New Report on Ciivil Recovery from the CAB

[ScarletPimpernel]

RLP get around the issue of consent to process data (in relation to their database), by saying that it is for the purpose of crime detection and prevention, for which consent is not required.

[buzby]

That is the problem stored up for the future, as more retailers buy into their services, then their assumptions and opinions can have far reaching consequences for the innocent, on the no smoke without fire principle.

 

But is this anything new?

 

We already have this - but provate enterprise has done much to fool the public into believing it is a 'necessary evil' - and I'm talking about the CRAs. This is simply a vertical market within, and I'm sure the main CRAs are kicking themselves that they didn't think of doing it (having to make do with administering the 'insurance fraud' database.

[buzby]

RLP get around the issue of consent to process data (in relation to their database), by saying that it is for the purpose of crime detection and prevention, for which consent is not required.

 

Actually, I don't buy into that. That exemption was for 'lawful authorities', not some get-rich-quick outfit that skates along the edges. THis would mean (in the interest of competition) that any firm can hold your personal details without your permission without your consent. The CRB is one of these exemptions, the Insurance Hunter database (despite supossedly being used for crime detection and prevention) is not. How do I know.

 

Elephant sent me a letter as a third-party (I wasn't their customer)). A disclaimer at the bottom of the letter stated that my details would be passed to IH. I told them they couldn't and we disagreed. The ICO called them to a meeting to discuss the issue, and hey were told in no uncertain terms that they could NOT use this exemption to get round the act. My details were then removed.

[brassnecked]

But is this anything new?

 

We already have this - but provate enterprise has done much to fool the public into believing it is a 'necessary evil' - and I'm talking about the CRAs. This is simply a vertical market within, and I'm sure the main CRAs are kicking themselves that they didn't think of doing it (having to make do with administering the 'insurance fraud' database.

 

Yes I'm sure the CRAs are kicking themselves after all they would likely love the opportunity to put such data on someone's credit file and charge extra for viewing it.

This may mean people with clear Disclosure Scotland reports could find themselves without a job (potentially) if the employer, and some do as a matter of routine, used the services of a CRA to check on their employees.

[andydd]

This whole issue has opened a whole can of worms that even CAB dont investiagte too much, the issue of 'secret' databases and whether they have your permission to hold your information, the Hunter databases is mentioned (and there are other quasi-legal/crime/credit ones) that appear to operate outside of the law as we know it, I recall reading a thread here about the Hunter database and it makes very worrying reading.

 

Andy

[brassnecked]

The issue that nobody has mentioned, is - as required by the DPA - a data subject has to GIVE THEIR PERMISSION for their information to be stored on RLP's database. There is no exception for RLP. So, if they are compiling lists of allegedly dishonest individuals, where is this all-important permission?

 

Have people really confirmed their details (inclkuding DoB) and agreed that RLP may store their details?

 

Someone, who has found themselves to be listed, but has not provided permission would need to be prepared to take on RLP and the ICO to ensure the Act is complied with.

 

Just a thought, even if the person stopped is innocent due to faulty/not removed tag, and a correct receipt shown, if the shopper has signed something proffered by security at the time, as a "Well this clears it up sorry you have been troubled, sign this to close the matter" then the permission will likely be in the small print of what has been signed. Signing a banning order or anything else may also contain a permission to process.

[ScarletPimpernel]

Actually, I don't buy into that. That exemption was for 'lawful authorities', not some get-rich-quick outfit that skates along the edges. THis would mean (in the interest of competition) that any firm can hold your personal details without your permission without your consent. The CRB is one of these exemptions, the Insurance Hunter database (despite supossedly being used for crime detection and prevention) is not. How do I know.

 

Elephant sent me a letter as a third-party (I wasn't their customer)). A disclaimer at the bottom of the letter stated that my details would be passed to IH. I told them they couldn't and we disagreed. The ICO called them to a meeting to discuss the issue, and hey were told in no uncertain terms that they could NOT use this exemption to get round the act. My details were then removed.

 

 

I don't buy into it either, but that is RLP's stance.

 

In my view RLP's database is very similar to the one related to the building trade that hit the news some time back. The difficulty is that ICO appear to have neither the will nor the inclination to investigate it. Perhaps they will have to if someone can demonstrate that they have suffered a harm as a result of inclusion on the database, or complains about being on it.

 

Maybe we need to raise more political awareness of RLP's unsavoury activities.

[buzby]

Yes I'm sure the CRAs are kicking themselves after all they would likely love the opportunity to put such data on someone's credit file and charge extra for viewing it.

 

Talk about the icing on the cake! I bet they never thought of that when the whole thing started - yet people are happy to sign up for 'free' trials, aparrently happy to disclose additional data freely (as part of their application) and for this volunteered data to be added to the file!

[diddydicky]

I'd go further and suggest that there shouldn't be ANY names on that database other than people they have successfully pursued through the courts. It is not up to RLP to label someone as dishonest on the say so of a shop employee. They have on their website an opinion from a QC stating their actions are lawful - and very proud of it they are. This 'opinion' has nothing about the database and quite clearly uses the term 'thief' as someone they are entitled to pursue for compensation. Until and unless they get judgement in either criminal or civil court an individual isn't a thief, they are accused of theft which is an entirely different thing.

 

a civil court never never find anyone to be a thief- a civil court cannot hear a criminal trial

[buzby]

Perhaps they will have to if someone can demonstrate that they have suffered a harm as a result of inclusion on the database, or complains about being on it.

 

I don't believe they have to prove 'harm' - only that their details are recorded and no permission has been provided to do so.

[diddydicky]

Just a thought, even if the person stopped is innocent due to faulty/not removed tag, and a correct receipt shown, if the shopper has signed something proffered by security at the time, as a "Well this clears it up sorry you have been troubled, sign this to close the matter" then the permission will likely be in the small print of what has been signed. Signing a banning order or anything else may also contain a permission to process.

 

ANTHING you sign in store- would be easily challenged on the basis that the alleged offender felt obliged or pressured into signing and did not have the opportunity to take legal advice

[diddydicky]

I don't believe they have to prove 'harm' - only that their details are recorded and no permission has been provided to do so.

 

by definition the mere placing on the records of an accusation of dishonesty would amount to libel- since without doubt- the person entering the information onto the database would have been a third party (data processing clerk etc - and not the accuser)

 

a libel is committed when such an unfounded accusation is transmitted to a third party by the person making the accusation

 

it is of no consequence that the "third party" is a colleague or co employee- the accusation was still transmitted to a third party- and that party's opinion of the subject WOULD be tainted by the accusation

[hightail]

a civil court never never find anyone to be a thief- a civil court cannot hear a criminal trial

 

True and I do know the difference but at least it would have been decided by a higher authority than a shop assistant that the accused was more likely than not to have done something dishonest. RLP would at least have some defence to branding people if they took them to court - any court.

[andydd]

True and I do know the difference but at least it would have been decided by a higher authority than a shop assistant that the accused was more likely than not to have done something dishonest. RLP would at least have some defence to branding people if they took them to court - any court.

 

But of course RLP have never gone anywhere near a court room, the best they can do is mention bizarre presecedents that CAB concludes have no real bearing on a shoplifting case.

 

Andy

[brassnecked]

But of course RLP have never gone anywhere near a court room, the best they can do is mention bizarre presecedents that CAB concludes have no real bearing on a shoplifting case.

 

Andy

 

They have only won a couple of UNDEFENDED cases by default, they may well run into difficulty if someone vigorously defended themselves, and they shock horror like several Private parking Companies who chanced their arm in court, lost, especially if it was a non crime with no police intervention and no goods were lost, therefore the consequential loss was pennies rather than the £135 + of their "Civil Penalty"