HSBC Going to Court to obtain my data!??

[craigten]

Hi, please can anyone give me the address that i need to send my s.a.r to hsbc please?

[craigten]

Hello.

Many of us suspect that banks hold information on us that go back beyond the 6 year statutory limit but when you send a SAR, that’s usually all they send you. I was wondering - has anyone complained to the ICO about this and have the ICO checked it?

[craigten]

Brilliant, thank you. The bank concerned is HSBC and the loan was, unfortunately, back in 1998. I have once, many years ago, sent a SAR and they said something like they only keep it for six years. So, if I do it again and get the same answer, what then, please? Also, do Experian, etc keep records going back that far?

[craigten]

Oooh.....let me take a look....

[craigten]

Apologies for this, I cannot find them.

However, could someone point me towards the appropriate SAR to send HSBC for my data on this wonderful site. I am unable to find it, but then my navigation skills are not good....they're awful!!!

[craigten]

Do you have a copy of the letter in which they said that they only keep data for six years?

 

Although I am sending an SAR by post,

I rang HSBC up earlier and it took 30 minutes for the person to tell me that they can see that I have had 5 loans and one 'Flexiloan' account,

he could only see the dates of 5 May 2004 and 7 December 2015 and said that he will "pass on the request for more details,

including whether or not I had PPI to the 'Specialist Team' to double check"

and noted that HSBC had sent me a letter in 2013 declaring that they could see that I had loans

, due to the Data Protection Act,

they do not hold data for more than six years'.

 

I have asked for a copy of this letter to be sent again to me.

 

Thoughts?

[craigten]

hsbc.

[craigten]

Do you have a copy of the letter in which they said that they only keep data for six years?

 

Finally got this for you....and then some:

 

Don't hate me for this but before I get around to sending a SAR, I just thought, out of curiosity, I would try them direct.

 

This is what I received - they include the quotes 'ensure records are identified and securely retained for the appropriate period of time, and destroyed / deleted in a controlled manner on expiry of the retention period' and

 

'Please note that we only hold paperwork for the last 6 years in accordance with The Data Protection Act'.

 

Your thoughts, please?

 

Links to letters here:

https://drive.google.com/open?id=1-inVQ2twccx-eXP-aGMGSRWCr59mT1p1

 

https://drive.google.com/open?id=1qwIWqa_0MtIoGxQj06W857oZ8sBISGZo

[craigten]

That is just wonderful!!!

SAR it is then. However, I think I'll send that letter to the Data Controller....just got to find out who it is!!

 

However, now due to GDRP, won't Banks be jumping to attention and actually deleting all this data (for their own benefits)?

[craigten]

Sorry for the delay here, is this what I should now do?

 

I have sent an SAR by Recorded Delivery last week but I'd like to address this letter, if I can.

 

Is there a specific template to ask for proof that they have destroyed / no longer have the data?

 

As soon as you let me know, I'll get on it!!

[craigten]

Exhaust Sat 1st

 

???

[craigten]

Update here:

On 7th January I sent the following SAR to HSBC by 'signed for' post:

HSBC Bank Plc

8 Canada Square,

London,

E14 5HQ

 

 

7th January 2019

 

 

Dear Sir/Madam

 

 

GENERAL DATA PROTECTION REGULATIONS - SUBJECT ACCESS REQUEST

ACCOUNT /REF NUMBER xxx

 

[template removed - please read its top line! - dx]

 

Up to this point, all I have received are two letters both addressing a loan each but both stating that they no longer have records of them. This is not what I asked for.

The latest letter, received this week, is below:

 

(I tried to upload it as a PDF after I had converted it but I received a message saying that 'you do not have permission to upload that file or format'??)

jpg2pdf.pdf

Edited February 9, 2019 by dx100uk
merge/template removal

[craigten]

Thank you.

I am still a customer. I have more than one account with them. Of the six different 'loan accounts', I still have one, I think.

I'm quite cheesed off that they seem to be viewing the SAR as simply a token request for details of the loans. Am I being too sceptical here....or do they know exactly what they are doing here?

[craigten]

Wow!!! Thank you again. Quick one - 'letter of the tape'?

[craigten]

So do they know full well what they’re doing by ignoring the SAR, as such?

[craigten]

No, of course you’re right.

 

This really is brilliant! Thank you again!

[craigten]

An update that probably isn't that important but I thought it necessary:

The SAR package did arrive, albeit past the time limit, but I not in their letter it makes no mention of the six year 'limit':

 

Rightio, letter printed and ready to go.

They have used the six year excuse on six separate letters.

 

Three final questions:

1. Do I use the 8 Canada Square address?

2. Do I address it to any sub-section particular, ie, the SAR department?

3. Has anyone got details of the data controller so I can send them a copy too?

 

Among the papers of data, statements, etc were these screenshots of forum posts on the MSE website

(not my posts or threads, either, I don't think (the username is blanked out)?), is this a little odd??

 

 

SAR Return.pdf

[craigten]

Hi.

It does say on there that it is the MSE website?

[craigten]

Interesting. Soooo....what do I do about this? Do I complain to them or the ICO?

[craigten]

They aren’t, my original post was to express surprise that they have attributed these to me!?!? And that they monitor and store these kind of things.

[craigten]

Thank you.

 

Final question for a while - letters sent today via recorded delivery. How long should I give them?

[craigten]

Update:

February 16th I sent HSBC this to the Canada Square address via recorded delivery:

You claim that you no longer have the data I require because you are required by the data protection act to destroy it after six years.
You should understand that I'm fully aware that the data protection act contains no such provision – but if you insist that it does then please let me know the particular section of the Data Protection Act which contains the obligation.

Accordingly I reject your position that you do not have the data and I believe that you are withholding the data from me because you feel that it would be disadvantageous to you to provide it to me. It maybe that the data is within some archive service and of which you are fully aware.

If it is your position that the data has been destroyed then please will you provide a certificate of destruction from your data controller.

I should warn you that I am sending your letter of the 4 February 2019, along with your other letters stating the same ‘six year’ statement of 18 February 2013, 8 July 2013, 4 April 2012, 15 September 2010, containing your misleading information about the Data Protection Act to the information Commissioner as part of the complaint.
If you do not provide me with a certificate of destruction signed by your data controller then I will add that to the information Commissioner's complaint as well.

I would also remind you that you have a duty to treat your customers fairly and in particular to communicate with them fairly. This is a statutory duty created by the Financial Conduct Authority.

By attempting to mislead me as to your Data Protection obligations, you are already in breach of your statutory duty. It would now be helpful if you would begin to treat your responsibilities according to law in order to avoid further complaints.

I have sent a copy of this to the data controller

 

I sent it again on February 23rd and again on Monday (11th March). It is coming up to a month since my first letter and it would seem that they are stalling.

 

Thoughts, please, anyone?

[craigten]

What court route? I’m intrigued....

[craigten]

OK people, still no word from HSBC on this.

How do i start the ball rolling again.

Suggestions, please?

[craigten]

OK.

Honest answer here - do you think these know that there is evidence and they are just trying to ignore?