct the details of the other driver and were shocked when they replied that because of the data protection act, the could not provide the other drivers details. Phoned the Ombudsman and was told that he could not understand why they would not provide the details because these were the details that were required in an RTC and in any case could be accessed online. Own insurance wouldn’t budge. Just received our insurance renewal which logs the bump as being my wife’s fault. Data protection has indeed gone mad. Aviva wouldn’t discuss because we gave the wrong details and our own insurance wouldn’t provide the details either because of data protection. Any advice?

Hi All, my network provider (Tesco) uses o2 which i am still having problems with sending texts, is it a breach of contract? Thanks for any info.

Hi To cut long story short, had a debt around £15k with original lender who assigned the debt to a DCA last summer (2016). DCA wrote chasing debt - I replied stating that in my view (formed by reading loads of stuff on internet) debt was unenforceable. DCA said would look into the matter almost a year later, has written saying they would not pursue legal action 'at this time' but would I get in touch to arrange repayment of the debt. I am assuming (ha ha,always tell my kids never to assume anything) this is as close as DCA will come to admitting debt unenforceable (?) what would be a sensible course of action to take in respect of their request for me to get in touch re repayment? Most grateful for any advice and thanks in advance.

Hi everyone I have an Energy Company giving data shares to a Credit Agency but the shares are not showing the outstanding amount or reduction in what's been paid every month. I was under the impression that to avoid breaching GDPR certain parts of the data share should include this to show a true reflection of the account and so other potential lenders could see where the account was up to etc. Some months inbetween others they wouldn't give any information! When I queried this with the Energy Company they then started showing the shares as an 'i' which I believe stands for Arranged Payment. Ok, so does that mean they can just show a status of AP every month still with no current balance and outstanding balance? How are other lenders meant to see when this will end? They also shared information via the Credit Agency during the dispute I raised that said I was responsible for the supply at the address with incorrect dates. As that's been sent to the Credit Agency in response to my dispute, would that breach GDPR?

For anyone that might be interested a simple online process to obtain data they hold on you . https://www.gov.uk/guidance/request-your-personal-information-from-the-department-for-work-and-pensions

Hello all. Been a while. Had the letter from Apex to say they have "purchased (my) account with all rights ...". Included in the envelope was a bw letter supposed to be from Egg saying it was "notice of the assignment of the debt due to us ..." First thing should I start this thread here as I live in Scotland - or start one on another of the more general debt or DCA forums? Other thing is just to start by saying I'd an Egg Loan and an Egg credit card. CCAs sent for both well over a year ago. Got nothing for ages then two copies of a muliple page computer printout relating to the loan. There's a signature but everying is on separate pages. It also arrived well after the deadline. I have pointed out that the accounts are IN DISPUTE in all communication since. I have been making small monthly voluntary payments via standing order (in the interests of goodwill). Settled with all other creditors apart from Egg and one other for amounts between 40% and 70%. That money is now all gone - I warned Egg that would be the case. My goodwill is now gone with this Apex nonsense. (1) Thread in the Scotland forum or...? (2) Account passed to Apex (so they claim) but was IN DISPUTE. Should I aim to get it back to Egg but pointing out it can't be sold while IN DISPUTE - or get Egg to confirm that's what they've done then stop all apayments (both Egg accounts card and loan) and CCA Apex and see what happens? Many thanks in advice for any help/advice. This place is great, really great.

Hi Has anyone successfully had erroneous data removed from CRAs that was put there by Laredoute? I have a close family member who had previous credit with them many many years ago. She noticed about a year ago that Laredoute had updated her credit file with payment arrangements which she ceased many years ago.. then it was showing as being paid successfully, then again changed back to indicating missed payments. Will a CPR 31.14 help in this situation, though I doubt they will hold any data with the debt being so old, but thats only a guess. Any advice will be much appreciate regarding how to get the negative marks removed from CRAs. Thanks in advance WS

I’ve never needed a mobile phone except when travelling up north to see my mum who’s in a care home. Just before Christmas 2014 I got a mobile phone from EE so I could stay in touch with work, etc., while visiting my mum. When I set it up it was clear that it didn’t work. I tried all sorts of things and it still wouldn’t work. But I forgot about it for a few days. When I got back after Christmas I decided to phone EE and tell them that it didn’t work. The problem was that they said I didn’t pass the security questions; as a result I could not speak to anyone. Couldn’t report that my mobile didn’t work! The weeks went on and I made other calls to EE, but was told each time that I had failed the security questions. Meanwhile, of course, I was paying for this non-working phone every month by direct debit (or standing order, I forget which). This went on for month after month, and still I was paying for a service which didn’t work with no way of getting the issue resolved. It was such a small matter (as I never need to use my mobile except at Christmas when I am away with family) it was out of my mind for 99% of the time. Eventually I reasoned that I was going to be paying for this broken thing for years – and they were never going to listen to me because they would always say that I had failed the security questions. I took the only option which was then open to me. I cancelled the monthly payment to EE. Now things actually made sense, and at last I was not paying regularly for something that had never worked. At this point let me be clear about something. I could install apps on the phone and I could use it for playing solitaire and other stuff like that. But I could not do what you are expected to be able to do with a phone, i.e. communicate. EE themselves will be aware, as they would have access to such data, that: Number of phone call I made while in that contract = 0 Number of phone calls I received while in that contract = 0 Number of text messages I sent while in that contract = 0 Number of text messages I received while in that contract = 0 That is the level of service I was getting from my EE mobile phone. In the meantime I had paid over £650 for this nonsense. I phoned EE again. again I was told that I had not passed the security questions. But by this time I was aware that the operator at the other end was reading a large amount of text which had been written on my account, EE was obviously well aware of the issue. Also EE would have been aware of the 0 calls and 0 SMS aspect of my strange account. It’s just that they obviously didn’t give a monkey’s. I asked how I could resolve this. How could I prove my identity? I was told to go to my local EE store with some ID and I would be given a password which I could use in subsequent phone calls to the help centre. I did. I phoned EE with my new password and asked for my money back. I was put on hold for several minutes and then told that the account had been passed to the Collections department as it was in arrears (of course they would have been flagged as in arrears: the only way to stop being mugged every month was to cancel the monthly debit!). (Oh yes, and to add insult to injury, because of the misperception that I was in the wrong EE was allowed to put a black mark against my credit rating. I also had debt collectors writing to me. But I was able to explain to the debt collections agency what had happened and they just dropped the case against me immediately- no excuse with security questions there: I just TALKED to them and they LISTENED! It's what people do.) The person I spoke to in the Collections department acted exactly as Collections people behave and said that I could not have my money back. When I explained that consumer law was on my side he said that I had “failed data protection laws”. I reminded him that data protection laws were there to protect consumers, not corporations who sought to rip consumers off as EE was obviously very keen to do to me. I also said that I wanted EE to delete the black mark that they had put against my credit rating. Characteristically he said that he couldn’t do that either, again, because I had “failed data protection laws”. EE is yet another company who uses data protection laws to their own advantage; to clobber consumers with them! I wonder if anyone else has been treated in this way by EE or another supplier. I’m also wondering how to get my money back – and to clear up my credit rating – from such a bunch of intractable people.

Hello I was on a training course provided by a training provider on behalf of dwp while on course i did not sign their data consent form as, I did not agree to what was on it I only put the date on it. I received contact from the company by phone and email also text message so i emailed them telling them to stop contacting me No reply. i decided to contact them via an ico letter asking why they contacted and they provided me a copy of the form and said as ,I signed it they could contact me. on looking at the form my signature has been forged and also my name has been written on form not by me. I am hundred percent sure its not mine as i only dated the form. I have spoke to ico and they seem bothered how my data is used. What would you people say to do I think its best to write a letter saying that i have received a forged signature and ask them to investigate just not sure what to do now thanks for any advice

Hi i have a bit of a problem where on my equifax credit file there is another person appearing on my file under the section called "Attributable data" It says the following If there is information in the Attributable Data section, it indicates that the data could belong to you but cannot be definitely identified as yours. A lender can see this data, but should obtain proof that it does belong to you before it is used in a lending decision now i have no idea who this person is. There are many accounts that have defaulted. What i wanted to know does this affect my score and how can i get it removed. I have sent equifax a message but they seem to take an age to reply. Thanks

Having some issues with O2 as of March this year as they have decided to link 2 accounts for another person with the same name and DOB as myself, however this other person has a middle name and i do not. I do not have any accounts with O2. 18/3/18 Received letter stating i was in breach of contract for not paying my O2 bill. 22/3/18 Received letter telling me they had stopped me making calls and texts. 23/3/18 Checked call credit report and O2 had already linked my address with the debtors in Janurary 18 and had both accounts listed. 23/3/18 Emailed call credit stating the incorrect information. 2/4/18 Received letter from O2 telling me they had disconnected my phone. 7/4/18 Requested credit report from Experian. 20/4/18 received letter from call credit stating that O2 had not bothered to respond to them, and are unable to amend the entries to my credit file without the permission of O2. 20/4/18 same letter as above also stating that the disputed entries will be supressed from my credit file, however, O2 can remove the suppression at any time. 21/4/18 complaint letter sent to Experian stating the incorrect accounts and linked addresses. 17/5/18 Received email from Experian telling me O2 had supplied the following details "The link is correct as the account was registered to the disputed address." 1/5/18 Received letter from Experian stating O2 had removed the accounts but not the linked addresses. 1/5/18 Complaint send to ICO about Experian knowingly registering wrong information on there systems even though it had been proved it was not me O2 were looking for. 5/6/18 sent SAR to Experian 5/6/18 SAR sent to O2 8/6/18 Received letter requesting what specific information i wanted from Experian. 11/6/18 Sent Experian an email stating i wanted the information between themselves and O2 to see what had been said about the matter. 11/6/18 Received email back from Experian stating that they had supplied the information the comparison data sets in the additional information i could request. No information regards conversations about themselves and O2. What O2 have done here is add accounts and linked addresses to a serial debtor on my credit report , opening the floodgates for all of these other companies to jump on the bandwagon adding CCJs , Defaults, Late payment accounts to my credit files. They are refusing to remove the wrong data from my Experian report and as stated above have not even replied to call credit about the issue. No reply as yet from the ICO as they are running 8 weeks behind about the Experian complaint. Next steps to take against O2 if anyone has any suggestions, AGAIN O2 are the ones that have opened the floodgates for all of the other comapnies to throw wrongful information onto my credit files without even bothering to do the correct checks. ***Please also note that my Experian credit report in April stated O2 were the source of the linked address, however my credit file in June states Experian are the source of the linked address*** Something funny going on i think. Thanks

Last autumn I checked my credit file and I saw loads of credit searches that looked like insurance - Aviva etc and probably a quote website, lots of mentions of LexisNexis. I then noticed that the date of birth given for the search wasn't mine - it was incorrect. So a fraudulent search had been attempted and what's worse, the credit reference agency had allowed it to happen and given out my data to loads of entities when the data used was partially wrong - surely this should have been spotted and therefore prevented from happening? I reported every search to the CRA and they deleted them. If that weren't bad enough later on I got a letter from a car insurance company saying my care insurance had been cancelled - well I don't have a care or even a driving licence. So clearly because my data had been transmitted fraud had now been allowed to happen. I phoned the insurance company and told them it wasn't me, and also managed to get the person to admit that the data of birth was wrong. I wrote them a letter after the phone call complaining that they had allowed fraud to happen despite using bad data that should have been spotted. They wrote back saying they have sophisticated systems blah blah. They also said that they hadn't applied any negative markers and that I could use this letter as proof that I had done nothing wrong - to me that implies they have done something to my data like put me on a database saying identity fraud or whatever that may affect my ability to get insurance? I find this really annoying because I hate not being in control of my data/being on secret databases and I have done nothing wrong. Should I complain to ICO + FOS? I'm going to GDPR the car insurance company now to see what they have on me and then ask if as a result of thier negligence they have sent my data to any third parties, which they have never had my permission to do.

My wife and I have booked a cruise through Tui and my wife made the booking and today I phone the Tui shop and asked about a cabin upgrade and they had to have permission from my wife to speak to me about upgrading and after she gave permission I was told that it had to be done in person so I said I would pop in later to sort out the upgrade and choose the cabin ( which is another fee ) When I arrived at the Tui shop I was told that I could not do the upgrade as my wife was not with me I said that you spoke to my wife this morning and gave permission at no time did you say that she had to come with me ,cant you phone her at home and she can give permission .No was the reply Data Protection .my name is on the booking and I paid for the cruise in full check the payment ,but they would not deal with me . Surely if they spoke to my wife this morning and knew I was coming to pay for the upgrade why is this Data protection stopping me from doing something so simple no wonder firms are losing custom

I've recently been sent a letter by my GP saying that a member of staff has been accessing my medical records inappropriately. They don't go into any details like how long it's been going on for, how many people are involved or anything like that. They don't even say when the breach ocurred either. All the letter says is they've changed their procedures to stop it happening again, the person has been fired and they've reported the incident to the ICO. Now I just want to say I am NOT trying to claim compensation or anything like that this is purely about how this has now affected me. I am now struggling to trust my surgery, I have a complicated medical history and live in a small community so now i'm wondering how many (if any) know my medical history and are gossiping. The entire subject matter is already being gossiped about as I found out about the breach before I got a letter. They imply that as the person is now not working there and the ICO has been informed that that's it as far as they're concerned, I have written to them asking specific questions like how long it was going on for etc but given that the person "picked" mine to look at I have to wonder if it's someone I know or if they looked on behalf of someone else. What kind of response should I expect from the practice, out of what has happened what information about the incident am I entitled to see and if anyone has any other suggestions i'd be really grateful

Guidance Data Protection: rights for data subjects READ MORE HERE: https://www.gov.uk/government/publications/data-protection-rights-for-data-subjects/data-protection-rights-for-data-subjects

Simple questions. Can the DVLA still give out your details without your express permission? Will it have any impact on PPC's and the way they handled data?

Hi, I opened a credit card account with vanquis in September 2005 and stopped paying them around early 2008 as they were hammering me with charges and i'd pay them what they asked for and the next month there'd be another charge. Obviously they must have defaulted the account and sold it on to lowell. I've only recently been checking my credit file and noticed that the default date for the account is september 2013. The cynic In me feels that lowell.s may have done a bit of sleight of hand with the default date as I doubt vanquis would have waited over 5 years to put the account in default. I no longer have the account details for this, so is there a way I can Sar them without the account number and will this reveal the correct default date or would I need to request that seperately?

Hello A friend of mine let a DCBL bailiff into her home ( it was 6am, they looked like cops and they pushed into the doorway when the door was opened) They waived a Writ of Control to justify entry and refusal to leave. They now have a list of goods under control - one of these is a computer. While I understand they can take the computer, what is the status of the data stored on the machine? In the meantime, I've applied for a N244 to create a payment schedule as she is vulnerable on health grounds (also the reason for not being able to pay the original CCJ that started all this) Thank you

Hi all, I am writing a SAR letter to Barclaycard as the first step towards reclaiming over limit and late payment charges. I've spent a couple of weeks reading various threads here that have been very helpful. I am trying to find the best address to send my SAR but am confused by conflicting information, some of which may or may not be out of date. London? Northampton? Knutsford? If someone could point me in the right direction I'd be most grateful - I don't want to stumble at the first hurdle! Thanks, John.

I applied a mortgage with Halifax bank which was accepted initially later I change the house on which my mortgage was accepted on the second mortgage Halifax rejected my mortgage and put my name on the national hunters date base giving reason that my Job is not verified where as I am working with same employer for over an year I tried few other banks but on the basis of this report no one is willing to approve the mortgage and I won't be able to buy a house for my family really stressed and need some serious help to get out of this trouble