• Welcome to the LegalBeagles Consumer and Legal Forum. Please register to get the most out of the forum. Registration is free and only needs a username and email address.
  • Please note that LegalBeagles is a public forum and the main areas are accessible to all, and as such, please take care your username or posts do not identify you. There is no need to post claim numbers, names or precise amounts to get support with your case. When uploading documents please ensure that you have properly redacted your personal details. Thank you.

Subject Access Request Data Protection Act - How to get your information.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Subject Access Request Data Protection Act - How to get your information.

    The Data Protection Act 1998 came into force on 1 March 2000 and replaced the Data Protection Act 1984. It gives individuals (‘data subjects’) a general right of access to ‘personal data’ (ie personal information) about themselves held by ‘data controllers’ within the United Kingdom. It also lays down principles for the way personal data must be managed.

    The Information Commissioner is responsible for ensuring compliance by public authorities with the Data Protection Act 1998 and the Freedom of Information Act 2000. This may involve monitoring, issuing guidance or taking formal steps to enforce compliance with the acts. The Information Commissioner is a Crown appointment, reporting directly to Parliament.

    SAR (Subject Access Request)
    Right of access to personal data (section 7 of the Act).
    There is a general right of access by a data subject to the personal data held about the data subject by the data controller. The process by which this right is exercised is called a ‘Subject Access Request’ (often abbreviated to SAR). The Act describes how the data controller must respond to such requests when an exemption does not apply. A data controller has 40 calendar days in which to provide the requested data, if no exemption applies.
    Following a subject access request to a data controller by a data subject, and the data controller having failed to comply, the data subject can apply to court, which may support the Request and order the data controller to comply.



    Here is a letter to be used when requesting your personal information from a bank or any company

    Dear Sir/Madam




    ACCOUNT NUMBER(s): xxxxxxxxx (or multiple numbers if more than one account)
    1. I formally request that you forward me a true record of any Data held by your organisation relating to myself for the complete term of the account(s).
    2. I am also aware this request should include any Data held for more than 6 years as under the Data Protection Act there is no time limit for information requested.
    3. If you do not hold Data for a period longer than 6 years I also request confirmation of this in writing along with your methods used for disposal of such information to comply with the Data Protection Act stating the name and contact information of your registered Data Controller and Code Compliance Officer.
    4. Additionally, where there has been any event in my account history over this period which has required manual intervention by any member of your staff, or any other person, I require disclosure of any indication or notes which have either caused or resulted in that manual intervention, or other evidence of that manual intervention in relation to my business with you.If you are unable to supply this data because there has been no such manual intervention, then please be so kind as to confirm this in your writing.
    I enclose the statutory maximum fee of £10. You have 40 days from receipt of this request in which to return to me the information requested , securely and in legible condition.

    If there is specific information which you require in order to satisfy yourself as to my identity, please let me know promptly. However, please note that the above address is the one registered with your organisation and which you have previously found to be acceptable.


    I would be happy to prove my identity or collect any documents at my local branch.


    Yours faithfully,


    (signature)


    (name)
    You can find the correct address https://ico.org.uk/esdwebpages/search
    Last edited by Amethyst; 9th February 2015, 12:39:PM.
    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  • #2
    Guide to the Data Protection Act & Non Compliance

    The Data Protection act should be quite simple - it basically entitles an INDIVIDUAL to have access to any information directly relating to them, held by a company.

    If you have sent the above letter or similar with the required fee then;


    When you can take further action.

    If you have:

    * Asked your bank/credit company for the information held about you under the Data Protection Act.
    * Paid the fee (if required),
    * Waited for more than 40 days

    and you have not received any response from them, we recommend that you contact them again to find out why using the non compliance letter below

    If their response to your further enquiry is unsatisfactory then you can make a data protection complaint using the data protection complaint form.

    When you send the Information Commissioners Office your form you must also send:

    * a copy of your Subject Acces Request letter,
    * confirmation of when your letter was received, and you cheque/postal order cashed.
    Last edited by Tools; 11th October 2013, 01:53:AM. Reason: Removed broken links
    Common Sense .... if in doubt, use it !

    “We may not win by protesting, but if we don’t protest we will lose. If we stand up to them, there is always a chance we will win.” Hetty Bower

    Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

    Find Solicitors offering fixed fees on our sister site - JustBeagle.com

    Comment


    • #3
      Letter for DPA non compliance - when you wish to force compliance through the courts


      Your Name
      Address


      Date


      Banks Data Controller Name
      Address



      Dear Sir / Name

      Section 7 - Data Protection Act Subject Access Request

      Account: xxxxxxxx

      I sent a formal request for information under section 7 of the Data Protection Act, including the maxiumum £10 fee, to XXXXXX Bank on XX/XX/XXXX.

      You will be aware that under the Data Protection Act 1998 you have an obligation to comply fully with my request within 40 days.

      As of XX/XX/XXXX I have not received any/complete information from you.

      If you do not comply fully with my Subject Access Request by XX/XX/XXX {7 days from posting of this letter date} , I shall apply to the County Court for an order to enforce compliance, together with damages at the discretion of the court.


      Yours faithfully,



      [name]





      Common Sense .... if in doubt, use it !

      “We may not win by protesting, but if we don’t protest we will lose. If we stand up to them, there is always a chance we will win.” Hetty Bower

      Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

      Find Solicitors offering fixed fees on our sister site - JustBeagle.com

      Comment


      • #4
        Letter if you only wish to complain to the ICO for the moment

        Your name
        Your Address

        Date


        Bank Data Controller Name
        Address


        Dear Sir / Name

        Section 7 - Data Protection Act Subject Access Request
        Account: xxxxxxxx

        I sent a formal request for information under section 7 of the Data Protection Act, including the maxiumum £10 fee, to XXXXXX Bank on XX/XX/XXXX.

        You will be aware that under the Data Protection Act 1998 you have an obligation to comply fully with my request within 40 days.

        As of XX/XX/XXXX I have not received any/complete information from you.

        If you do not comply fully with my Subject Access Request by XX/XX/XXX {7 days from posting of this letter date} , I shall enter a complaint to the Information Commissioner.


        Yours faithfully



        NAME



        Complaint to the ICO - Complaint form in PDF available HERE
        This page holds information regarding your entitlement to information specifically related to unfair bank charging LOOK HERE
        Last edited by Tools; 11th October 2013, 01:52:AM. Reason: Removed broken links
        Common Sense .... if in doubt, use it !

        “We may not win by protesting, but if we don’t protest we will lose. If we stand up to them, there is always a chance we will win.” Hetty Bower

        Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

        Find Solicitors offering fixed fees on our sister site - JustBeagle.com

        Comment


        • #5
          Another strategy you may employ to obtain your data is to issue a claim against the company through the County Court for non-compliance with your Data Protection Act request.

          Some County Court staff are unused to this type of claim and therefore you must ensure that they do not advise that you file it as a Pre Action Disclosure under CPR Part 31 or a claim under CPR Part 8 as both of these options attract higher court fees.

          It is important to stress therefore, that the Information Commissioner has indicated that these claims are to be treated as Small Claims Track claims .

          Do not let the clerks give you any other forms to complete.
          This claim should be filed using an N1 Claim Form and must be filed at a County Court, MCOL cannot be used.


          Particulars of Claim for DPA non compliance


          1. The Defendant is a Data Controller within the meaning of the Data Protection Act and is responsible for the processing of data of which the Claimant is a Subject.

          2. The Claimant has an account number xxxxxxxx ("the Account") with the Defendant which was opened on or around (date)

          3. On (date) the Claimant sent a Subject Access Request, pursuant to Section 7 of the Data Protection Act 1998 to the Defendant.

          4. The Defendant has failed to comply.

          5. By virtue of the Defendant's failure to comply with the Subject Access Request the Claimant has suffered damage.

          6. The damage caused is:

          Extra costs incurred in addition to court costs, due to the Defendants failure to comply - this includes the cost of additional correspondence and time spent preparing documents and seeking legal advice, I estimate this cost to be £XX (a reasonable cost would be between £25 and £35)

          7. The Claimant seeks an order that the Defendant do comply with the Claimant's Subject Access Request

          8. Under the terms of Section 15(2) of the Data Protection Act 1998, where the Defendant contests that information requested under the Claimant's Subject Access Request is not included within the scope of Section 7 of the Data Protection Act 1998, the Claimant requests that the Court inspects that information, and where it finds that the Defendant's opinion is unfounded, that it orders such information be included within the information supplied to the Claimant under the Subject Access Request.

          9. Damages and costs within the discretion of the Court.
          Common Sense .... if in doubt, use it !

          “We may not win by protesting, but if we don’t protest we will lose. If we stand up to them, there is always a chance we will win.” Hetty Bower

          Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

          Find Solicitors offering fixed fees on our sister site - JustBeagle.com

          Comment


          • #6
            Other examples of DPA letters used;

            Tools v MBNA ** SETTLED**
            Common Sense .... if in doubt, use it !

            “We may not win by protesting, but if we don’t protest we will lose. If we stand up to them, there is always a chance we will win.” Hetty Bower

            Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

            Find Solicitors offering fixed fees on our sister site - JustBeagle.com

            Comment


            • #7
              Re: Subject Access Request Data Protection Act - How to get your information.

              You certainly know how to keep a reader entertained. I really enjoyed what you had to say.it according to my need and demand.

              Comment


              • #8
                Re: Subject Access Request Data Protection Act - How to get your information.

                Originally posted by Tools View Post
                The Data Protection Act 1998 came into force on 1 March 2000 and replaced the Data Protection Act 1984. It gives individuals (‘data subjects’) a general right of access to ‘personal data’ (ie personal information) about themselves held by ‘data controllers’ within the United Kingdom. It also lays down principles for the way personal data must be managed.

                The Information Commissioner is responsible for ensuring compliance by public authorities with the Data Protection Act 1998 and the Freedom of Information Act 2000. This may involve monitoring, issuing guidance or taking formal steps to enforce compliance with the acts. The Information Commissioner is a Crown appointment, reporting directly to Parliament.

                SAR (Subject Access Request)
                Right of access to personal data (section 7 of the Act).
                There is a general right of access by a data subject to the personal data held about the data subject by the data controller. The process by which this right is exercised is called a ‘Subject Access Request’ (often abbreviated to SAR). The Act describes how the data controller must respond to such requests when an exemption does not apply. A data controller has 40 calendar days in which to provide the requested data, if no exemption applies.
                Following a subject access request to a data controller by a data subject, and the data controller having failed to comply, the data subject can apply to court, which may support the Request and order the data controller to comply.



                Here is a letter to be used when requesting your personal information from a bank or any company



                You will find a list of addresses here

                http://www.legalbeagles.info/forums/showthread.php?t=21
                hi everyone, very helpfull on here to a point, but when I click the link above to access the addresses available for particular banks I'm told I can't access due to lack of privileges, I was informed that this was a free site after only 3 minutes of registering I'm being asked to upgrade? Please help is it me or do I have to pay for certain info

                Comment


                • #9
                  Re: Subject Access Request Data Protection Act - How to get your information.

                  I'll see what I can figure out [MENTION=61725]Mrweb[/MENTION] ... it may be a 'broken link' or something

                  Rest assured ... access to the site is free, the upgrade to VIP merely affords those users who desire it extra privacy (threads are not searchable online etc...) there is no information that could be needed by most people inaccessible to non-vip's

                  Kati x
                  Debt is like any other trap, easy enough to get into, but hard enough to get out of.

                  It doesn't matter where your journey begins, so long as you begin it...

                  recte agens confido

                  ~~~~~

                  Any advice I provide is given without liability, if you are unsure please seek professional legal guidance.

                  I can be emailed if you need my help loading pictures/documents to your thread. My email address is kati@legalbeaglesgroup.com
                  But please include a link to your thread so I know who you are.

                  Specialist advice can be sought via our sister site JustBeagle

                  Comment


                  • #10
                    Re: Subject Access Request Data Protection Act - How to get your information.

                    That post has been archived as many of the addresses & contact details were outdated. Is there a particular detail you are looking for MrWeb?
                    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

                    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here

                    Comment


                    • #11
                      Re: Subject Access Request Data Protection Act - How to get your information.

                      Hi, Yes it is a broken link as the post it pointed to was from 2007 and some of the addresses were obsolete. I'll remove the link and point it to the Data Protection Register as that contains the correct up to date details for each bank for the moment while I sort out a new directory for the informantion.

                      https://ico.org.uk/esdwebpages/search

                      eg. Lloyds Bank

                      Registration Number: Z7107034

                      Date Registered: 26 September 2002 Registration Expires: 25 September 2015

                      Data Controller: Lloyds Banking Group PLC
                      Address:

                      The Mound
                      Edinburgh
                      EH1 1YZ
                      Common Sense .... if in doubt, use it !

                      “We may not win by protesting, but if we don’t protest we will lose. If we stand up to them, there is always a chance we will win.” Hetty Bower

                      Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

                      Find Solicitors offering fixed fees on our sister site - JustBeagle.com

                      Comment


                      • #12
                        Re: Subject Access Request Data Protection Act - How to get your information.

                        Originally posted by Amethyst View Post
                        Another strategy you may employ to obtain your data is to issue a claim against the company through the County Court for non-compliance with your Data Protection Act request.

                        Some County Court staff are unused to this type of claim and therefore you must ensure that they do not advise that you file it as a Pre Action Disclosure under CPR Part 31 or a claim under CPR Part 8 as both of these options attract higher court fees.

                        It is important to stress therefore, that the Information Commissioner has indicated that these claims are to be treated as Small Claims Track claims .

                        Do not let the clerks give you any other forms to complete.
                        This claim should be filed using an N1 Claim Form and must be filed at a County Court, MCOL cannot be used.


                        Particulars of Claim for DPA non compliance



                        The entity that process my data have confirmed to the ICO that they do not hold or process my data. This is in spite of court evidence that proves otherwise.

                        I therefore need to make an application to the Court for the matter to be heard and the judge to decide to order my data is yielded by the entity concerned.

                        The thread here is from 2007 so has anything changed?

                        Is it a straightforward claim lodged with the Court under form N1 at a cost of £280?

                        As previously stated here, the court staff seem baffled with " subject access data" so does anyone know of any such cases / cost / which courts please?

                        Many thanks

                        Comment


                        • #13
                          Re: Subject Access Request Data Protection Act - How to get your information.

                          hey I have 2 questions about this.

                          1) I thought you had to give 14 days notice before court action in small claims not 7?
                          2) You mention you can claim damages and costs within the discretion of the court. Would this not bring it out of the small claims court and into the more expensive high court? As for example if you lost a tribunal case because of a companies failure to respond to a SAR request and you wanted to claim damages would in this situation it still stay in the small claims or escalate?

                          For example in the case of 'Dawson-Damer v Taylor Wessing LLP


                          She did the process in the high court as opposed to small claims, why is this?

                          see link here: https://www.burges-salmon.com/news-a...urt-of-appeal/

                          Comment

                          Announcement

                          Collapse
                          No announcement yet.
                          Loading...

                          upgrade to vip

                          Want exclusive access to forums, more privacy and a live chat box? Upgrade to become a bigger part of our community.

                          only £15/yr

                          Offers available. No subscription traps.

                          sign up now



                          Search and Compare fixed fee legal services and find a solicitor near you.

                          Find a Law Firm


                          Working...
                          X