• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

Subject Access Request Data Protection Act - How to get your information.

Collapse
Loading...
This thread is closed.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Subject Access Request Data Protection Act - How to get your information.

    The Data Protection Act 1998 came into force on 1 March 2000 and replaced the Data Protection Act 1984. It gives individuals (‘data subjects’) a general right of access to ‘personal data’ (ie personal information) about themselves held by ‘data controllers’ within the United Kingdom. It also lays down principles for the way personal data must be managed.

    The Information Commissioner is responsible for ensuring compliance by public authorities with the Data Protection Act 1998 and the Freedom of Information Act 2000. This may involve monitoring, issuing guidance or taking formal steps to enforce compliance with the acts. The Information Commissioner is a Crown appointment, reporting directly to Parliament.

    SAR (Subject Access Request)
    Right of access to personal data (section 7 of the Act).
    There is a general right of access by a data subject to the personal data held about the data subject by the data controller. The process by which this right is exercised is called a ‘Subject Access Request’ (often abbreviated to SAR). The Act describes how the data controller must respond to such requests when an exemption does not apply. A data controller has 40 calendar days in which to provide the requested data, if no exemption applies.
    Following a subject access request to a data controller by a data subject, and the data controller having failed to comply, the data subject can apply to court, which may support the Request and order the data controller to comply.



    Here is a letter to be used when requesting your personal information from a bank or any company

    Dear Sir/Madam

    SAR (Subject Access Request)
    FULL NAME : FULL ADDRESS : POSTCODE
    Any past names/addresses

    Account numbers (if you know them)

    1. I formally request that you forward me a true record of any Data held by your organisation relating to myself for any and all accounts held currently or in the past with your company. This should include, but not be limited to all transaction lists, agreements
    2. This request should include any Data held for more than 6 years as under the Data Protection Act there is no time limit for information requested.
    3. If you do not hold Data for a period longer than 6 years I also request confirmation of this in writing along with your methods used for disposal of such information to comply with the Data Protection Act stating the name and contact information of your registered Data Controller and Code Compliance Officer.

    I enclose the statutory maximum fee of £10. You have 40 days from receipt of this request in which to return to me the information requested , securely and in legible condition.

    Please note that the above address is the one registered with your organisation and which you have previously found to be acceptable.


    Yours faithfully,


    (signature)


    (name)
    You will find a list of addresses here

    http://www.legalbeagles.info/forums/showthread.php?t=21
    Last edited by Amethyst; 10th May 2009, 09:18:AM. Reason: Updating
    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  • #2
    Guide to the Data Protection Act & Non Compliance

    The Data Protection act should be quite simple - it basically entitles an INDIVIDUAL to have access to any information directly relating to them, held by a company.

    If you have sent the above letter or similar with the required fee then;


    When you can take further action.

    If you have:

    * Asked your bank/credit company for the information held about you under the Data Protection Act.
    * Paid the fee (if required),
    * Waited for more than 40 days

    and you have not received any response from them, we recommend that you contact them again to find out why using the non compliance letter below

    If their response to your further enquiry is unsatisfactory then you can make a data protection complaint using the data protection complaint form.

    When you send the Information Commissioners Office your form you must also send:

    * a copy of your Subject Acces Request letter,
    * confirmation of when your letter was received, and you cheque/postal order cashed.
    Last edited by Amethyst; 19th July 2008, 08:31:AM.
    #staysafestayhome

    Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

    Received a Court Claim? Read >>>>> First Steps

    Comment


    • #3
      Letter for DPA non compliance - when you wish to force compliance through the courts


      Your Name
      Address


      Date


      Banks Data Controller Name
      Address



      Dear Sir / Name

      Section 7 - Data Protection Act Subject Access Request

      Account: xxxxxxxx

      I sent a formal request for information under section 7 of the Data Protection Act, including the maxiumum £10 fee, to XXXXXX Bank on XX/XX/XXXX.

      You will be aware that under the Data Protection Act 1998 you have an obligation to comply fully with my request within 40 days.

      As of XX/XX/XXXX I have not received any/complete information from you.

      If you do not comply fully with my Subject Access Request by XX/XX/XXX {7 days from posting of this letter date} , I shall apply to the County Court for an order to enforce compliance, together with damages at the discretion of the court.


      Yours faithfully,



      [name]





      Last edited by Amethyst; 13th March 2009, 11:01:AM.
      #staysafestayhome

      Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

      Received a Court Claim? Read >>>>> First Steps

      Comment


      • #4
        Letter if you only wish to complain to the ICO for the moment

        Your name
        Your Address

        Date



        Bank Data Controller Name
        Address



        Dear Sir / Name

        Section 7 - Data Protection Act Subject Access Request
        Account: xxxxxxxx

        I sent a formal request for information under section 7 of the Data Protection Act, including the maxiumum £10 fee, to XXXXXX Bank on XX/XX/XXXX.

        You will be aware that under the Data Protection Act 1998 you have an obligation to comply fully with my request within 40 days.

        As of XX/XX/XXXX I have not received any/complete information from you.

        If you do not comply fully with my Subject Access Request by XX/XX/XXX {7 days from posting of this letter date} , I shall enter a complaint to the Information Commissioner.


        Yours sincerely/faithfully



        NAME



        Complaint to the ICO - Complaint form in PDF available HERE
        This page holds information regarding your entitlement to information specifically related to unfair bank charging LOOK HERE
        Last edited by Tools; 11th October 2013, 01:45:AM. Reason: Removed broken links
        #staysafestayhome

        Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

        Received a Court Claim? Read >>>>> First Steps

        Comment


        • #5
          Another strategy you may employ to obtain your data is to issue a claim against the company through the County Court for non-compliance with your Data Protection Act request.

          Some County Court staff are unused to this type of claim and therefore you must ensure that they do not advise that you file it as a Pre Action Disclosure under CPR Part 31 or a claim under CPR Part 8 as both of these options attract higher court fees.

          It is important to stress therefore, that the Information Commissioner has indicated that these claims are to be treated as Small Claims Track claims .

          Do not let the clerks give you any other forms to complete.
          This claim should be filed using an N1 Claim Form and must be filed at a County Court, MCOL cannot be used.


          Particulars of Claim for DPA non compliance


          1. The Defendant is a Data Controller within the meaning of the Data Protection Act and is responsible for the processing of data of which the Claimant is a Subject.

          2. The Claimant has an account number xxxxxxxx ("the Account") with the Defendant which was opened on or around xx/xx/xxxx(date)

          3. On xx/xx/xxxx(date) the Claimant sent a Subject Access Request, pursuant to Section 7 of the Data Protection Act 1998 to the Defendant.

          4. The Defendant has failed to comply.

          5. By virtue of the Defendant's failure to comply with the Subject Access Request the Claimant has suffered damage.

          6. The damage caused is:

          Extra costs incurred in addition to court costs, due to the Defendants failure to comply - this includes the cost of additional correspondence and time spent preparing documents and seeking legal advice, I estimate this cost to be £XX (a reasonable cost would be between £25 and £35)

          7. The Claimant seeks an order that the Defendant do comply with the Claimant's Subject Access Request

          8. Under the terms of Section 15(2) of the Data Protection Act 1998, where the Defendant contests that information requested under the Claimant's Subject Access Request is not included within the scope of Section 7 of the Data Protection Act 1998, the Claimant requests that the Court inspects that information, and where it finds that the Defendant's opinion is unfounded, that it orders such information be included within the information supplied to the Claimant under the Subject Access Request.

          9. Damages and costs within the discretion of the Court.
          Last edited by Tools; 13th March 2009, 12:52:PM.
          #staysafestayhome

          Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

          Received a Court Claim? Read >>>>> First Steps

          Comment


          • #6
            Other examples of DPA letters used, in this instance for credit card fees

            Tools v MBNA ** SETTLED**
            Last edited by Tools; 13th March 2009, 12:53:PM. Reason: reapiring broken link
            #staysafestayhome

            Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

            Received a Court Claim? Read >>>>> First Steps

            Comment

            View our Terms and Conditions

            LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

            If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


            If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
            Working...
            X