NON compliance with the DPA 1998

[Russe11]

whats the procedure if the organization is not complying with your request ?

 

Do I sue them ?

 

Do I put a claim in for the request of the data using the case law regarding

the fact that statment information is personal data, it is a credit company by the way.

 

Or

 

Do I inform the information commisioner, then let them do the job ?

 

Is there another way, breach of the data protection act is ment to be a very serious offence - will they get penalised ?

[Russe11]

In the Durant vs Lloyds (2004) case the judge ruled that bank statement information is "personal information" and thus all information that is in your statements is covered by the act; couple that with the fact that it is for a prospective legal case and they HAVE to give you the info under the DPA.

 

so who is it up to enforce this ?

[Guest]

The Information Commissioner is the first place to go. He's the one with the big stick when it comes to not obeying the DPA. He has the power to fine companies that fail to, or refuse to, comply. He even has the authority to revoke their data protection licence, prohibiting them from storing personal data on customers, although in practice he's never used that power against anyone.

 

Unlike the financial ombudsman and the bank complaints ombudsman, he's NOT funded directly or indirectly by the banks, so he won't take any stick from them.

[Russe11]

Thanks, do you know the times scales it takes for the IC to get moving ?

 

surely this will all be taken inti account in my claim

[Guest]

I'm afraid I don't, but if anything DOES go to court, it's something to tell the court - that your bank refused to comply with a lawfully made DPA request. The court will start off not being happy with the bank over that.

[Falkirk1298]

In the Durant vs Lloyds (2004) case the judge ruled that bank statement information is "personal information" and thus all information that is in your statements is covered by the act; couple that with the fact that it is for a prospective legal case and they HAVE to give you the info under the DPA.

 

so who is it up to enforce this ?

 

I've seen this "Durant vs Lloyds TSB" case quoted a number of times. I can't find a reference to this case on the net though, and I'd like to read the judgement before I rely on it so can anyone provide a source?

 

ta

 

John

[BankFodder]

You have the wrong name. It's Durant v FSA and you can find a readable summary and commentary in the Library.

 

(It actually involved Barclays)

[Falkirk1298]

You have the wrong name. It's Durant v FSA and you can find a readable summary and commentary in the Library.

 

(It actually involved Barclays)

 

I thought that must be the case, thanks.

 

John

[diddled]

In my case the Information Commissioner carried out an assessment (without examining the banks records) and based her conclusion in the banks favour on the balance of probability. She stated that there was no precise scientific formula that could be applied in reaching a definate conclusion in every case.

The Information Commissioner wrote to the bank on 1st November 2001 and having received no reply chased it up by letter dated 15th January 2002. The assessment was fully completed by mid June 2002.

As the IC failed to examine the bank's records, the onus was passed to me to provide evidence that the bank held personal data or to seek a remedy through the courts.

This makes a mockery of the Directive and DPA 1998

[Guest]

This makes no sense at all - You don't even have to examine the banks records to know they keep personal data about you on computer. Whenever you ring telephone banking they ask you for pin and password details which they key into a computer to verify you are who you say you are. Then they call you by name.

 

These details obviously come from computer as they take seconds to retrieve - what more evidence does one need?

[diddled]

Sorry, I omitted a few words from my sentence, Ive added my omissions in capital letters below

As the IC failed to examine the bank's records, the onus was passed to me to provide evidence that the bank had WITHheld personal data THAT WAS WITHIN THE REMIT OF THE ACT or to seek a remedy through the courts.

This makes a mockery of the Directive and DPA 1998

[BankFodder]

On that basis it seems to me that there is a basis for seeking a review of the decision of the IC and to require him to reconsider the complaint.

 

However, very difficult and expensive. Is legal aid available for Judicial review?

[diddled]

I dont know whether legal aid is available for a DPA Judicial Review

I'm awaiting the outcome of the European Commissions investigations into the UK's implementation of the Directive before I make my next move.

[gothicf0rm]

i made a request to UBS under the DPA a few weeks ago, the stupid fools sent me details on how to open an account. once the time is up a complaint is going in against them.

[Russe11]

Well after spending a bit of time looking through a perons rights with regard to the data protection, this bit has stood out like a sore thumb....

 

Prevention of automated decision making.

 

You can write to a data controller to ask that they do not take any decision that significantly affects you based solely on an automated process.

 

 

That seems pretty clear to me that you can ask your bank not to charge you ever again as its an automated process, if they wish to apply charges they must use a different method to make the decision.

 

So should we all right to the banks and ask that they never charge us or change our credit rating via their automated systems ?

 

They way its veiwed is that you must ask first, if they still do it afterwards then they will be acting illegaly. How do you then prove afterwards that they have done it on a automated basis.

 

Could this be good ground to stand on if you have not yet started against your bank, knowing the fact there might be more charges to come.... just a thought.

[diddled]

It may make the problem worse, because the banks would probably argue that using a different method, ie manually would increase their costs. This would give them a lever to increase their charges.

 

Non-compliance with a request would be very difficult to prove, because

under section 15(2) of the Act a court has discretion to examine a data controllers records, but in practice the courts seem reluctant to go to such lengths.

 

The bank tampered with my records, several months after the debt had been repaid in full, and during the course of the Ombudsman's investigation.

 

I contacted the Fraud Squad for advice, but the Police suggested that Banks are notorious for changing their systems, and even if they went in with a search warrant there was no guarantee they would come out with what they were looking for.

[Guest]

Which just backs up what I said about the natwest and statements.

 

Strictly speaking, they don't TAMPER with the statements, because it's them that produce the statements, but they make their errors disappear without trace so that on the resulting paper trail - the bank NEVER makes a mistake.

 

Strange that, isn't it?

[Russe11]

yes, but if you went high court...... the banks did a cover up job, sureley the truth would out. Or is it back handers and brown envolopes

[diddled]

Personal data is only disclosable if it is "caught" by the Act.

To be "caught" by the Act the data must be either

a) automated

or

b) held in manual files that are considered to constitute a relevant filing system

A manual file relating to a specific individual is not deemed by the courts to be a relevant filing system if the data is simply held in chronoligical order.

[diddled]

It all depends

If an individuals manual file has dividers for say health,hobbies,employment,sickness etc and the information relating to these categories is stored chronologically it would probably be deemed a relevant filing system

[joesweetsllm]

Durant v FSA EWCA Civ 1746. Full judgment at www.bailii then type into search

the case name.

Why is it an important case ? It demonstrates the complexity of getting any result under the DPA and how a secondary issue can overtake and cost far more than the subject matter of any claim. Secondly it shows that the judiciary are split as to the correct way to apply EU directives that you and I may rely upon.

On the one hand there is the school of thought that says one relies upon the DPA and only looks to a Directive for guidance. The other, says one goes direct to the Directive. I prefer the latter. Nevertheless depending upon which method is adopted could potentially effect the outcome of any complaint.

 

It cannot be disputed that the United Kingdom is bound to give Full effect to the objectives of EU directives. As I recall the Information Commissioner together with various commentators " admitted " in the aftermath of Soham and Humberside Police failure to detect Huntley, that the DPA was far too complex - unintelligable. The DPA as well as the Courts have to give effect to the Directive. To whit the United Kingdom could in certain circumstances be in breach of the directive. So you can always complain to the EU Commission and get them to do " the dirty work " notwithstanding making it an issues with your MP & MEP.

 

The real sting in the tail is when you put 2 directives together such as the Consumer Protective [ Unfair Contract Terms ] Directive. Being new to this site

I look at how much debate there is about English Law concepts etc - but if

people really want to hit the nail on the head with banks etc - look up the Unfair Contracts Terms Directive, the ECJ's ruling in Codifis under that directive and Spanish Publishers case mentioned in Codifis. If anyone is going to rely upon the cases in Court, make sure that you take someone who keeps a note on the ruling and ask for it to mechanically recorded.

 

The Commissioners Office needs to pull its finger out and give effect to the directive, and there needs to be legal certainty and minimal complexity in

relation to the DPA - i.e. transparency of expression and transparency of

application. Until then - it looks like the UK is in breach.

 

[Russe11]

This topic was closed on 03/05/19.

If you have a problem which is similar to the issues raised in this topic, then please start a new thread and you will get help and support their.

If you would like to post up some information which is relevant to this particular topic then please flag the issue up to the site team and the thread will be reopened.

- Consumer Action Group