HOBSO breach data protection act

[Lariele]

I don't really know where to put this, so I've picked here if it is wrong, I apologise. I really want to make as many people as possible aware of my story:

 

On Tuesday 8 August 2006 I went and had a jab for Tetanus, Diphtheria and Polio. I was laid up for a couple of days after and returned to work on the Friday 11th August for half a day. When I got there, I called Halifax insurance division in relation to a problem I was having with a buildings insurance policy that was a block policy. They had not noted another property by address on the block policy which was taken out in 1997 (the property is the flat above my own) - they told me that they were not insuring anything other than one property and they said "we did tell you all this on 8th August."

 

Cue my concern that I didn't speak to them on 8th August - so who did they speak to? I was still rather poorly and let it slide till Monday 14th when I was back to full health.

 

I called them on 14th and asked who they had spoken to on the 8th as it certainly wasn't me. Apparently "someone" had gone into my local branch in Wimbledon and had spoken to a member of staff there, who had called the Insurance division on two separate occasions over some time from 11:55am. The staff member, who's name I won't reveal initially though I am sorely tempted to do so, was a woman who had worked for Halifax for some time and was a very experienced staffer - so much so that she was the front of house contact person.

 

As it turns out, the person who walked in was a man. I am a woman with a rather feminine name, and frankly never in my life have I ever met a man with my name. I don't honestly ever think I will either.

 

Apparently, this man had some kind of letter from a solicitor - the letter has never been produced by Halifax BOS, therefore it either doesn't exist or they didn't bother to take a copy of it to help back them up when they were caught.

 

So it transpires that the man who did this was the man who lives upstairs from me. He admitted this to me on 1 September, where he laughed in my face and said he hadn't broken the law but the bank were at fault as they shouldn't have given him the information, he didn't care though as he had what he wanted. The information they gave him was that the building he lives in is not insured, this was incorrect information and Halifax insurance have since assured me that the building IS insured and has been insured since 1997. They changed underwriters at one point and therefore they no longer offer block policies but that they would honour the policy but not renew it in October (as it happens they sent me a renewal letter just this week!).

 

The man owed me insurance payments for the last four years and in light of the information they gave him, he refused to pay what he owed.

 

I tried to call Halifax on 14th August; some 40 telephone calls later (in which I was asked my security details twice only) where you call a number that takes you through to a call centre who then connect you to the branch (they won't give you the branch telephone number) yielded nothing but a ringing phone repeatedly.

 

Eventually I extracted a fax number and branch manager’s name. I sent 5 faxes asking them to call me urgently as there was a possible fraud / ID theft going on on one of my accounts (at this stage I didn't know who had got the info just that someone had). I received silence in response. The call centre assured me they had sent emails to the Manager and to the staff member who had given out my information asking them to call me.

 

I had no choice then but to take 15th August off work. I'd wasted an entire working day on phone calls and faxes and now I was forced to take a day off to go and deal with this.

 

I went into my branch in Wimbledon and the first person I met was the staff member in question. I asked her if she recognised me, and when she said no I presented her with my passport and asked her if she recognised my name now. Her face paled a little and then I hit with the burning question "could you explain to me why you have given out information on one of my accounts last Tuesday morning to someone who was not me?"

 

She went to get the manager. She then came out and offered me a cup of tea or coffee in the nicest possible way but her face gave away that she was rather scared and upset. She knew she had done wrong.

 

The manager finally came out and I requested that we establish a) was it a man or a woman who had come in b) I wished to view CCTV footage and c) I wished the police to be involved.

 

I was sweet talked nicely and told I had to give them 5 days and that CCTV footage is not held on the premises and that I shouldn't involve the police just yet.

 

I left rather incensed and still with no explanation. So I took a trip to the police who told me that I should give them the five days they requested and then review how I felt.

 

Five days came and passed. I called the manager (she gave me a number for the branch finally) and asked what was happening. She said she'd passed it to head office "haven't they contacted you?"

 

She then composed a letter admitting liability and offered me £50 as a gesture of goodwill and hand delivered the letter on her way home that night.

 

I wrote back thanking her for the gesture and pointing out the very real and actual cost to me in terms of finances (two days salary) and in addition the worry that my personal data was now floating around with some random stranger who walked in off the street.

 

I was told it was to be passed to head office.

 

8 weeks later I finally get a scrawled letter saying "sorry you aren't happy we can offer you £150 as full and final settlement" and here’s how to contact the ombudsman. I've not replied to that, but I chatted to the nice chap in customer services who was dealing with the insurance side of things.

 

He asked me how everything else was; I told him what they had said in the banking division. Interestingly he was rather shocked himself and said he thought it was appalling and that it seemed a bit stupid to just offer £150 which doesn’t cover my costs, and suggest I go to the ombudsman when it will cost Halifax £380 if I go to the ombudsman irrespective of whether they are found at fault or not!

 

Anyway so here I am, with an offer of £150 in full and final settlement - I don't want to accept it as "full and final settlement" - I'd hoped they would go after the guy as it is the guy who lives upstairs from me and he has openly admitted he did it. His solicitor tried to fob it off as "oh his mortgage is with Halifax thats why he did it" when the reality is, he bought his place for cash outright - he doesn't have a mortgage.

 

So I guess I'm taking a nice trip to the Ombudsman and wondering how I go about contacting the Information Comissioners Office.

 

Ultimately for me it isn't about the money side of things, it is entirely the principle of the thing; that a random person of the opposite sex can walk in off the street and just get detailled information about policy or account documents without challenge from the staff at Halifax.

 

So since they were nice and understanding and helpful about this, I'm going to stick a SAR in next week when I've finished putting together my nat west claim

[Guest bluecloud]

I think, in the first instance, go straight to either the CAB or see a solicitor. Breaches of the DPA like this are very, very serious. If you contact the Data Protection Comissioner then they have set procedures in place, however, given that you have been in correspondance with the bank and spoken to your neighbour and his solicitor you really do need professional legal advice. Sorry if that's not what you were hoping for but unless someone else knows better it's probably the best advice you'll get.

 

 

 

.

[Lariele]

Thanks for the reply! Not sure what I need the legal advice for tho? I mean clearly they aren't going to do anything about the breach and they have made it absolutely crystal clear that this is the final and full settlement they would be prepared to offer. Oddly its not really about the money its more about what the hell they are going to do to stop this happening again in the future. And today I read that the indian call centres that Halifax employed have been selling our data for a fiver a pop! Credit data stolen at Indian call centres - Sunday Times - Times Online

[Guest bluecloud]

You may not get any direct financial compensation from the breach but the Halifax will probably be fined. Any fines can increase for repeated offences. Continued offences under the Act can in some cases lead to a removal of a company from the Data Protection register which would mean that company was prohibited from storing personal data - that would be very bad for a bank.

 

 

.

[Lariele]

Yep thats exactly what I'd like to see happen - see them fined. I'd like to see that happen its like giving them a kick in the hoobajoobs via someone else. I dunno if I should accept the £150 and tell them I dont accept it as full and final settlement or just ignore it and hit up the information commissioners office and the ombudsman.

 

Wondering if I should contact the FSA too

[Guest bluecloud]

It certainly would hurt as one, nor would it hurt to get in touch with the OFT as one of the requirements under the Consumer Credit Act 1974 is to be a "fit and proper person". In legal-speak that generally means they ain't allowed to screw-up.

 

 

.

[Lariele]

Ooh good call re OFT.. hrmm I guess tonight I spend my evening doing more research and less knitting

[markt]

i can't understand why you cant take them to court for 2 days pay, phone calls etc. im probably being naive. very interested though as BT called my home line then proceeded to divulge to our nanny that w e hadnt paid the phone bill without establishing who she was!!!

 

im waiting for them to conclude their investigations hahahaha ...

[Lariele]

i can't understand why you cant take them to court for 2 days pay, phone calls etc. im probably being naive. very interested though as BT called my home line then proceeded to divulge to our nanny that w e hadnt paid the phone bill without establishing who she was!!!

 

im waiting for them to conclude their investigations hahahaha ...

 

haha I'd be hopping mad if they did that!

 

Funny thing is this, when I was about Ooo 18 my mum persuaded one of my brothers to call my bank and ask them about my financial status. Anyway long story short bank read me the notes of his conversation with them over the phone to me - at the end the guy said "oh *&^% I wasnt supposed to tell you that" - back then there was no data protection act to protect me. Today there is - its bad enough when a family member does it but a complete stranger? I want their guts and his for garters. I'd like some new earrings made of some of their dangly bits too

[Lariele]

Apparently, according to their Customer Services Representative whom I spoke to this morning (I returned her call to me) the Data Protection department at Halifax BOS don't believe that a man walking in off the street and gaining access to my personal information which was held in my name only is a breach of the data protection act!

 

I've blogged my story - I'd like to have it passed around and bandied about as much as possible so heres a link if anyone is interested.

 

I've put in a complaint with the Consumer complaints web page of the OFT suggesting that Halifax service is "not fit for purpose." Taking the day off today to fill in the forms for the information commissioners office and to read up on the banking ombudsman. How they can now say "it wasn't a breach in the data protection act" when they have already admitted liability in a letter to me I don't know.