Lowell Portfolio Data Protection breach

[Testament]

I have been communicating with Lowell Portfolio regarding them processing my data incorrectly.

 

A SAR was submitted and then a complaint was lodged with the Information Commissioner

as I believed the SAR had not been dealt with in time.

 

The SAR was sent to them at the beginning of April,

requesting they notify me of a charge,

however after the expiration of 40 days I sent in a £10 postal order.

 

During this period Lowell wrote to me confirming they had rectified the incorrect entry

and offered me £250 compensation.

 

As the complaint was still being investigated by the ICO,

I declined the offer of compensation until I received the adjudication from the ICO.

 

I have now received a response from the ICO confirming that

"on the basis of all of the information provided by you and Lowell Portfolio Ltd,

we have decided that it is unlikely that Lowell Portfolio Ltd

has complied with the requirements of the DPA in this case".

 

The ICO have indicated that they believe the SAR was dealt with as in their opinion

"Lowell Portfolio Ltd have explained that on 8 April 2013 they received a letter from you dated 2 April 2013

in which you stated you were making a subject access request under the provisions of the DPA.

 

In this letter you also asked Lowell Portfolio Ltd to inform you if there was a fee that should accompany your request.

 

However, before Lowell Portfolio Ltd could respond and make you aware of the required fee to comply with this request

they received your further letter dated 14 May 2013 which included the requisite £10.00 fee".

 

Lowell sent the information on the 24th June, bang on the 40 days.

 

Now I may be biased, but I can't help feeling aggrieved at the ICO adjudication in respect of the SAR compliance,

especially as Lowell had my address, email address and mobile telephone number

and made no attempt to contact me to advise of the fee

and the ICO think that over a month is a sufficient time for them not to reply!!!

 

A situation I will have to deal with I suppose, but leads me to the point of my question.

 

As Lowell have breached the 4th and 6th principle, what legal recourse do I have?

 

Unfortunately I am not in the financial position to employ a solicitor at this stage.

 

I understand that I can lodge a claim in the County Court but my dilemma is the level of compensation I should be seeking.

 

I don't want to be greedy, however I don't want the company to get away with it either.

 

Suffice to say the ICO have indicated that they won't be taking any further action against Lowell at this time.

 

Any help/advice/guidance will be greatly received.

Edited October 16, 2013 by Andyorch
Paragraphs added

[dx100uk]

take it!

 

I cant see they have actually done wrong

the SAR starts ticking from when you paid the fee.

 

dx

[Testament]

take it!

 

I cant see they have actually done wrong

the SAR starts ticking from when you paid the fee.

 

dx

 

Thanks for reply dx,

 

just to clarify as my post probably waffles on,

 

my issue is not with the SAR but with how much I should be looking at for the DPA breaches in connection with processing incorrect data,

for in excess of a year and taking around six months to correct it when notified.

 

The ICO have confirmed the breaches

 

my first step is to negotiate with the company and see what they say.

 

...was just looking at a ball park figure

 

I know when to snap their hand off,

 

hold out for more or go through the courts.

[dx100uk]

right it did waffle....

 

so what was the data breech and did it effect any credit int rates or cause refusal?

 

we need to know what they did wrong

and over that time

what impact it had on your finances

 

dx

[sequenci]

hold out for more or go through the courts.

 

What 'damage' have you actually endured? Can you put a quantifiable figure on it? £250 sounds good to me.