Breach of Data Protection Act by Creditor

[jane jennefiers]

I have started a new thread because this is a very specific issue the answer to which may be relevant to a lot of people.

 

Could someone confirm or refute that I have got this right:

 

An original creditor fails to provide a true copy of an original executed credit agreement. The failure continues beyond the 12 days plus further 30 days.

 

Despite this, the original creditor passes the account including personal data, as defined by the Data Protection Act, to a third party who attempt to collect the debt. This may be because they have bought the debt or because they act as collectors on behalf of the original creditor.

 

That third party then passes it to another third party. They then instruct solicitors to threaten legal action.

 

My understanding is that the original creditor and the initial third party has breached the Data Protection Act.

 

Therefore there are two offenses committed by the original creditor:

Failure to provide a CCA

Passing information to a third party in the absence of a CCA

 

I understand from this forum that the alleged debtor cannot commence proceedings against the original creditor for the first offense. That is up to the regulators.

However, is it correct to say that the alleged debtor can commence proceedings against the original creditor for Breach of the Data Protection Act? And can the alleged debtor commence proceedings against the third party who pass the data to a further party for Breach of the Data Protection Act? And what about the solicitors? Can the debtor issue proceedings against them for holding data which should never have left the original creditor in the first place?

 

If any of the answers are 'Yes' , which appears possible from this forum, then I do not understand what the debtor would be seeking. Surely with a court case a debtor would have to be seeking some sort of reward, such as damages. Yet the court would surely fail to see what the claimant has lost as a result of the breach.

 

In short, in the above scenario, what can the debtor threaten which is convincing and shows they know what they are talking about?

 

Many thanks!!!!

[dad]

Hi Jane,

 

OK, first of all I am NOT a lawyer so what follows is merely my opinion.

 

Surely with a court case a debtor would have to be seeking some sort of reward, such as damages.

 

First damages are not a 'reward' but a recognition of loss. Section 13 of the Data Protection Act, which gives the power to sue, requires you to allege some damage. Cutting short a lot of complicated law, damages fall into two types. General damages compensates the claimant for the non-monetary aspects of the specific harm suffered. Special damages compensate the claimant for the quantifiable monetary losses suffered by the claimant. The key thing is quantifible, as the plaintiff you will need to prove any special damage.

 

The next point is damages are likely to be limited to those reasonably foreseeable by the defendant. If a defendant could not reasonably have foreseen that someone might be hurt by his or her actions, then there may be no liability. So you need to put the defendant on notice, especially the third and subsequent parties.

 

For the scenario you outline the damage would be 'unspecified damage to your reputation and credit'. This is a general damages claim. You may be able to prove special damages in addition see 'Durkin v DSG Retail Limited'

 

In short, in the above scenario, what can the debtor threaten which is convincing and shows they know what they are talking about?

 

In my mind you need to send each party a section 10 Data Protection Notice. In this scenario they have to be carefully crafted and depending whether the subsequent parties actually alter your CRA records.

[jane jennefiers]

Many thanks.

I will now follow the references you provide and get my letter together.

 

Again. Thank you!

[palomino]

A word of caution : if you come to the point of wishing to lodge a complaint with the Information Commissioner you will find that, after lodging your complaint, nothing happens. Nothing at all.