Re: Court Action to obtain data

Hi Chris,

From your post it seems that your dispute is with Axa. I think you may find that it is the terms of Axa that will be enforcable. Towergate are brokers who in turn are selling an Axa product. Having said that Towerfate are themselves based in England and irrespective of what they say in the contract they are also subject to English law.

I believe in law that Towergate are equally as liable as Axa but your best course may well be to pursue Axa as I am sure that they will be liable in english courts.

I think that it is the terms of Axa that are important since they are the insurance company and not the broker and also that they decide(d) on the amount of payout and not the broker.

Of course if this turns out to be the case then yes it will strengthen your case considerably.

Regards
Mac

Re: Court Action to obtain data

Hi Mac,

Yes would agree with you - have requested clarification from both parties as to jurisdiction. Will let you know outcome.

In the meantime, I did a Data Subject Notice to AXA.

As mentioned in my PM to you, SIS interviewed me, took notes and six weeks later transcribed those notes into "A Statement by C R Wheatley". The notes were not read back to me, the notes were not signed by me, the statement was not shown to me and the statement was not signed by me. However, SIS sent this statement to the insurers. When I found out that this had happened, I demanded that I was provided with a copy to sign. SIS then came to my house with a copy that I looked over, amended errors and then signed. This signed copy was then sent to the insurers.

The insurers have been disregarding the amendments that were made to the statement and are relying upon the original unsigned statement. As such I sent them a Data Subject Notice under the 4th and 10th principle of the DPA.

I effectively told them to stop processing data that they knew to be inaccurate and to amend their files.

This is their response:

We acknowledge receipt of your email which you make application under section 10 of the DPA to amend its records with regard to a statement obtained in connection with your claim in 2006.

The Data Protection Officer is satisfied that the original account may be retained without amendment as an historical record in support of the chronology of the claim and its investigation, and that, by retaining a copy of your email with the claim record, our file accurately reflects the change made to the relevant statement. We confirm that, through these actions, we have compiled with your section 10 application.

This means of course that in their minds they can continue to use inaccurate data and they don't need to tell anyone, such as the FOS, that the data has been amended.

The ICO has said that as the original statement, be it not signed by me, was the investigators account of what was said at the interview. Therefore, this does not necessarily mean that the data is not accurate.

There must be some law against all this!!

Re: Court Action to obtain data

Hi Chris,

I think the trouble with all of this is that as we all know law is so complex and is grey in so many areas that it leaves an awful to intrepetation.

I personally am of the opinion that such bodies as Local Government Ombudsman and the ICO knowingly allow for such things because it shows the country and the system is working. Organisations do it because they knwo they can get away with it.

• The bits that strike me in your last post are: six weeks later transcribed those notes into "A Statement by C R Wheatley"

Clever bit of work by SIS as I think it means it is their statement and not your witness statement.

I think it is highly likely that the ICO presented with such have probably made the right decision. If it was your witness statement then yes all you suggest would have been right.

If however you see the statement and it contains something to the effect that it is a witness statement from XX, then I think it would be a different matter.

Regards
Mac

Re: Court Action to obtain data

Hmmm... a play with words I think Mac,

The statement bears the hallmarks of a statement taken by strathclyde police.

At the end of the day, the system employed by SIS allows an investigator to go into the house of the insured, interview, take notes and then present a so called statement to the insurer that has no relation to what was said at the interview. Since the interview notes can be destroyed there is absolutely no protection afforded to the insured. What is to stop the investigator from saying that the insured said that he set fire to his own home?

There has to be some protection Mac.

Chris

Re: Court Action to obtain data

Hi Chris,

I think people know what they can get away with in Scotland because there appears to be no such thing as PACE.

I think you need definitive answer on taking statements and retaining notes from such interviews.

It is true what you say about protection but I am not a legal bod so I cant say. I have no more feedback either.

To my mind there are 4 ways of doing this:

1. Pay for a solicitor
2. Find a solicitor that offers half hour free consultation in such matters and do a list of questions and get those answered
3. Joining a scottish law forum and ask the questions and case law. One such site is this http://www.scottishlaw.org.uk
4. Be cheeky and email a couple of law universities and ask the question

Regards
Mac

Re: Court Action to obtain data

Yes, thanks Mac.

My intention now is to try and get "best practice" from a number of Investigator companies here in Scotland. You may have seen in the news recently that Scottish law has had to be changed with regard to access to lawyers at police stations to coincide with European Human Rights laws. It may be that a similar change needs to take place in regard to my problem. I will ponder over this and perhaps contact my MP as you have done.

Will keep you up to date on matters, but thanks for your support.

Chris

Re: Court Action to obtain data

Hi Chris,

The other point to all this is european legislation which of course was the main reason for lawyers to be present in the high court case you mentioned. That particular court case arose because of human rights.

What you suggest is a judicial review and I will caution this is neither cheap or something that could be done as an individual. Having said that I am informed insurance (Axa lol) can be taken out.

Regards
Mac

Re: Court Action to obtain data

Data Protection Act: Section 35 Where is Your Data?

Data Protection Act 1998

Data Protection Act 1998

Re: Court Action to obtain data

Hi Righty,

Thank you for that very useful piece of information. It certainly helps me in my own argument.

Regards
Mac

Re: Court Action to obtain data

I promised to come back on the Scottish procedures when it comes to interviews and interview notes as far a civil law is concerned.

As Mac has previously said; in England a form statement exists which is referred to as a Section 9 statement and it conforms to certain rules in the English courts (Magistrates Courts Act and Criminal Procedure etc). The Witness statement is signed and handwritten notes are required by law to be disclosed – this comes under the law of disclosure.

In Scotland there are no regulations to direct Private Investigators let alone procedures to safeguard the civil rights of interviewee’s regardless of their position in a civil investigation.

Scottish Investigators that have responded to my enquiries have said that many investigators are ex police or ex military personnel and they tend to carry best practise principles from their respective public sector environments. This means that ex police would tend to follow police procedures.

One particular investigator said that he wished the industry to be regulated. Notwithstanding there are in existence professional associations such as Association of British Investigators, it does not stop Joe Blogs from calling himself a private investigator, setting up a website and trading without qualifications.

From the replies received to date there is agreement that in Scotland it is considered best practise to take handwritten notes at interviews, to invite the interviewee to read and sign those notes. Thereafter, any transcription of notes to ensure that they were legible to all would be signed and a copy provided to the interviewee. All notes would be retained on file. This appears to be generally in line with criminal procedures and quite rightly so.

Not all Investigators follow best practise, and in these cases it may be of some comfort to know that there may be a friend in the form of the Financial Ombudsman Service. The FOS has said that while they may look at unsigned statements they will not take them as factual.

This is good news for all Scottish victims of Investigators who do not follow best practise as above and who submit unchecked/unsigned typed interview notes as evidence in insurance claims.

Perhaps what is needed for full protection is a definitive written statement from the FOS in this regard. If this existed, insurers would no longer entertain unsigned witness statements etc. In this regard, I intend to write to the Chief Ombudsman.

In the meantime, I still believe the Data Protection Act can help to safeguard individual positions.

Turning to the links from Righty; Data Protection Act: Section 35 deals with Disclosures required by law or made in connection with legal proceedings:
(1) Personal data are exempt from the non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court.
(2) Personal data are exempt from the non-disclosure provisions where the disclosure is necessary—
(a) for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), or
(b) for the purpose of obtaining legal advice,
or is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
This is fine, on the basis that the Data Controller does not dispute that the documents held are “personal data”. Where the Data Controller uses the excuse that the data held is not personal, then it is for the ICO (and their delays) or the Court to make determination. The courts can in most cases offer a quicker determination.

Of course, if the Data Controller deliberately witholds data that is required under the above section which then by him witholding that data causes damage to the party litigant, then under the act, the litigant can claim for damages.

The Link regarding section 14 (Rectification, blocking, erasure and destruction) takes you to the 4th Principle which covers accuracy. This is where I believe the DPA can offer protection against Investigators not operating best practise.

The DPA does not define the word accurate, but it does say that personal data is inaccurate if it is incorrect or misleading as to any “matter of fact”.
I think that we could have a little discussion here as to what is a matter of fact.
For example: if a document has been determined to be “personal data” and within that document there is a statement that says “Mr…. went to the marina office and ask if they had MOVED his boat”, would this statement be determined to be a “matter of fact”?
Personally I think it does but as always I welcome your comments.
The Act goes on to say, it may be impractical to check the accuracy of personal data someone else provides (Such as the Private Investigator). In recognition of this, the Act says that even if you are holding inaccurate personal data, you will not be considered to have breached the fourth data protection principle as long as:
1. you have accurately recorded information provided by the individual concerned, or by another individual or organisation;
2. you have taken reasonable steps in the circumstances to ensure the accuracy of the information; and
3. if the individual has challenged the accuracy of the information, this is clear to those accessing it.

Taking each point above, if you receive information in a permanent form (ie statement) and do nothing but file that, then (1) above would not apply because you have not recorded that information. If however you receive the information electronically (by email) then by saving that information you have involved yourself in recording that information. On this basis, as long as the information (regardless of the information being inaccurate) has been accurately saved without error, then the act would have been complied with.

So what are reasonable steps?
This will depend on the circumstances and, in particular, the nature of the personal data and what it will be used for. The more important it is that the personal data is accurate, the greater the effort that should put into ensuring its accuracy. So if you will be using the data in making decisions that may significantly affect the individual concerned or others, you will need to put more effort into ensuring accuracy. This may mean you have to get independent confirmation that the data is accurate.
Important point: “if you will be using the data in making decisions..” will I think include if you put forward the data for others to make decisions.
The Data Controller will in most cases not know if the data is inaccurate unless his attention is drawn to the inaccuracy. I think that in the case where an individual has challenged the accuracy of the data, then “reasonable steps” would most certainly include at least further investigation if not obtaining independent confirmation that the data is accurate.
Again, would welcome your comments on the following situation:
The Data Controller receives an unsigned document in which it states “Mr…. went to the marina office and ask if they had MOVED his boat”. The Data Subject (the individual about whom the document is about) challenges the statement and avers that it should read, “Mr…. went to the marina office and ask if they had SEEN his boat”.
What Action should the Data Controller take with regard to taking reasonable steps to ensure that the data is accurate, especially if that data will be used in making decisions that may significantly affect the individual concerned?
Chris