People often talk about the Data Protection Act, but in reality few people know very much about it. It is a very powerful piece of legislation aimed at protecting consumers against the unlawful handling of their personal information, and one which provides rights and remedies if you suffer damage or distress as a result.
The responsibilities of companies and organizations
The Data Protection Act requires that any organization which handles or processes personal data must comply with eight data protection principles – that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
In practice this means that if an organization causes you additional expense or long term inconvenience as a result of incorrect personal information about you, that organization would be in breach of the Data protection Act and liable to pay you compensation.
The rights of individuals
One of the principle purposes of the Data Protection Act is to give individuals the right to know and control what data is stored and how it is used. Therefore if you are in any way curious or suspicious as to what information organizations might hold on file about you, you have the right to make a Subject Access Request. This is a simple request in writing to the organization you believe to be holding or processing the data. Your request must include the relevant fee (maximum £10) and the reply must be received within 40 days. Many Subject Access Requests are made to credit reference agencies, so that people can find out about their various credit ratings. In this case, the fee is only £2 and a reply must be received within 7 days.
In addition to the right to know what information exists about you, you also have the right to request that inaccurate or inappropriate personal details be corrected or removed, or that personal information not be processed at all, if it leads to significant damage or distress on your part. But even in the absence of damage or distress, you can still stop all processing of your personal data for direct marketing purposes by writing to the company which is targeting you and requesting they take your details off their mailing lists.
Most common ways in which companies breach the Data Protection Act
- If companies mix up your details with someone else and wrongly charge you – typically telecoms and utility companies
- Where you have been refused credit as a result of the wrong information given by a credit reference agency
- CCTV without warning signage
- Recorded or monitored telephone calls without warning
Taking further action
If you feel an organization you’ve had dealings with is in breach of any of the 8 principles listed above, perhaps because you are being denied access to personal information they hold about you, or this information is inaccurate or being handled improperly, your first course of action must be to write to the data processor for the company itself (there must be a contact postal address on the website or correspondence). If you are unsure as to whether there has been a breach, or the organization is simply not responding to a request you have made, you should ask the Information Commissioner’s Office to undertake an Assessment Procedure. The Outcome of the Assessment is usually enough to force the organization to comply, if it isn’t, the ICO can take enforcement action. Under the act, if you can show the improper handling of personal data has caused damage or distress to you, you have the right to claim compensation through the courts.
The Data Protection Act is a very powerful piece of legislation as far as consumer rights are concerned – when it is mentioned, companies usually listen. However, it is also very much under-utilised and few people exercise their rights or invoke the assessment procedure which is offered by the ICO.
More info: http://www.ico.gov.uk/
Preventing junk mailing or cold calling as a whole
In accordance with the Data Protection Act, most firms’ marketing departments have to comply with the principles of the Data Protection Act in terms of how they deal with personal data. Nobody likes to receive excessive amounts of junk mail, and it is your right not to receive any. The Direct Marketing Association (DMA) runs the Mailing Preference Service and the Telephone Preference Service. If you apply to have your details (and the details of anybody else living in your household) put on the list, most firms will pay reference to this list when sending out marketing material.
More info: http://www.dma.org.uk/
My passed employer has informed me that my personal information ha been put on their website via email,this includes my bank and other personal details for everyone to see.what can be done?
My daughters vets rang today and told me all about money she owed them I knew she had a payment plan with the m but the girl who rang told everything without finding out whooshed was as speaking to in thought this was not allowed discussing someone’s finances with another persont
Hello my house/car insurance send a bank my insurance policy info three times that bank called me and ask why its getting sent there and i rec the same policy at my house same time the back rec it what can i do is that a data breach?
We as a construction company are often asked for local labour reports for developments we are working on. This is to measure the amount of local labour we are using on the development.
Are we breaching the data protection act by asking for home postcodes of all staff, including subcontracting staff even if it is just the first three characters of the postcode?
Question about DPA:
If an estate agents forwards a purchasers email to the seller without permission and this email includes the sellers email address would this be in breach of the act?
Many thanks
Can anyone help. I was attacked last year my attacker has just received 15 months prison. His partner works for DWP. Me and my close family keep getting investigated for benefit fraud. I cant get anywhere with DWP to see if she has accessed r records
I have recently dissolved a partnership but my x partner had written an email to a parent which had all personnel data for her and her child on it .I okay ed the email but she sent a group message from her own laptop to two new clients sending as a CCD and not as a blank copy this meant they could view and reply to each others emails. This then lead to a enrolment form being sent to all clients so they could see all private data .does this mean that myself is liable for her huge mistake as I tried to explain on previous occasions how to do this and she payed no attention and said she’d done it as according to the data protection act agreement I explained that it should have been sent as a blank carbon copy so clients couldn’t see each others messages .
Hi, I have been asked to provide our National Insurance no’s for a new Water bill.
Having read the comments below, this appears to be excessive information to provide, for a simple water bill….
Please can you confirm if I am acting within my rights to legally withhold giving this information? If so, under what part of the DPA, please.
Thanks
If a company knowingly reports false and inaccurate financial information about an individual to a third party (credit ref agencies etc) apart from breaching the principals of the Data protection Act are they committing any other offences criminal or civil ?
And what action can be taken by the individual ?
I recently found out someone I believe to be my partners ex wife has rang the council impersonating me and got passed data protected security questions to access my housing claim and cancelled it from the previous year saying I had been living with him all that time is this a crime for her to do this
Hi guys,
Hope you can help,
I recently submitted my application for housing with a housing association.
Before we even handed the application and the supported deocuments in a meeting with a adviser I was told by the adviser a fraud check was done on me and my family members. Is this lawful as none of us gave consent at that time.
I would understand when recieving the application they might go through this but not before hand.
Can anyone shed some light to this matter as i feel my privacy has been violated and how would I know which date they performed the fraud check so I know that they did this with out my consent and well before I handed in the application
My daughter a few years ago applied for a up date on her I phone she thought she’d do it via her phone. Got through to India were they took wrong details and she was refused an update. She’s just tried again gone into a EE shop and because of mix up with details fraud squad are now investigating my daughter. She has provided bank details and passport to EE shop and now awaiting fraud investigation to ring her This has caused her great stress she is 8 months pregnant and all because details were taken down wrongly
An estate agent has passed my email address to a 3rd party without my permission. Has he broken the law?.
Is my credit card company allowed to keep a copy of my passport on file?
My debit card details were retained by a third party company operating on behalf of a very large company for 2 months at which time they took an unauthorised payment which I subsequently got
My bank to reinstate. what are my rights?
Can my employer give my personal details,name,address etc.,to a private parking enforcement company,without my permission?
my current insurance company wanted to confirm my no claims discount with my previous insurance provider, he spoke with them , and tells me my previous Insurance will not talk about my no claims discount as I have arears on my account which I weren’t even aware of. Is this breach of information ? If so then what can I do because I really want to take them to court and put them back in their place !!! Thanks
I am guarantor for loan freimd of mine took but im not signed any contract with the loan company all what they have is phone conversation me agreeing to it .but they manage to find my ex wife email address and they send here email asking me to contact them to talk bout the loan me and my freind agreed to and he field to pay .is that not breaching the date protection data ?
My kid has been accepted by a private secondary school, I had already paid depoit and even school trip on the beggining of the term. I received a letter saying they will withdraw the offer because I own money to his private school where I still has 2 kids. Can the primary school disclose my debt to the secondary school without my consent ?
Hi maybe I’m being over sensitive but I set up a service plan for the car, when the direct debit conformation letter arrived it was addressed to my wife. When she opened it it had her name and my personal bank details in full. I have contacted the car dealers who apologised and just sent an email with the correct details.
It has touched a raw nerve what can I do or expect from the company.