The Data Protection Act

People often talk about the Data Protection Act, but in reality few people know very much about it. It is a very powerful piece of legislation aimed at protecting consumers against the unlawful handling of their personal information, and one which provides rights and remedies if you suffer damage or distress as a result.

The responsibilities of companies and organizations

The Data Protection Act requires that any organization which handles or processes personal data must comply with eight data protection principles – that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

In practice this means that if an organization causes you additional expense or long term inconvenience as a result of incorrect personal information about you, that organization would be in breach of the Data protection Act and liable to pay you compensation.

The rights of individuals

One of the principle purposes of the Data Protection Act is to give individuals the right to know and control what data is stored and how it is used. Therefore if you are in any way curious or suspicious as to what information organizations might hold on file about you, you have the right to make a Subject Access Request. This is a simple request in writing to the organization you believe to be holding or processing the data. Your request must include the relevant fee (maximum £10) and the reply must be received within 40 days. Many Subject Access Requests are made to credit reference agencies, so that people can find out about their various credit ratings. In this case, the fee is only £2 and a reply must be received within 7 days.

In addition to the right to know what information exists about you, you also have the right to request that inaccurate or inappropriate personal details be corrected or removed, or that personal information not be processed at all, if it leads to significant damage or distress on your part. But even in the absence of damage or distress, you can still stop all processing of your personal data for direct marketing purposes by writing to the company which is targeting you and requesting they take your details off their mailing lists.

Most common ways in which companies breach the Data Protection Act

  • If companies mix up your details with someone else and wrongly charge you – typically telecoms and utility companies
  • Where you have been refused credit as a result of the wrong information given by a credit reference agency
  • CCTV without warning signage
  • Recorded or monitored telephone calls without warning

Taking further action

If you feel an organization you’ve had dealings with is in breach of any of the 8 principles listed above, perhaps because you are being denied access to personal information they hold about you, or this information is inaccurate or being handled improperly, your first course of action must be to write to the data processor for the company itself (there must be a contact postal address on the website or correspondence). If you are unsure as to whether there has been a breach, or the organization is simply not responding to a request you have made, you should ask the Information Commissioner’s Office to undertake an Assessment Procedure. The Outcome of the Assessment is usually enough to force the organization to comply, if it isn’t, the ICO can take enforcement action. Under the act, if you can show the improper handling of personal data has caused damage or distress to you, you have the right to claim compensation through the courts.

The Data Protection Act is a very powerful piece of legislation as far as consumer rights are concerned – when it is mentioned, companies usually listen. However, it is also very much under-utilised and few people exercise their rights or invoke the assessment procedure which is offered by the ICO.

More info:

Preventing junk mailing or cold calling as a whole

In accordance with the Data Protection Act, most firms’ marketing departments have to comply with the principles of the Data Protection Act in terms of how they deal with personal data. Nobody likes to receive excessive amounts of junk mail, and it is your right not to receive any. The Direct Marketing Association (DMA) runs the Mailing Preference Service and the Telephone Preference Service. If you apply to have your details (and the details of anybody else living in your household) put on the list, most firms will pay reference to this list when sending out marketing material.

More info:

Leave a Comment

160 comments… add one
  • James 4 August, 7:08 pm

    Question about the DPA.

    I recently had contact via letter from a company called ‘Clarity’ who were acting on behalf of a payday loan company (pounds till payday), okay I owe them some money and am having real problems getting them to accept a payment plan.

    Anyway what really annoyed me was that this third party company (Clarity) were using my National Insurance Number as a reference number, obviously from their client.

    Would this breech DPA, sending information like that via the post?

    Looking at the information commisionars website, I can find an entry that says ‘Sensative information like Passport numbers which could be used as identity theft should be handled very seucrly. Now call me ld fashioned buy surely they should not be using my NI number as a reference number and I cannot see why PTP gave it to clarity in the first place.

    Anyone have any suggestions, would be appreciated?


  • Catriona 17 August, 11:05 pm

    James – NI number is personally sensitive information as it can be used to access other info – such as Inland Revenue data. It is inappropriate to be using it as a reference number and may even be in breach of S7 of the DPA. My advice would be to report this to the ICO who will then be able to confirm whether this is correct and may even be able to take this up with Clarity on your behalf.

  • Debbie 20 October, 12:15 pm

    We have been receiving letters marked “private & confidential” to our business address in the name of one of our employees. We have passed these on to him and they are from a pension company which he has had no dealings with. He has called them several times to ask for this information to stop being sent in his name to our workplace. We receieved another letter today which was accidentally opened with all our other post. We called the number on the letter and were told they cannot deal with the employee in question because he is not at the address they have on file, and they will not discuss it with us…as we are not the named person they have the account in the name of. We have explained we are concerned someone somewhere could have a fraudulent policy set up with our, and one of our employees details but they just keep quoting “data protection act” and that they cannot speak to either of us.

    Any ideas?

  • Julie Hunt 30 December, 10:27 am

    How long can a company keep your debit or credit card details on file?

  • Catriona 31 December, 1:14 pm

    Julie, I don’t think a time limit is mentioned in the act, but details can only be kept as long as they are relevant to the company concerned – i.e. that they are still using them to debit your account.

    • Julie Hunt 31 December, 3:33 pm

      Thank you Catriona for letting me know – much appreciated. THe company are still holding my debit card details 3 weeks after transaction had taken place for the ski lift passes. There has been some dispute over the deposits for passes, as there was lack of communication from the reps working for the ski tour operator who did not inform us at the start of the company nor was it in writing in documentation we received prior to our departure that it was a different procedure to previous holidays with them, we, along with other groups staying at the same chalet, took the lift passes back to the lift pass office ourselves to retrieve our refundable deposits. The tour operator did not make it clear that they actually paid for the deposits and that we should have handed them back to the reps. This confusion has resulted in the tour operator informing me that they will charge my card to get the money back. This is what concerns me is that the fact they have been holding our card details for so long, and then decide to take money back whenever they wanted to. I would have quite happily handed over the passes on the last day, or indeed given them the 3 euro deposit per lift pass at the start of the holiday. But instead, it’s resulted into accusations from the owner of the tour operator informing me (and the other guests) that we have committed a deliberate and fraudulent act.

      • Ian Livesey 8 December, 6:38 pm

        Hi Julie,
        I’m no expert but have worked in the financial field and know that they should not even have you card details if they do not poses the reliant DPA standards (which I’d bet they don’t, only a limited number do). Secondly they defiantly should not use these details a second time if you have not expressly authorised them to so.
        I suggest you report them to the DPA directly I’m sure they will be interested.

  • Catriona 5 January, 6:46 pm

    Julie, You did nothing of the kind, if no written or verbal contract or Ts and Cs existed, how could you have acted fraudulently? I’m not too sure of the rules concerning what kind of card info they can hold, but I’m fairly sure you must give your approval for your card to be used at a later date – exactly as they do in hotels. if they are going to keep hold of your card details, there must be some mention of this in their Ts and Cs. If not, request your card details be removed on the basis that they are no longer relevant. You can always report them to the ICO who are always very helpful.

  • Ewan 11 March, 12:53 pm

    A company who has been dealing with my contents insurance has spoken to me on three separate occasions on my mobile phone without confirming any details to establish if I am the correct person. Is this a breach of DPA 1998?

  • Catriona 12 March, 12:27 am

    Ewan, companies should establish you are who you say you are before they can discuss personal details, although from my experience this is more when you phone them rather than when they phone you. I wouldn’t have said it was a breach of DPA as it hasn’t been passed on or unlawfully processed. Go to the ICO’s website for more clarification.

  • Dion Hughes 23 March, 9:12 pm

    My partner was contacted by a debt collection agency, they asked for Mrs Hughes she answered that she was Mrs Hughes, (although were not married, and she has a different surname – she does this sometimes). It transpires that the debt is in the previous occupants name, from about 5-6 years ago, the debt collection agency still has their details linked to my house. Suffice to say, they refused to believe me and quoted the data protection act by threatening my partner with court action for misleading them saying it was against the law to impersonate someone else!!! What I want to know is, have they acted accordingly and is my partner liable to get prosecuted? p.s. This is not the first time we’ve been harassed by debt collection agencies, therefore I believe all of them are holding out of date information.

    • Ian Livesey 8 December, 6:47 pm

      Hi Dion,
      I’m no expert but collection agencies get right up my nose as they flaunt every law going.
      The collection agency are completely wrong on all accounts, first it’s not against the law to use whatever name you like, it’s only illegal if you further commit an illegal act and then use the alias to evade the law or commit fraud (or words to that effect).Secondly they should not be threatening your partner no matter what, that in it’s self is illegal and thirdly they are breaching DPA regulations by holding inaccurate data.
      I’d report them to the DPA if I where you.

  • Catriona 24 March, 10:48 pm

    Dion, No, there is no possibility of your partner being prosecuted. It is the job of the DCA to ensure they are acting on the correct information – clearly they failing in this duty and harassing you like this puts them in breach of the OFT’s guidelines. Please see our section on DCAs for more:

  • Dion Hughes 24 March, 11:56 pm

    Thank you Catriona for your reply. It’s a weight off our minds. I have contacted the Citizens Advise Bureau and they say we might have a case against them for harassment. I have a meeting with them soon. The Debt Collection Agency even phoned me again today!!! I told them I was in contact with the CAB and couldn’t continue any dialogue with them. Ha! They put the phone down very quicky!!!

    Again thank you very much. All the best Dion.

  • Catriona 26 March, 11:43 am

    Dion, well done. As I say it is the DCA’s responsibility to get their facts right. You can also file a complaint against them with the OFT.

  • naomi 1 April, 3:22 pm

    hi there i need help, monday just gone i had a friend staying at my house i had to go to work for a 12 hour shift. while my friend had been staying at my prperty, a bailif knocked on my front door and asked my friend if i was in. of cousre i was not as i was at work. the bailif handed my friend a notice uncoverd and unenvolped to my friend and sttarted talking to my friend about my buissness. i feel really embrassed and humilliated. i really did not want my friend to find out my personal buissness. when i returned home i was horrified want my friend had told me. please can you help me what can i do about this????

  • laila 26 September, 9:56 pm

    Hi there,
    A real estate lettings company passed my contract between my tenants and me to the Managing Agentsof the building in which I own a flat. The real estate lettings company did not seek my written approval and nor did they receive a written court or government request to pass on this information. At the time that they passed the contract to the Managing Agents I was in a dispute with them and teh fact that they had this contract weakened my position. What action can I take againt teh real estate lettings company?

  • Benjamin 10 October, 10:42 pm


    I have just switched to British Gas for utilities and they have sent me two e-mails stating that they have set my direct debit up and to check the details are correct. I checked and the details are correct… My bank account number and sort code, both correct…
    Where did they get this information from because i certainly didn’t give it to them? I haven’t had a single phone conversation with them and i have never entered into any correspondence with them. The only way they could have gotten these details is if my previous energy supplier (Sainsburys EDF) had passed them on.

    Surely this is a violation of data protection and if so, what can i do about it?

    Mnay thanks

  • Mark 28 October, 5:46 pm

    My trade union provided my new address to my former employer without my consent or knowledge. For various reasons I cant go into here, this caused both my wife and myself great stress and caused us to have to change address at a later date.

    I am aware that my union breached the DPA by divulging my personal and confidential details without my permission to my former employer but what action can I take against my union for doing this. I did not suffer any financial damage other than the cost of moving address. However, the distress it caused was huge.

    If I report the incident to the ICO they will likely just tell my union not to do it again. So, where is the deterent to my union to not repeat their actions?


  • Ewan Sheriff 26 November, 10:40 am

    Taking a security interest in an entity that owns real estate- does mezzanine financing fall under the california real estate law requiring a licensed broker?

  • Melanie C 15 February, 7:47 pm


    I think I have a serious breach of DPA. MBNA have processed 17 late payment flags on my account and my account is showing in arrears with Experian, when they take my money without fail every month via DD!!!

    I found this out yesterday when I was refused credit on a 0% card (this is the only reason they refused!). Also during this time I’ve bought a new car and my two credit card %age rates have been hiked, possibly to higher levels than the norm due to this being on my credit file.

    I should be due compensation but what can I claim on, especially as some of it cannot be quantified.


  • Sara 17 February, 4:44 pm

    The holiday firm that I have booked my summer holiday with has retained my credit card details, they have taken payments from the card (all be it for the holiday) but I had not intended on using the credit card to pay for the holiday, we were only paying the deposit with it.

    Are they allowed to hold on to all of the details – including the 3 digit security number?

  • Shane Hull 25 February, 11:49 pm

    I use to be with a hosting company untill they stopped my services without warning i have contacted tradding standards over this matter and now i feel they have broken the Data Protection Act by sending my personal details i had installed on there system which is my account on there hosting company sending my telelphone number and old home address on chatrooms. Is there anyway i can get them into a crimnal law?

  • Angus 30 March, 7:10 pm

    I owed Untility Warehouse £57.00 which was billed after I moved out of a house 2 years ago. 1st Credit Ltd recently wrote to me and said the debt had been passed onto them.

    I am in the process of negotiating a final payment via their supposedly secure email service. There have been a few communications between me and them, and I was today awaiting their latest response to my offer.

    However, today when I opened my email and saw an email from them I expected to read their reply, but the email contained the details of another person which had obviously been sent to me in error.

    The details I am now in possesion of include, name, physical address, date of birth, email address and their long history of emails from the customer and 1st credit ltd. This includes the amount they owe and the personal circumstances of the customer.

    Surely this must be a breach in data protection, and if so what action could and should be taken against 1st Credit ltd? I have emailed this person and let them know of the breach, but am wondering what action can be taken either by myself or the injured party?

  • Jason 14 April, 11:26 pm

    Hi All,

    Don’t know if anyone can help but my partner registered with a credit agency to check her credit report. We found that a debt collection company was constantly doing a credit check against her name on a weekly basis for a while. Unfortunately 5 days later these debt collection companies have now sent letter to our home address which she register to gain access to her credit report.

    Can the credit agency pass on her details or is that a breach of the DATA protection act?



  • Brian Prins 10 July, 8:53 am

    I’m typically to running a blog and that i actually appreciate your content. This article has truly peaks my interest. Im likely to bookmark your web site and hold checking for new information.

  • Sandy 15 November, 1:02 pm


    I received a letter this week which informed me of my ‘accidental inclusion of personal details’.

    I would have attached my details such as contact, CV etc whilst applying for their graduate scheme.

    The company discovered their graduate scheme website allowed visitors to access personal information from applications August 2011 – October 2011. They state they ‘know’ the information was viewed by a number of visitors including a Google “spider” which led the the information being cached by Google until they made a request for it to be removed mid October 2011.

    The information included my address, national insurance number, address details and many other applicant details.

    I am honestly quite disguisted that someone could view such sensitive data so easily and would like to know what my rights are and whether I could claim any compensation.

    It has been reported to the Information Commissioner’s Office and to the Financial Services Authority (again stated in the letter).

    They have provided a Credit Reference Service and Helpline which provides access to identity theft protection and monitoring service for 12 months, called ProtectMyID; a credit monitoring and identity fraud protection service from Experian,

    I have been informed I have until 1st December 2011 to log into this or be excluded.

    Any help/ information would be most helpful.

  • carla 1 December, 11:04 am

    Hi , i am having a dispute with orange mobile company who iu have a contract with, after moving recently orange have my full new address to a ex partner of mine which has caused alot of distress and upset and also putting myself and my young son in danger, that have gave me an apology and offered £106. of my phone bill, i refused saying i want the contract to end as they has breached it and also i want compensation to move again to a safe home unknown, can you tell me my rights please thank you.

  • Phil Gallagher 30 December, 8:43 pm

    Hi I recently had dealings with a letting agency who I gave permission
    to contact various people order to establish if I was a suitable tenant.
    Without my knowledge the agency contacted my employer(one of my references) and asked them personal information about my self.
    My employer asked if they had my permission and they stated that I
    had signed a disclaimer giving them permission to contact my referees.
    I contacted the agency and they told me the same thing.
    Are they breaching the data protection act by asking for information
    unrelated to referencing? thanks.

  • Cj 31 December, 10:28 am

    I recently received a phone call from a foreign call centre who claimed be my bank and confirmed my don name and my postcode as being correct, they then informed me the 30 pounds of transactions a month which all goes to them for account charges and home contents was overdrawn 3 months prior and I owe the hundreds in charges.

    I later discovered the address on my account was NOT updated by my local branch even though I went there to signup for contents insurance at my new address, the chap on the phone had thinly confirmed my identity with an address postcode that was not on file

    As the bank has screwed up my address change and in my opinion breached data protection by confirming my identity with an incorrect address, should they drop the charges? I mean if I had known I was overdrawn I could have done something about it at the time instead I was called 3months later owing over 300 pounds in charges for under 30 pounds of being overdrawn and had no prior notice (as was all sent to wrong address)

  • Pvd 10 March, 9:19 pm

    I was refused credit by V12 retail finance. I have a very good credit rating with Experian (900+ rating). V12 have to date refused to provide me with any reason for declining my application. In addition they are refusing to provide me with their lending policy as referred to in their terms and conditions.

    Who are they regulated by?
    What are the next steps I should take as I feel that I have been unfairly treated and was only declined due to having too good a credit rating.

    Any advice appreciated.

  • pauline 23 March, 9:39 am

    To whom may it maybe able to help,
    I having a living nightmare,
    I purchased two vouchers on
    so I delayed in contacting the spa due to unforeseen circumstances, my health and a serious road taffic accident,head on collision.
    when able, I looked up the spa’s website to book appointment,i chose my date and time using their online service,it appeared there was no contact telephone number to call the spa to book an appointment, I stated in my appointment it was a groupon voucher!!!.
    The spa then contacted myself on my mobile as this is the means of contact i provided!! and in which i was told they can honner my voucher, but not fullfill what was purchased, i was offered a neck and shoulder massage and a pedicure.
    My Groupon purchase was of course a luxury to be able to afford a “1hour full body massage and pedicure” £29.00p which is brillaint value.

    So i agreed to have a shoulder and neck and message and pedicure.
    I have used the service and payment of voucher acepted.
    i have now recieved an invoice/bill for £69:99.
    I am being contacted at my place of work,which is not a contact number i provided.also a letter has been sent to my place of work. This is a scarey situation,that a retailer/company without any permission to use my details,my personal data. and feel the data protection can protect me??!!

    please can you advise me on what i can do to protect myself from being blackmailed or in my opinon harrassment,i may need to just go to the police.!!

  • Dean 23 April, 3:22 pm

    I been with orange for a couple of years now never really had a problem till one day my phone got cut of, i was bit shocked why so i rang them up, the lady on the phone said 15mins earlier i had rang up and asked for my contract to be cancelled, i said i never did no such thing and if i had why would i be ringing up wanting to know why its be cancelled.

    Its only when i spoke to my brother that he rang up to get his contract cancelled as orange kept adding more to his bill each month though he wasnt using the phone.

    So what orange did was cancell my ACCOUNT when my brother rang to cancel his which bare in mind when you ring orange they ask for information about you plus a password to access your account, well my brother doesnt know my details so how did they manage to access my information and cancell it not once but twice

    i feel they have breached my Data Protection Act as i give them my details and expect them to be in safe hands.

    if you want a decent phone company orange is not the way forward!!”

  • Andrew 26 May, 1:17 pm

    A housemate of mine recently called a water company and set up an account with them in my name without my permission. Is this against the data protection act? If so, what action can be taken against my housemate and the water company concerned?

  • aimee 22 June, 7:16 pm

    my medical notes have been accessed by a midwife in an essex hospital she has handed details over to her brother (my daughters dad) so he can send threatening texts to me i did not even have my baby at the hospital she works in, there are also safeguard notes in my maternity notes too, i have informed the hospital but not sure how they are going to deal with it, i feel my privacy has been invaded.

  • Brian 28 June, 1:07 pm

    I recently complained to the ICO about being cold called.
    A few weeks later I received another cold call from a ‘market research’ company, who were carrying out a survey for the ICO.
    Worth being aware that the ICO themselves will happily pass on any personal details you provide when you make a complaint to whoever they want.
    What chance have we got?

  • Paul 29 June, 10:48 am

    Sainsbury’s energy is British Gas now, it used to be EDF that were the company providing gas and electric under Sainsbury’s name. BG took it over this year.

  • joanna 17 July, 1:46 am

    i had a baliff turn up at my door while i was out the other day he posted a piece of paper through the door for my daughter this letter was not in an envelope for all to see so i called the number on the paper to say i had not seen her in a while not only did he discuss her personal debt with me i was also threatened that i was liable for her debt has he breached the data protection act as my daughter is 20

  • scott 31 July, 7:57 pm

    I recently had a phone call from a company , asking to speak to a person that doesnt live at my address. I told them that, that person moved out a month ago. They were asking for a new address for him. I said i would not tell it to them , but if they sent a letter to my address i would worward it to him.

    At this point they said that they already had posted a letter to my address on a specific date. Are they breaching data protection by disclosing the date in which the letter for my friend was posted to my address?

    i know this is petty but i need it cleared up.


  • owen 5 September, 7:37 pm

    I stayed at a hotel the other evening and long story short found out that they keep ALL their customer details, this includes their entire content of bank card details their address, phone numbers etc…
    anyway turns out the receipts backdate from over two years ago and are just left in an insecure box in the reception area and aren’t used so they have no reason to be kept and serve no purpose in being kept, nor did they have my consent over this. surely this goes against the 8 points in the data protection act? anyway i was just wondering if this is worth seeing a solicitor over. any advice or guidance is welcome as this has become a general concern over the safety of my card details.

  • Diane guy 23 October, 12:58 am

    My landlady and I are in dispute over repairs and age has told me today that her solicitor has the whole file from my local council in me. Are they allowed to get this file without my permission?

  • Dity 11 November, 10:53 am

    This is regarding a company attempting to register me with them and carrying out a credit check without my knowledge or authorization.

    A company named Very sent me a letter some days ago thanking me for wanting to register with them but unfortunately I wouldn’t as after running a credit check on me this was not approved. Accept that I never even new such company exists, let alone apply to register with them.
    I wrote to them and sent them a scanned copy of their letter. This is their reply, which to me sounds like word play:
    “As you have received a letter from us mentioning a recent account application, but have no knowledge of applying for one of our accounts, it is possible that someone has been using your details to set up an account for themselves in your name. When an account is applied for, we use the information provided through our website or over the phone to carry out a credit check, and that is why you have received a letter from us.”

    The fact that they have sent my details to other credit agencies will have a negative effect on my future applications.

    Aren’t they responsible for using someone’s data improperly and without their consent? How does this protect me? Shouldn’t they undo what they have done with the credit agency?

    I really need advice on this. This could happen to anyone.

  • thomas howlett 9 December, 1:43 am

    I have a question about an interview that i have recently been to and the hr woman that interviewed me is telling my friends that work there info about my interview is this allowed and why i wasn’t successful with getting the job….(witch made them make fun of me because what she had said wasn’t true and i feel i wasn’t given a propper chance due to knowing to many people at the work place)

  • Rj 10 April, 9:52 pm

    I booked a holiday with Thomas cook, The sales representative took my partners telephone number from our booking and sent text messages without his concent to take his personal details. Is this classed as DPA. who do I complaint to and what should I do next? The company have just sent me an apology for my inconvenience


  • Maryam 16 April, 10:23 pm

    I have received a letter from my insurance company that by a mistake they pass all my personal details to another client (my full name, bank details, house address and contact number, work address …).
    After receiving this letter I am really stressed out that if some one taking advantage using my details.
    I dont know any thing about the rules in this country, can you please guide me ehat I can do about this? Can I make a claim?

  • sally jenkins 10 May, 4:55 pm

    hi every one can anybody help me im going bonkers here? i took mbna to credit clear services who have written off a £5.000 owing on my card as they say it is unenforceable , however i have written to expeirian and asked for this to be removed from my file , but they say they cant do unless mbna agree to this , i got a letter from mbna saying that even thou its unenforceable at present if they do find my credit agreement they can come after me any time in the next 6 years , this has affected me getting credit from any other place does anyone know what i can do? many thanks to you all

  • Maria 4 October, 6:17 pm

    My brother lives in a residential home but recently needed to spend time in hospital. When I collected his dirty clothes to launder them I found that some of the clothes had other people’s names in them and I can only imagine they are also residents of the home, does this breach Data Protection that I have their names?

  • Darren Marshall 22 November, 7:58 pm

    Hi I’ve bought a new car and sale person keeps ringing me hen she not at work to tell me the process of the sale is this right she taken my number out of the office an called me on her personal mobile ?

  • Dan 23 November, 12:14 am


    I purchased goods from a company called AVA LEISURE (motor parts) on 21/11/13.

    The total was £103.95 which I paid on my debit card over the phone.
    To my horror I have just noticed they have also taken a payment out directly after that for £126.83.

    This is not even the same amount and seems to be plain old theft to me?
    My bank have told me to contact them and sort it out, which I will do fist thing in the morning, but what I would like to know is Firstly, Are they allowed to keep my details after a transaction has been made over the phone?
    And Secondly, Who can I report them to so checks can be made that they aren’t doing this kind of thing on a regular basis to other customers?

    Many thanks,

  • marty 5 December, 8:46 pm

    I believe my brokers partner has gotten my personal account numbers and sent them to the state department of revunue out of spite from previous arguments, so they could levy my back taxes.
    I dont think this imformation was solicited from the state.
    The partner in question does not have a securities lic.and is not a partner in the brokerage just the insurance company (a seperate business) from the brokerage.
    This has cost me possibly thousands of dollars of profit from the forced sales of stocks. What can i do to press charges and get both of these guys state licenses.and be able to sue for my losses due to breached private imformation Iowa

  • Al 14 May, 6:11 pm

    Vodafone sold and old discontinued debt against me to a debt collection company, do. They have to right to also provide personal details data protection

  • Victoria Smith 5 July, 4:17 am

    I need help from domic littlewood or someone that is willing to take concils on as my life is a misery how can a ordinary person manage buy buildings do excessive reconstructions to homes then sell them as flats , invade individual private family life article 8 of privacy a person that can take on councils and run rings around them and council ignore that quantities of family life privacy protecting family from over development the list goes on and on something is wrong with council not even visiting gardens and graunting houses to be built in them and ignoring original plans how can a semi detached house for five years old of the sudden turn into an existing three-story house somethings not right councils please investigate councils and never ever follow anything threw because they they are worried about the pocket please help

  • jim currie 8 July, 12:02 pm

    I sent confidential information about myself and wife to NRAM for a mortage . I was told to send by fax as they cannot accept emails because of security. I have asked on a few ocassions if the information has been received but they do not give a reply. I sent it to one department who said that they dont see the faxes and it goes to another admin team. I feel that being unable to confirm the recepit and that the person requesting saying they would not receive it anyway that my data lands on a amchine in NRAm to be veiwed by anyone passing. Is tjis a Breach ?

  • Deborah Thompson 10 July, 1:59 pm

    hotel googled my mobile number, when I was staying there and found I was working as an escort , would this be in breach of my rights, as they say that they were acting out of interest and proctecting other guests!

  • Helen turner 25 July, 4:59 pm

    Can the police disclose personal information to my employers which is not relevant to my job.does this breach my data protection

  • matthew 7 August, 7:44 pm

    The phone company orange was giving my bank details from a friend instead of them asking me for it. Are they allowed to do that?

  • Simon 29 August, 3:52 pm

    A letting agent recently passed on my Name, address, bank sort code and account number to another client in writing.

    What is the severity of their actions and is there a time limit for them to retain my bank details?



  • Joanna 7 September, 10:15 am

    Hi , I am in process of buying car from very know dealer in uk. They told me to pay £500,00 deposit over the phone to reserve the car. The sales executive tool me that she is very busy and if I wish to reserve the car the person on the reception – name given -will be able to take card payment when I callback . When I did call back different person was on the reception and she said she can take the payment and after the sales executive will let me if transaction did go through. After about 1 hour the funds been still on my account any I called back to ask if is any problem with this transaction . Then I been told that that person took the card details and will pass over to the Sales executive and she will process the transaction later on. About 4 hours later I had message to call the dealer. Sales executive told me that transaction did not go through and asked me for the card details again in the case that the one which she have are wrong. I did give her details again and she said that she have the same details and now transaction did go through.I think that big data protection breach , because I don’t know where my detail were and who to who passed them over .

  • Rachael 10 September, 8:08 am

    I was recently signed off euro for 1 month by my doctor. My employer sent out numerous letters to try to contact myself however debt the letters to an ex partners address which the gained From a third party. I had never given permission to use this address nor was I even living here…. I would really like some further advise on this matter!

  • Rhonda 11 September, 3:30 pm

    I’m looking to stay in a log cabin for a few nights. In my confirmation details, I have a form asking me to fill in all my credit card details, and hand it over on my arrival. This information will be kept for a period of 7 days after I’ve checked out, so should I damage the cabin, they can bill me!
    My question is, is this legal? As I’m not happy to do this, but instead I would feel much happier to ask them to check the log cabin half an hour before my check out time & sign something to verify that all is present and correct. This way I don’t have to hand over my card details & have them laying around in some office for over a week (where anyone could access them, nor could I be falsely billed for damages to the cabin that could be incurred AFTER my departure) and they have written confirmation that the log cabin was intact on my departure.

    So my question is, is my request reasonable and can I demand this please?


  • Sjk 9 October, 2:42 pm

    I have recived a letter with private and confidential on only the envelope was sealed which means the public can look at my private letter who can I complain to about this upsetting situation I’m in ???

  • Tony Rogers 16 October, 4:35 pm

    Mail was sent to someone of the same name as me but a different address regarding a debt that I owe to a company. My Namesake now has sensitive information about me and money that I owe. He lives on the same street but clearly this company has sent this letter on the off chance and I am not happy that my neighbour now knows about my debt. Is this a breach of DPA and can I use it as leverage to not pay the company?

  • Gemma 21 November, 12:34 pm

    I received a letter of a payday loan company to say they had sent an email including my email address my postal address and name to somebody else as they can not be sure the email wasn’t opened before hey recalled it they are offering me 12 months free experain report. Is there anything else I can do about this ? 12 month experain account is abit of an insult to me as there could be some serious consequences with this know.

  • tolly 9 December, 7:39 pm

    Just recently i had a phone call from what i thought was my network provider talk talk they had our details and sounded very convincing they continued to tell me that my there was a problem with my router and it could be a security risk. they then proceeded to direct me online to some protection software. once this had happened they demanded money and we ended up arguing that surly that should be covered by my contract. i didnt end up paying them any money but told them that i would call them back once i had time to think, as soon as i asked for their phone number they hung up! i thought it was very odd and looked online at the software they had got me to download and it was a something they could use to control my computer over the internet so i imediatly unplugged the router and and called talk talk. they said that they had not called me and that it was a scam and that talk talk have been hacked and peoples personal data had been stolen! after the phone call it dawned on me that we had not been notified that our personal data had been stolen. apparently this has been going on for a couple of weeks. we also notified the police and banks not only did cause us great distress but also wasted a whole day on the phone but as a result i also lost a day of work. if they had notified about the loss of my details this could have been provented. i am wondering whether to take this matter further or not but i dont know who to talk to.

  • David B 19 January, 1:57 pm

    I recently gave my debit card details to a plumbing business for them to take a deposit for some work they were doing for me. I did this verbally and gave no authority t them other than to take the deposit. When the work was completed I called the company to question the balance and they complained that they had tried to take the money but weren’t successful (not enough cleared funds to allow the much larger amount to go through)I complained that I hadn’t given them payment details yet and that all I was prepared to pay at this stage was the balance of the original agreed amount. That sum was debited from my card then later on the same day they debited a second amount for the extra money they thought they could charge me. I gave no permission for my card details to be retained and no authority for monies to be taken – I this a breach in terms of retaining sensitive information without permission?

  • Sarah Weston 24 January, 12:13 pm

    My partner had applied for many loans online and failing any luck all except 1, they have passed on his personal bank details causing other payday loan companies to take out large quantities of money from his account!! Is this any breach of DPA and can the money be claimed back how do we sort this out!!?

  • Teresa Bennett 28 January, 9:55 pm

    How can I stop a person who works as a cashier in Sainsbury’s discussing my trolley contents with other colleagues and members of the public. I neither know this woman but I have proof that she has discussed my financial affairs with other members of staff that I also do not know personally. How can I put a stop to this utter invasion of my privacy. Thanking you for your time . Best regards

  • Liz 15 February, 12:01 pm

    My ex employer (3 months) has contacted my new supplier of work, demanded money for jobs I have since completed and insist they stop dealing with me. The woman, a clerk, informed my new supplier that she was a Solicitor, however they demanded prove and the conversation finished.
    She as since given my private address to my new customers, (how she found their names – no sure), who now are arriving at me door.
    Under Data Protection, what can I do? Is this legal. Thanks for any help.

  • Pat wells 26 February, 5:04 pm

    A debt collection agency have asked for details of full name, date of birth and full address. I am in dispute over an alleged debt. Do I have to provide this information by law? They already know some of this as they wrote to me!

    • jason 11 November, 11:11 am

      No, you do not have to provide anything. Any company that believes they have business with you, should already have acquired this information in your original dealings.

      They are now seeking verbal contractual agreement. without it they are powerless

  • harriett 3 March, 9:06 pm


    I work in a call centre, and we regulary have customers emailing in their card details asking for us to take payment from them.
    My question is, is it breaking dpa if we take the card payment, after having confirmed 5 dpa questions from them?

  • Felicity 12 March, 12:40 am

    An employee worked at a bank as a mortgage advisor several years ago and due to her working in that sector she was able to find my husband which resulted in me getting a divorce but has now left.

    When i contacted the bank about what she had done she was given the option to be disciplined when she comes back which she never did due to what she had done or she could resign, and so she took the choice of resigning.

    I was concerned at the fact they let her leave knowing she BREACHED the data protection broke a rule and got away with it scott free and today is able to be a director of a company working in the financial sector.

    Above that when i got in contact with the financial ombudsman, They said they cant do anything to her in this case as she had resigned and in all this i am still left picking up the pieces for breach of act, breaking the law, accessing my personal details for her personal gains and so on

    so what can i do to the BANK, THE FINANCIAL OMBUDSMAN & HER in result of what has happened as she has got away with it.

  • jason sykes 25 March, 11:00 pm

    An employee of the bank accessed my details as she was a mortgage advisor to find her ex boyfriend and engaged in to a relationship. does this come under the dadta protection act 2008

  • Colin Devonport 30 March, 5:26 am

    My webspace provider heartinternet has lost valuable email and is keep sending me bogus replies about how they have backups, then they say they haven’t and yet I am no further forward, U am desperate to have the emails which they are holding onto. have paid my account for the following year and wonder is this is a data protecton issue for which I can get help and support.


  • Mr. Derek Umfreville 14 April, 5:16 pm

    My Visa debit card has just, not for the first time, been refused when attempting an online purchase, which apparently is over my postcode which is shared by neighbours resident in the same small block of ten flats. I strongly suspect a young man of 25 below has been ordering on credit using his girlfriend`s name with no intention of paying is the reason, or similar, though I don`t have proof. I have no contact with them or other residents and nothing shared except the postcode. Is there any redress?

  • Alan 18 May, 1:06 pm

    I recently had occasion to complete a customer quote at work. Initially I couldn’t enter the customers details onto my system due to an unknown glitch. The paperwork that printed showed the surname only of another customer but no other personal details.
    Is this a breach of data protection.

  • Becky 22 May, 11:17 pm

    Hi had a spotless credit history until British Gas erroneously reported me to a credit agency, which has resulted in a refused mortgage. Is there an organisation where companies can be made accountable for their mistakes? It seems that all the burden it’s on the shoulder of the consumer and creditors have absolutely no accountability for their errors, which sometimes can be very damaging. Our credit report is an asset, however it seems that the current status of affairs is not regulated as it should be. It feels like walking on eggshells, even when being careful with ones finances, it suffice 1 company error to throw away years of good credit in few days – and even when they agree to rectify the error, it takes time for this to reflect on your credit score. I can’t believe consumers vulnerability is not better protected by the law.

  • Tom 8 June, 1:40 pm

    If a hotel looks up my personal information to check if I am on there system without me present are they breaching the data protection act?

  • kate 8 July, 4:33 pm

    An online company with whom I have placed an order, have come back to me and requested copies of confirmation of my postal address – both a utility bill & passport or drivers licence.
    Having queried this request as a little unnecessary, the reply is its a random fraud check.
    I feel uncomfortable giving this to a company for this reason alone and have ordered many items over time & always used the same credit card to pay & to the same home address. Not a new customer.
    Are they within their rights to ask for this level of information? Would my bank not be the one they contact if concerned re. address fraud?

  • elaine wyllie 8 July, 6:56 pm

    i booked a holiday and the my neighbour went and booked the same one to go with us
    she said the travel agent told her my booking dates flight etc
    can this be done without my consent

  • andrew pritchard 26 July, 2:41 am

    My partner and I book a holiday it cost £2700 .we both paid half.recently we split up .the holiday was in her name but we both paid half.she taken my name of the holiday and now is taking her mum instead without even asking me .is this right .ive got no money back .ive lost half the cost.

  • James 11 August, 10:28 am

    A letting agent has passed my bank account details to a new tenant that I haven’t even met. Can I sue for this?

    They have also removed my name from the deposit protection scheme without my consent.

  • Lizzy 20 August, 9:56 pm

    At work my finance officer accidentally emailed a scan of my passport and birth certificate to the wrong email address (not mine!!!), and the email didn’t bounce back, so someone else has the scans of my passport and birth certificate! What can I do and is this a serious issue?!

  • Claire 26 August, 3:38 pm

    My son as just finished a 6 week contract with a big company . Today he got a letter in post which should have been is p45 but it turns out it’s only half his and half for another person . He his now concerned as his details will have gone to another person

  • Zoey 3 September, 10:49 pm

    I recently housed a stray dog that I found, only for ten days then the owner contacted the dog warden. He contacted me with the owners address, so I said I’d return the dog. I received his call around dinner time while I was at work. I returned home about 5pm and had only been in the door 2 mins when a lady knocked claiming it was her dog. So I gave her the dog and it’s medication. Since this a few misshaped have happened at my home and I’m sure it’s down to the dog owner so I don’t know what to do. Firstly is the warden allowed to give them my address or is that against my data protection. Also am I allowed to ask for my vet bills back please help I don’t know what to do

  • alan moore 6 September, 2:14 pm

    I stood guarantor for my partner for a mobile phone contract and as I have previously paid late which I have kept from her, when she called to pay, they have informed her that I have previously paid late and that this would reflect on my credit file, even though she knew the password, are they in breach of DPA in giving her this information about my personal credit file?

  • Emma walterd 27 September, 4:46 pm

    My wage slip was emailed to the wrong email address it had my national insurance number and my name and address can u please tell me if that is a data breech

    Many thanks

  • Nigel P. Herbert 2 October, 10:37 am

    Dear Sirs,
    I have recently had two payments taken from my Current Account by Domestic and General Services. These payments have in no way been authorised by myself, either verbally or in writing, and I have received no maintenance contract in return.
    Previously I had a maintenance agreement with this company, however, that expired quite some time ago. I have contacted the company and explaind the situation to them, however, they are refusing to give me a refund of the money they have taken without my consent.
    This seems to be a rather underhand business practice, and I have to ask if they can legally hold my bank details on file in order to use them at their convenience?

  • Serina 18 October, 12:11 am

    Hi can anyone help please.
    I paid a deposit to a insurance company for a friend (a one off payment) then my friend has set up the direct debit as its their policy not mine. The insurance company a month later has taken the next instalment from my bank account.
    1. It was a one off payment, should they have kept my details?
    2. I have not authorised any other payment from them taking from my account, what can I do.
    I am very distressed And need some guidance before contact my bank and the insurance company that I am very unhappy! What are my rights?

    Thank you for your help

  • Julia Collins 31 October, 1:27 pm

    My estranged ex of 13 years ago had put in a claim for mppi but I had to sign and fill in a questionnaire filling my name address and phone number I recieved the documents through a mutual friend as I didn’t want my ex to know the above details and sent the docs straight back to the bank in there pre paid envelope a week later my ex is texting me saying there was no case ! Also that the bank had sent her a copy of the questionnaire with all my details on ! The bank has admitted their mistake and are sending me s cheque through the post I don’t know how much for ?? My question is should I take this further and not accept the cheque ???? As there was a good reason for not wanting my ex to have my number or address hope someone can give me a bit of guidance on this thanks in advance .

  • David 14 November, 11:12 am

    1) If a business names an indiviual who owes them money are they in breach of the data protection act?
    2) If a business names an address in a shared community IE Condominium are they in breach of the data protection act?

  • Richard Ingram 15 December, 6:26 pm

    I have a loan from satsuma loans I have told them to contact me on my mobile but they continue to phone my mums home phone number and say who they are as I am a bit behind in paying is this against data protection

  • Andrew Hooper 18 December, 2:14 pm

    My bank recently transferred an account of mine to the wrong department and it ended up being assignment to a debt collector who contacted me requesting a rather large amount of money. Once I finally got hold of the right department at the bank they admitted this was a error and apologised. Is this breach of data protection or just one of those things!

  • Carla 22 December, 12:36 am

    Hi, my bank mixed up my bank accounts with my twin sisters. They were constantly chasing me for her debt. Letters, texts, calls and put a block on my accounts. The same issue has arisen twice in 2 years. They have compensated me £300 but this has caused great inconvenience and distress and I’m concerned about the data they hold on me. Should I push this further?

    • Lynsey Burk 4 February, 10:04 pm

      I am a twin and have yesterday had the same problem and unsure of what stages to take to protect my self and my finances after they gave my twin sister all my personal details

  • vitamin c serum 28 December, 4:33 am

    Click here for the best anti aging serum currently in stock on the market and reasonably priced.

  • Worried 25 January, 9:30 am


    I’ve just had my credit score almost fall through the floor, a debt collection agency has opened a bank account in my name and dumped £1450 debt in it. I haven’t had a letter, notification or anything about this. I think it could be the debt from the end of 2009, when I was seriously ill and unable to work, had to claim benefits (what a mission). I haven’t heard a thing for years and had actually forgotten all about it, until I racked my brains after finding this spurious bank account in my credit record.

    Is this legal and please tell me what I can do about it. I’m 6 months into a new business and this is killing my ability to run it.

  • Martyn 26 January, 2:15 pm

    I had a crash in work a few months ago and it wasn’t my folt and I’ve been off work since (5months) and the man who crashed into me ,his insurers sent me a letter saying that they have unlawfully gave my personal information out to a third party who is unrelated to the claim and the police are investigating it and the employee has been dismist .this must be a breach of data protection. Can anyone help and advise me what I should do?? Many thanks x

  • Lynsey Burk 4 February, 10:02 pm

    I have a twin sister and a debt collection agency have confused our accounts and given my personal sensitive information such as previous addresses and bank details out to my sister also transferring my debt to her and harassing her. The company don’t think they have done anything wrong because its is a family member but I have no permission for them to give out my bank details and personal details.

  • georgina young 10 February, 10:17 am

    My ex for over 5 years put a child tax claim in for my children and got a joint claim with not much information about me and got the forms sent to his partners to be sighned iv been doing without money for my daughters for over 6 weeks now and inland revenue are saying thay over payed me child tax and i wont get nothing till April im suffering bad no heating not much food and im of ill health i think thay should compensate me for all this has thay give my information to some one eles at a differant address so easy

  • John 3 March, 12:48 pm


    I have had a company contact me regarding an account they have about money owed to a company going back 6 years ago. I’ve told them that this account was dealt with and no money is owed. They said they need to confirm DPA. I have provided my name, email address and date of birth. They said they also need my address to complete DPA. Is this right as I’m not happy with providing these details to a company I know nothing about and want to protect my data? Surely what I have provided meets DPA.

  • Daniel Hunter 11 March, 1:42 pm

    I have a child trust fund open for my daughter and am the sole trustee. My name and address. My ex partner opened a separate savings account for our child. When she did this, the bank joined the 2 accounts together. We live separately (joint custody of child) but when she registered the savings account it her name and address and I have nothing to do with it. I went to the bank to enquire about the trust fund to be told they changed the address, I asked why and then we wrote a letter with trust fund details and the girl sent it off for address be changed back to mine. Stupid bank changed the savings account instead and sent me a statement. Went back to the bank again to explain they made a mistake but the women was rude and wouldn’t take responsibility and told me I must bring my ex to sort it out. I called my ex who then checked online and said she can change it there but now has our address as she can view it. (Due to past harassment we didn’t want her to know our address) anyway, both of us went to bank and they changed it to 2 different accounts. But my ex then told me she can view the details and balance of the trust fund online. I am so angry With the bank.

  • Amanda Rydqvist 19 March, 4:19 am

    Vodaphone constantly rang my brother discuss my personal details an account details even Thoe I emailed them constantly request them not to discuss my data protection with any one but me. Please advice me what to do.
    Thank you

  • Nichola 23 March, 6:19 pm

    My employer has recently taken on a survey company to complete a staff survey, they have provided the company with all employees name and date of birth to ensure all employees respond to the survey and to provide reports, however they have not requested permission from the employees to pass this information to the third party company is this a breach of data protection act?

  • gill 31 March, 12:17 pm

    Hi, I have a debt management plan with a well known govt. recommended. The defaulted bank details, sort code/account number are shared and monthly amounts sent to via the charity debt management to the bank company. I am very concerned that the same bank which I have my mortgage with have supplied all of my mortgage details; sort code, account number, balance, etc without my permission. My mortgage has been paid on time for 15 year plus never being one day late!! The charity already know who my mortgage is with and my monthly payment amount, to calculate my ingoings and outgoings monthly.

    I believe that this sharing of my mortgage account details must break some data protection rule, I have never given permission for this to be shared and this have never been added to my DMP

    Can you help

  • Angela 1 April, 11:20 am

    About to purchase a car all paperwork for financial services signed and car dealership used my information to set up 7 day driveway insurance with no permission from myself. I phoned car insurance company who had a lot of information wrong which met invaluable insurance cover,and they said it was a breach of data protection act. I’ve spoken to manager of car dealership who said it is wrong and I have to name how they can make it up to me. Can i take this further although Ive sorted it with insurance company if I hadn’t had had a accident I would have been to blame. What can I do advice would me greatful thank you.

  • Annoyed 8 April, 3:56 am

    A large hotel sent a letter saying they made a mistake and shared with 19-people our information including our SSN’s. They are offering us 12 months free complimentary protection. They also are making sure these 19-people do not share our info. How can we be sure? Who will compensate us to change all our information and the time it takes to do so? What can we do?

  • Claire 10 April, 3:39 am

    Any help or advice would be greatful, I was told about a year ago that I had been over paid on my child Benefit, after my child left school. unfortunately I had just been signed off work due to illness. I explained this to someone in the child Benefit office and they said we can sort out a payment plan, as I have no saving and had just left my job I wasn’t in a position to pay anything at that time. I received a letter informing me the debt had been given to debt collecting agency and I don’t know what to do I’ve never been in a situation like this and wanted to know if this is a breach of the data protection act shouldn’t I have been informed, because no one contacted me to say this would be happening. To be honest I’m a bit scared and I’m not sure where I stand and what I can do? Like I said any help or advice would be greatful. Thank you in advance.

  • Becky 23 April, 10:47 am

    Hi after my service at a national company they have given me a print out of someone else’s car details with name phone number email address vin number car Rev on. Which means someone has my copy with all my details on. Have they broke the data protection law?

  • Keshoa 28 April, 12:36 am

    I had custody of my nephew. He got killed. I contacted the insurance company. The insurance company sent my paperwork to my sister in a different state. My sister sent a from back to the insurance company. I feel that my rights were violated.

  • kelvin collins 11 May, 8:00 pm

    My 17 year old daughter recently had a meeting with her bank to change her account from a “childs ” account to an adult account as she will be going to university in September. The male employee of the bank has started messaging her on Whatsapp out of business hours. Firstly I believe this is not normal business and secondly is this in breach of the Data Protection Act.
    On complaining to the bank concerned and 6 calls later through a call centre they have acknowledged it is not normal practice and have offered to pay my daughter £50 for the distress caused and £15 for the calls to complain. The bank seem to be playing it down .Suggestons would be appreciated as to either accept or decline. As I see it , he has taken my daughters Mobile No from Bank records for his own personal use , this cant be right.

  • Olly Neale 12 May, 11:52 pm

    Our Estate Agent passed our details to a utility Company to set them as our new energy supplier at our new address. We were not told that this would happen, nor was it clear in the tenancy agreement which we have signed. We had already set up our current supplier to change address which we obviously would not have done if we were aware that somebody was going to do it for us.
    We re-corrected to our preferred supplier and received an excessive (in our opinion) final bill.
    In our tenancy, under Data Protection, there is a clause that suggests that the Estate Agent can forward our details to Third Parties including Utility companies for the purposes of ensuring that the tenant fulfils it’s obligations to pay outstanding bills. It does NOT say ‘We will provide your private date to a nominated utility company to apply for credit and open account with our nominated utility company’
    Has our Estate Agent breached Data Protection by opening an account on our behalf without our permission or prior knowledge?

  • Sharon 13 May, 5:07 pm

    Hi. My next door naighbours recently contacted my mortgage company to tell them I was breeding dogs in my back garden. I am in no way breeding anything in my back garden, but as they well know, do foster fully grown neutered dogs for a rescue.
    My question is
    How can they find this information? Is it legal for them to be able to find this sort of information?

  • Miss ung 13 May, 8:17 pm

    Hi there

    What do I do if my ex’s solicitor has confirmed he held my documents without my consent? Is the solicitor a countered as 3rd party? As I did not give them permission to my details. My ex took my details and showed them. He has had these without me knowing for 8 months now, do I need to write to the courts and make them aware as he has impacted hugely re my seizures and caused me huge distress. He has taken my details without permission or consent at all. Will the court take this into consideration? Please can you help via email reply please?

    Miss ung

  • dave 22 May, 2:04 pm

    i work for a large utility company , i sent a bill for the tennent to the relocation officer who stated they were authorised, have i broke dpa, or should i have sent the bill to the tennents last address they left

  • Paul Stallebrass 6 June, 4:56 pm

    Hi there,

    My estate agent has passed my email address on the people who have purchased my house, without my consent, also they have emailed my partner with confidential information regarding the purchase of my new property including address and purchase price. I believe that both of these may be a breach of the DPA. If so do I have a legal case against the estate agent?

    Many thanks


  • David Singh 9 June, 6:32 pm

    Hi, I recently applied for Council tax relief from my local Council, but when I received paperwork for the tax relief at the back was personal information for someone who had deceased.

    I just want to know what I or should not do, as I feel very sorry for the people this information belongs to.

    Please advise.

    I look forward to hear from you soon.

    Kind regards

    David Singh

  • Alan 12 June, 1:06 am

    DPS question.
    Hi I have a business debt with the local council, which is now in the hands of the enforcement team and has an agreement in place. However i have been informed by a member of the public that someone at a council Dept (not the enforcement) has told Atleast one member of general public about my debt in detail. Is this a breach of personnel and private information and therefore covered by the DPA?
    And advice would appreciated

  • Fiona 20 June, 12:23 pm

    I wonder if anyone can help.
    My local council has consistently sent my mail to my previous address, despite my council tax bill finding me ok!, the most recent has been all of my bank statements, utlility bills, birth certificate and my original passport!
    It was sent special delivery, but the card was put through the old address letter box so I couldn’t retrieve my package, I didn’t have any ID as it was all in the package I couldn’t get!!
    I managed to get it in the end, however, my question is is this a breach of the DPA? If so, what can be done about it?
    Many thanks

  • Eula 26 June, 10:10 pm

    The cheapest New York Yankees Mariano Rivera Men Jersey Cheap In Stitched MLB online sale,recommend best quality jerseys of star, world brand soprts

  • Nathan 30 June, 12:33 pm

    My employer has decided to pass on a fair amount of my sensitive information to a third party financial advisor, as a new company funded “benefit”. I do not need this service, as I have my own independent advisor.

    I have asked both the third party and my employer to remove this data from the advisor’s database, but have been informed that there is no process to do this, and so my data will continually be sent to the third party, every time there is a data transfer.

    Surely this cannot be in line with the DPA?

  • Vivienne Wallace 1 July, 11:57 am

    Im looking for advice i was on holiday recently (may 2016) and i have evidence that the hotel has given someone my personal check in details which included my address contact information i wasn’t aware they could do this shouldn’t the information be destroyed after departure. What should i do surely this is a breach of dpa.

  • Claire 1 August, 4:07 pm

    I work for a property letting company, and we have been contacted by Scott & Co debt collection asking for contact information for one of our former tenants.
    Is this something we are allowed to provide legally?

    Any help is appreciated.



  • W.D.Hughes 16 August, 11:06 am

    I got a letter from C.A.P.(Christians Against Poverty) saying their systems were hacked and my Wife and my details were taken,What can I do?,Can I make a claim for compensation?! We are really worried about this as we are getting suspicious phone calls ?! Luckily we changed our email address a few weeks ago !! What would you advise ?.Thankyou

  • Kaz 17 August, 10:31 am

    My childs clinic report has been opened by someone and thrown into my garden rather than the boundary postbox I have. I am upset as this report contains really personal information about my child. It is a record of a clinic visit and discusses possible diagnosis? It also states my information, name, job title and where I work.
    The envelope was originally sealed with sellotape but the offender has ripped it open. I feel I have been violated in knowing someone else knows of my childs health problems which one is a possible learning difficulty.
    The postman was not aware of it as I thought he posted to wring address. What can I do?

  • Justin 17 August, 2:20 pm

    Just a quick comment.

    Back in December I received a letter by email for someone else. The letter was from a solicitors relating to closing the file of this individuals dispute. Whilst this is not my personal data, I never thought much about it until recently as I have experienced significant delays with the sale of my property and this incorrect letter might be a general problem with this solicitor firm. I should note I never had any contact with the sender prior to the email and never got a response after.

    I had informed the sender of the incorrect email to which I never received a response and I have now sent a formal complaint about this as, as stated before, I think is just the general state of this solicitor firm.

    How do I know if the delays on my property were not due to the firm sending data relating to me somewhere else or that incorrect data is not being sent to others relating to other people.

    IOC has said liaise with firm, which I have done, but I suspect they will say this is an isolated case. surely an independent review should be done considering the field in which they work.


  • Suzikins 18 August, 11:27 am

    Hi, I have been contacted by a solicitors re a debt via letter. I replied via email with their letter reference and details of my incomings and outgoings. They have emailed and sent a letter back saying:

    Before we can correspond with you fully in relation to the account, please confirm the following for data protection:

    – Date of birth

    – First line of your current address and postcode

    – Full name including any middle name

    Surely they should have all this info from their client? Am I obliged to provide this?

    Can you help please? Many thanks.

  • jen 22 August, 6:35 pm

    I have received a email from search uk, collecting monies for southern water the email was in the name of a friend of mine who does not know my email address who actually doesnt even know how to email. Basically the email has now told me the account number and the amount of debt that she is in which is none of my business. I spoke to them about this and all they had to say was the email was meant for her. someone told me they could have got my information purley from her using my computer to go on facebook, if this is the case then does that mean that any computer she could have logged on could also get this email. It is a little concerning that her financial situation is being shared to anybody. And is this happening to other people are they breaking data protection?

  • Michael 25 August, 12:11 am

    Is there a time limit to to prosecute?

  • Leona 12 September, 10:21 am

    Have you ever thought about adding a little bit more than just your articles?
    I mean, what you say is valuable and all. But think about if you added some great graphics or videos to give your posts more, “pop”!
    Your content is excellent but with pics and clips,
    this blog could undeniably be one of the very best in its niche.
    Good blog! limited Bilal Powell jersey

  • jade gwinnutt 23 September, 9:17 pm

    I received a letter at my house two days ago of my partners ex wives credit card statement. They have been divorced since 2009. We do not want his ex wife knowing where we live but Halifax are refusing to take her name off our address as she has to do it herself due to her data protection but what about our data protection? Surely that cant be correct? someone has made the mistake of adding her name to our address so surely it can be rectified without involving her? This situation has put strain on our relationship and we havn’t stopped arguing over the past few days as I blame him although it isn’t really his fault. Where do we stand?

    Kind regards


  • Nat 11 October, 9:35 pm

    I recently booked for a cab. And asked for a ring back to notify me when it would arrive. However I was not contacted by the company which I always am but by the taxi drivers personal mobile number. I didn’t pick up as I did not recognise it,when I got into the cab the driver then said” did you have a missed call as that was my own number”. I replied yes tho explained I did not pick up due to not recognising the number. I was shocked by this as I have never requested a call back only to find a drivers personal number to call me back. He then mentioned that he had recently met a girl but wasn’t sure how it is going to work out. I work with taxi drivers and have been told they are not allowed to have any access to customers personal mobile numbers. Only the company itself would provide the ring back service. Is this a breach of giving out out personal information act. And do I have a right to sue? Please help as am extremely upset by this?.

  • Emma 11 October, 11:53 pm

    Can paypal hold your bank account details indefinitely once they have limited and deactivated the account? Although the account is effectively closed they don’t allow you to remove any personal details including bank accounts. Surely this is keeping your information longer than neccessary

  • Andrew 18 October, 5:25 pm

    I got a contract phone out with vodaphone they recently sent me a welcome pack sowing my detail e.g back account detail are they aloud to do this because of fraud

  • Cal 19 October, 7:20 pm

    My bank has sent my sisters information over to my credit reports and her details/previous addresses and her financial connections are on my report under my name. they have apologised and told me back in may it would be resolved in 60 days. 60 days later they apologised that it had stil not been resolved and said they would resubmit their request to have it fixed on my credit report. its been another 60 days and again they have apologised as it is still not resolved.

    Am I right in thinking they have breached dpa for both myself and my sister?

  • Paul metcalf 19 October, 7:36 pm

    Hi I have just found out that the cms have disclosed my earnings from last year to my x partner without my knowledge . Surely this is a breach of human rights / data protection

  • Daniel Deprez 27 October, 4:22 pm

    Hi, I recently ordered some roof windows through a firm. Today I’ve had a call from an unknown number, when I returned the call he said he was given my number by the company saying that I am a roofer and could fit some windows for him. I am nothing of the sort and I never gave them permission to give out my number. Where do I stand ? Thanks

  • Alice walker 3 November, 8:00 am

    My daughter is a landlord and the letting agency has sent her the tenants name Nat ins number bank acc number sort code , Photograph, passport number , next of kin . The tenant has now been evicted from the property because of arrears of rent , is this the usual info sent so she can claim her insurance for arrears of rent ? Very worried if this is common practice.

  • Iva 3 November, 12:13 pm

    My ex employer just forwarded my P45 with all my details to another girl who is leaving. I have left the company months ago. And he just text me to tell me that it’s annoying he did this. Now I feel my NIN can be used by another person.:(

  • Usman 3 November, 9:09 pm

    I have been looking for a mortgage recently and found a mortgage advisor from a reputable building society. He seemed to be thorough and reasonable and I asked him if a soft credit check will be done or full he mentioned that they only do soft credit checks. He agreed to talk to the lenders (a bank) to get mortgage in principle. At no point he mentioned to me that a full credit check will be done, in fact his terms of business which he sent me through email says that he will only do a soft credit check. Anyways I came to know just recently that he has done a full credit check without my permission.

    Although he has got the offer for me in principle but now I am tied to go with the particular lender and that could have been a dirty tactic on the advisor’s part that he proceeded in order to secure me/tie me with the deal.

    Is there anything that I can do to reset that credit check that has been done by the advisor or make a claim against the advisor? I am pretty sure I have a very good credit score and now I am afraid if I dont accept the offer from the lender my credit history will be tarnished for no good reason.

    Please advise.

  • Wendy Yarker 6 November, 9:23 pm

    I recently booked a holiday went to pay the ballance and I recieved someone elses paper work. Alough I contacted the company the following day letting them know they just said hoy the paper work away. Then av bn gettin threating emails off the person so contacted the company again and am just gettin an apoligy off the manager but this to me isnt good enough its data protection and confordentionality I want to take this further would I be intiteled to conpensation!!.

  • Louise 7 November, 11:40 am

    My partner had accidently left a copy of his bank statements on the desktop of his work computer and then handed his notice in.

    The employer then opened printed out and sent a copy of part of one of the bank statements to a third party without my partners consent and also discussed contents of the bank statements with other members of staff.

    I would think this would be illegal but wonder if anyone could advise.

  • Steven 9 November, 1:17 pm

    I run a property maintenance business & owe some money to one of my supplier. My account is with them in my name only. Cash flow has been slow lately & payments to my supplier have been affected. When my brother (who is employed by me) was in the supplier, he was given full details of my debt to the supplier. Is this breaching Data Protection? My brother has no authority in the business & is simply an employee. Thanks for any help you can give.

  • Fiona Chattwood 27 November, 6:26 am

    Recieved an email from three saying my handset which had been ordered in my name without me knowing ordered it in my name changed my address to London one three got hacked and thousands of customer details were stolen is there anything i can do

  • nina 27 November, 10:12 am

    My passed employer has informed me that my personal information ha been put on their website via email,this includes my bank and other personal details for everyone to see.

  • nina 27 November, 10:15 am

    My passed employer has informed me that my personal information ha been put on their website via email,this includes my bank and other personal details for everyone to see.what can be done?

  • Mrs M McGroggan 1 December, 5:55 pm

    My daughters vets rang today and told me all about money she owed them I knew she had a payment plan with the m but the girl who rang told everything without finding out whooshed was as speaking to in thought this was not allowed discussing someone’s finances with another persont

  • randy 6 December, 1:58 am

    Hello my house/car insurance send a bank my insurance policy info three times that bank called me and ask why its getting sent there and i rec the same policy at my house same time the back rec it what can i do is that a data breach?

  • Geoff Scott 15 December, 9:57 am

    We as a construction company are often asked for local labour reports for developments we are working on. This is to measure the amount of local labour we are using on the development.

    Are we breaching the data protection act by asking for home postcodes of all staff, including subcontracting staff even if it is just the first three characters of the postcode?

  • Claire 16 December, 3:49 pm

    Question about DPA:

    If an estate agents forwards a purchasers email to the seller without permission and this email includes the sellers email address would this be in breach of the act?

    Many thanks

  • d sutton 21 December, 12:58 pm

    Can anyone help. I was attacked last year my attacker has just received 15 months prison. His partner works for DWP. Me and my close family keep getting investigated for benefit fraud. I cant get anywhere with DWP to see if she has accessed r records

  • Helen 28 December, 6:18 pm

    I have recently dissolved a partnership but my x partner had written an email to a parent which had all personnel data for her and her child on it .I okay ed the email but she sent a group message from her own laptop to two new clients sending as a CCD and not as a blank copy this meant they could view and reply to each others emails. This then lead to a enrolment form being sent to all clients so they could see all private data .does this mean that myself is liable for her huge mistake as I tried to explain on previous occasions how to do this and she payed no attention and said she’d done it as according to the data protection act agreement I explained that it should have been sent as a blank carbon copy so clients couldn’t see each others messages .

  • Kram 6 January, 1:44 pm

    Hi, I have been asked to provide our National Insurance no’s for a new Water bill.

    Having read the comments below, this appears to be excessive information to provide, for a simple water bill….

    Please can you confirm if I am acting within my rights to legally withhold giving this information? If so, under what part of the DPA, please.


  • Adam Bradford 15 February, 10:08 pm

    If a company knowingly reports false and inaccurate financial information about an individual to a third party (credit ref agencies etc) apart from breaching the principals of the Data protection Act are they committing any other offences criminal or civil ?

    And what action can be taken by the individual ?

  • nikki 19 February, 11:18 am

    I recently found out someone I believe to be my partners ex wife has rang the council impersonating me and got passed data protected security questions to access my housing claim and cancelled it from the previous year saying I had been living with him all that time is this a crime for her to do this

  • Mohammed 24 February, 11:32 pm

    Hi guys,
    Hope you can help,

    I recently submitted my application for housing with a housing association.
    Before we even handed the application and the supported deocuments in a meeting with a adviser I was told by the adviser a fraud check was done on me and my family members. Is this lawful as none of us gave consent at that time.
    I would understand when recieving the application they might go through this but not before hand.
    Can anyone shed some light to this matter as i feel my privacy has been violated and how would I know which date they performed the fraud check so I know that they did this with out my consent and well before I handed in the application

  • Jane Keeling 3 March, 6:25 pm

    My daughter a few years ago applied for a up date on her I phone she thought she’d do it via her phone. Got through to India were they took wrong details and she was refused an update. She’s just tried again gone into a EE shop and because of mix up with details fraud squad are now investigating my daughter. She has provided bank details and passport to EE shop and now awaiting fraud investigation to ring her This has caused her great stress she is 8 months pregnant and all because details were taken down wrongly

  • Ivan 4 March, 10:50 pm

    An estate agent has passed my email address to a 3rd party without my permission. Has he broken the law?.

  • Karen O'Halloran 31 March, 10:23 pm

    Is my credit card company allowed to keep a copy of my passport on file?

  • John yorke 21 May, 2:58 pm

    My debit card details were retained by a third party company operating on behalf of a very large company for 2 months at which time they took an unauthorised payment which I subsequently got
    My bank to reinstate. what are my rights?