People often talk about the Data Protection Act, but in reality few people know very much about it. It is a very powerful piece of legislation aimed at protecting consumers against the unlawful handling of their personal information, and one which provides rights and remedies if you suffer damage or distress as a result.
The responsibilities of companies and organizations
The Data Protection Act requires that any organization which handles or processes personal data must comply with eight data protection principles – that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
In practice this means that if an organization causes you additional expense or long term inconvenience as a result of incorrect personal information about you, that organization would be in breach of the Data protection Act and liable to pay you compensation.
The rights of individuals
One of the principle purposes of the Data Protection Act is to give individuals the right to know and control what data is stored and how it is used. Therefore if you are in any way curious or suspicious as to what information organizations might hold on file about you, you have the right to make a Subject Access Request. This is a simple request in writing to the organization you believe to be holding or processing the data. Your request must include the relevant fee (maximum £10) and the reply must be received within 40 days. Many Subject Access Requests are made to credit reference agencies, so that people can find out about their various credit ratings. In this case, the fee is only £2 and a reply must be received within 7 days.
In addition to the right to know what information exists about you, you also have the right to request that inaccurate or inappropriate personal details be corrected or removed, or that personal information not be processed at all, if it leads to significant damage or distress on your part. But even in the absence of damage or distress, you can still stop all processing of your personal data for direct marketing purposes by writing to the company which is targeting you and requesting they take your details off their mailing lists.
Most common ways in which companies breach the Data Protection Act
- If companies mix up your details with someone else and wrongly charge you – typically telecoms and utility companies
- Where you have been refused credit as a result of the wrong information given by a credit reference agency
- CCTV without warning signage
- Recorded or monitored telephone calls without warning
Taking further action
If you feel an organization you’ve had dealings with is in breach of any of the 8 principles listed above, perhaps because you are being denied access to personal information they hold about you, or this information is inaccurate or being handled improperly, your first course of action must be to write to the data processor for the company itself (there must be a contact postal address on the website or correspondence). If you are unsure as to whether there has been a breach, or the organization is simply not responding to a request you have made, you should ask the Information Commissioner’s Office to undertake an Assessment Procedure. The Outcome of the Assessment is usually enough to force the organization to comply, if it isn’t, the ICO can take enforcement action. Under the act, if you can show the improper handling of personal data has caused damage or distress to you, you have the right to claim compensation through the courts.
The Data Protection Act is a very powerful piece of legislation as far as consumer rights are concerned – when it is mentioned, companies usually listen. However, it is also very much under-utilised and few people exercise their rights or invoke the assessment procedure which is offered by the ICO.
More info: http://www.ico.gov.uk/
Preventing junk mailing or cold calling as a whole
In accordance with the Data Protection Act, most firms’ marketing departments have to comply with the principles of the Data Protection Act in terms of how they deal with personal data. Nobody likes to receive excessive amounts of junk mail, and it is your right not to receive any. The Direct Marketing Association (DMA) runs the Mailing Preference Service and the Telephone Preference Service. If you apply to have your details (and the details of anybody else living in your household) put on the list, most firms will pay reference to this list when sending out marketing material.
More info: http://www.dma.org.uk/
HI I need some advice.my previous landlord gave out my name and phone number to a previous tenant who threatened me with violence over property that had been left there prior to me moving in and still there when I moved out. There as been issues since I asked my landlord for my deposit back and he’s refusing. The police are involved now and the old tenant as made a statement confirming he got my details off rhe landlord. As he broke data protection and where can I get help. So stressed
The police had been dealing with a crime of which I was the victim.
I had strongly made sure they was not to ring the house with the matter as my parents I did not want to know.
They had passed my house number onto customer care on half of Merseyside police.
I have then had several phone calls made to my parents in relation to what had happened recently.
They have me no warning my contact information would be passed onto any third party ?
Are they in breach on my own personal data protection?
If a company has sent a cheque in my name to my ex’s address (I have never lived there) are they in breech of Data protection?
Despite repeated requests from both myself and my daughter to the Nationwide Building Society to remove my telephone number from her account they continue to phone up 5-6 times per week. Is this a breach?
I received my payslip by email as normal but also reviewed 19 other wage slips in the same email containing thier name address and national insurance number. The company have apologised and said it was isolated email. But how do I know that and what can I do?
Would the company be breaching Data protection law in the following example?
Customers son has been contacted to ask if he could ask his mother to check if she has been charged xx£ of money on xx date. As well as he has been asked to ask his mother if her first 4 digits of her card is xxxx?
Please advice.
Thanks
I have a stalker.
I run events for charity, I have vendors putting there market fees into my account, no issue with that. but. my stalker not related to my events is asking my vendors for my personal details and especialy my bank details. wanting to know what the name of my bank is,,, account number,,, sort code,,, etc…
My vendors have declined the information but is what he is doing illegal in any way.. It is a fake social media account and we have no way of knowing the true identity.
Can anyone advice.
Thank you.
Bugsy Malone
(name with held for safety)
I have been having trouble with my former employers, I requested copies of my occupational health records from there chief medical officer but having had a copy a few years ago he would not comply with my request,
My former employers hired a high profile solicitor to take legal action against me for they say harassment. I told this solicitor I wanted my occupational health records, He said he could get them so I said ok, He contacted the chief medical officer who posted my health records to this solicitor in London, I feel I have been mislead they should have been posted to me not him directly, I thought this to be very odd has that solicitor then had to post them to me, Then this solicitor asked for consent to read my och records he said he had another set, But I refused consent,
Where do I stand has the chief medical officer broken the law by making copies of my och records without written authorisation or consent from me, And has this solicitor been dishonest and misleading, Could you reply I have made a formal complaint to the ICO.
Can you advise me please my mother in law has dementia me and my husband have been looking after her for 7 months doing everything, all of a sudden got call from sister in law laughing as she found will and my husband was written out of it on 19/01/2008 do not know why. Over the last week my husband has been getting nasty txts off his sister accusing him of doing things to mum . The stress making husband ill doctor said he heading for heart attack ( he is my carer as I’m disabled) . So we packed everything up have the dentist for her new dentures and opticians for her glasses his sister’s details and phone numbers. She said she is going to sue us for giving out her details can she do this?
An online shopping company somehow mixed up accounts with another person, we have had 6 parcels arrive addressed to us which we did not order, another persons account has got mixed up with ours, we contacted the company and were told to leave the parcels and a courier would collect them, today the persons who originally ordered the goods knocked at our door saying her parcels were here for collection,have the company breached data protection by giving out our name and address?
My only experience in life with the data protection act is companies using it as an excuse to refuse to cooperate with my requests. I have a credit card account that my wife shares a partner card on. She bought something on the card that was for both of us. I provided the company concerned with all the relevant details of the purchase because I wanted a refund. They refused because of the DPA. Is this lawful please?