• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

URGENT: Data Protection Act 1998 Breach...

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    I have attached a modified version to this post, of course removing any personal data such as names and adresses for Data Protection reasons.

    Note that both of my LBA's are practically identical, this is just one that I am sending to one societies Chairman at his home address obtained from the Charity Comissions website, so is public knowledge.

    I welcome any advice or suggestions on corrections or modifications or additions. I am open to advice here.
    Last edited by «THÖMÅS®©™»; 13th January 2019, 14:09:PM.

    Comment


    • #17
      Your letter does not tell them how much in total you are claiming.

      Have you found any precedents for this claim of £500 per breach?

      You letter is woefully lacking in any details of what they have done wrong.

      on a practical issue, would you be eligible for a reduction in the court fees?

      and finally what makes you think that the ICO's ruling absolves you from the necessity to prove your case in court?

      Comment


      • #18
        The ICO have ruled that they have both breached my rights by sharing my data between them without my consent and without any exceptions applying. As far as I am concerned, that should be enough for a court. The ICO have issued advice to both societies which they have allegedly "implemented". NAS, has a policy on their own site that says they won't share data with third parties without permission yet they clearly did and the ICO have confirmed this. I should be eligible for remission on court fees. Why would I need to add details on what they did wrong? They know what they did wrong. They are lucky I have decided not to take them to court for defamation of character after what they told the Evening News and each other. Making up a load of nonsense about me that is far from true, which I can prove is false by the way.

        Comment


        • #19
          Could you just explain why you asked for advice?

          Comment


          • #20
            What you mean?... I thought I stated why in my first post...

            Comment


            • #21
              The ICO have ruled that they have both breached my rights by sharing my data between them without my consent and without any exceptions applying. As far as I am concerned, that should be enough for a court.
              Actually that's not quite true. Just because there is a data breach doesn't always mean that an individual is automatically entitled to compensation, you still have to prove that the actions had caused you distress.

              Whilst your letter before action has the basics there, it could definitely be improved to make things more clearer. for example, I've attached a marked up version of you letter with comments. Although it doesn't have to sound professional, you do need to make sure there is sufficient information to enable the other side to know what case they have to meet. A standard format for a letter before action would usually be something along the lines of the below.

              1. Brief factual background
              2. The alleged breach and how they have breached it
              3. What you want from them to resolve the situation
              4. What evidence you intend to rely on in court.
              5. Deadline to comply/respond

              Your letter contains pretty much all of it but as I mentioned above, it could be tidied up a little to make things clearer to the reader.



              Attached Files
              If you have a question about the voluntary termination process, please read this guide first, as it should have all the answers you need. Please do not hijack another person's thread as I will not respond to you
              - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
              LEGAL DISCLAIMER
              Please be aware that this is a public forum and is therefore accessible to anyone. The content I post on this forum is not intended to be legal advice nor does it establish any client-lawyer type relationship between you and me. Therefore any use of my content is at your own risk and I cannot be held responsible in any way. It is always recommended that you seek independent legal advice.

              Comment


              • #22
                R0b, I appreciate your response and understand what you are saying. I am just not sure what else I can add that to my letter to "tidy it up".

                can you suggest something?

                Comment


                • #23
                  Its very difficult to advise someone in these circumstances, a claim under the DPA needs to be carefully constructed, for example i would often have a long meeting with my client to go over their case and to look at all the papers, question certain key points etc, however this is not something we can do on a forum because you would end up sharing potentially private data on an open forum.

                  So as a result it can be tricky to give details accurate advice. you will need to be the judge of what you draft and send
                  I work for Roach Pittis Solicitors. I give my free time available to helping other on the forum and would be happy to try and assist informally where needed. Any posts I make on LegalBeagles are for information and discussion purposes only and shouldn't be seen as legal advice. Any advice I provide is without liability.

                  If you need to contact me please email me on Pt@roachpittis.co.uk .

                  I have been involved in leading consumer credit and data protection cases including Harrison v Link Financial Limited (High Court), Grace v Blackhorse (Court of Appeal) and also Kotecha v Phoenix Recoveries (Court of Appeal) along with a number of other reported cases and often blog about all things consumer law orientated.

                  You can also follow my blog on consumer credit here.

                  Comment


                  • #24
                    PT is exactly right but I would also add that more often than not, information provided by posters on the forum is not always 100% and can on occasions be selective to suit the individual. Whilst I am not saying this is the case with you, we are unlikely to know the full backstory to your situation and that could alter the position one might take or how to approach it.

                    So the reality is that the best we can do is give you fairly generic information and as PT says, you will need to decide what to include or exclude. If it were me in your situation, I would probably take the approach of the example set out below. There is also another example of a letter before action for data breach in my list of templates (click here) although it is not directly on the same issue as yours, it should give you an idea on how to set out your letter.

                    -------------------------------------------------------


                    I am writing to you with reference to the above concerning a data breach with respect to my personal data and, despite efforts to reach a solution, the issue remains unresolved. This letter before action is therefore served on you in accordance with the Pre-Action Protocol for Pre-Action.

                    Factual background
                    On or about [DATE] ... [insert background details leading up to and including the breach itself].

                    The data breach
                    For the purposes of the [Data Protection Act [1998 OR 2018] / The General Data Protection Regulation], you are deemed to be the data controller in respect of my personal data. By disclosing my personal data to NAS, you failed to ensure compliance with the data protection principles as set out in Schedule 1 of the 1998 Act. More specifically:

                    [List each individual breach]

                    Evidence I intend to rely on
                    I enclose copies of the evidence that I intend to rely on in the event that legal proceedings are issued:
                    [List applicable evidence]

                    Action required by you
                    In order to resolve this dispute, I require you to:

                    a. provide a written apology;
                    b. undertake to not to disclose my personal data without my prior written consent or you are able to satisfy one of applicable principles.
                    c. compensation under section [13 DPA 1998 OR 168 DPA 2018] in respect of the distress suffered as a result from disclosure of personal data in the sum of [AMOUNT]. This amount is based on previous case law concerning breaches of data protection and which I consider to be a fair and reasonable sum in the context of the data breach which is the subject of this dispute.
                    If you have a question about the voluntary termination process, please read this guide first, as it should have all the answers you need. Please do not hijack another person's thread as I will not respond to you
                    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                    LEGAL DISCLAIMER
                    Please be aware that this is a public forum and is therefore accessible to anyone. The content I post on this forum is not intended to be legal advice nor does it establish any client-lawyer type relationship between you and me. Therefore any use of my content is at your own risk and I cannot be held responsible in any way. It is always recommended that you seek independent legal advice.

                    Comment


                    • #25
                      Thomas, one other point I mentioned above that could easily be put right: Your LBA asks for £500 per breach of the DPA. If I were the receiving party, I would not know how much money you were demanding, as we might have different ideas of what you mean by 'per breach'.

                      Comment


                      • #26
                        Question... Do I have to include copies of the documents in my letter on which I intend to rely on in court?

                        Comment


                        • #27
                          I have updated my LBA, please tell me if this is better or if I need to include more details, or not.

                          Note, I have spent the last 3 hours trying to get this together, I just hope that it now complies with any legislation that applies. Please let me know.

                          I have redacted this copy for Data Protection purposes again, names, addresses have been replaced with "X".

                          I would also like to extend a great thanks to pt2537. who spent an hour and 44 minutes to me on the phone with some very good advice, I have tried to put that advice to good use on my updated letter, but I am not sure if I have correctly or not, perhaps he can look and see, and so can other users, like 2222.
                          Last edited by «THÖMÅS®©™»; 28th November 2018, 06:40:AM.

                          Comment


                          • #28
                            Why is everyone silent? This matter is time sensitive, and I feel like I am being ignored again!

                            Comment


                            • #29
                              This is your letter before action ? Therefore you are in control of the timescales.

                              Not everyone is on here everyday and if you want help sometimes you need to be patient.

                              Pre-Action Protocol for Pre-Action.? I think you just want to put ' Pre-Action Protocols' there - doesn't seem to fall under any of the specific protocols - http://www.justice.gov.uk/courts/pro...civil/protocol

                              If you're going to use acronyms then the first mention should be in full with the acronym following 0 eg Blind Astronomy Society ( 'BAS' ) - then you can use 'BAS' further down the text.

                              Is the breach of DPA the sharing of data or the not providing copies in the SAR response ? I
                              #staysafestayhome

                              Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

                              Received a Court Claim? Read >>>>> First Steps

                              Comment


                              • #30
                                Claims in court under the DPA have a 1 year, less one day time limit before they become statute barred.

                                This is what I am worrying about...

                                Comment

                                View our Terms and Conditions

                                LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

                                If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


                                If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
                                Working...
                                X