• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

URGENT: Data Protection Act 1998 Breach...

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Claims for breaches of data protection have a 6 year limitation period. It was like that in the DPA 1998 and it's like that in the 2018 version. Not sure where you got your source for that time limit.

    Quite frankly you sound very ungrateful. The members on here give our own free time to help others out and many of us have jobs which take priority. It's also possible as PT says we dont have the answers for you, other times we just may not have that time to sit and read your letter immediately and then give you feedback. Sometimes you just have to wait for a reply or give your thread a bump.

    At the end of the day none of us owe you anything and we certainly are not obliged to post on your thread. If you don't like waiting for an answer, go and pay for some legal advice.
    If you have a question about the voluntary termination process, please read this guide first, as it should have all the answers you need. Please do not hijack another person's thread as I will not respond to you
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    LEGAL DISCLAIMER
    Please be aware that this is a public forum and is therefore accessible to anyone. The content I post on this forum is not intended to be legal advice nor does it establish any client-lawyer type relationship between you and me. Therefore any use of my content is at your own risk and I cannot be held responsible in any way. It is always recommended that you seek independent legal advice.

    Comment


    • #32
      R0b, I am far from "ungrateful". I am not sure where you got that from...

      I was not aware of a 6 year limit, I believed it was a 1 year limit since most things are.

      Comment


      • #33
        Most things are 6 years.
        Personal Injury / Medical Negligence is 3 years.
        Defamation is 1 year.
        Employment Tribunal claims is 3 months ( less one day )



        #staysafestayhome

        Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

        Received a Court Claim? Read >>>>> First Steps

        Comment


        • #34
          Amethyst, I did know that defamation claims are 1 year less one day, I also knew about employment tribunals, but I did not know that claims under DPA were 6 years. The only thing similar that I knew was 6 years is how long banks for example keep detailed records of transactions on an account.

          Is there anyone out there that can look at my letter and tell me if it is compliant or not please?

          Comment


          • #35
            Looking at your letter - are you trying to get hold of evidence for a later Defamation complaint ? It seems more that what was shared was untrue and possibly defamatory as opposed to that your data was shared at all.
            Then you also appear to be concerned that you were banned from the xxx Society for having a particular condition which may amount to Disability Discrimination.


             On or about April 30th 2018, my data protection rights were further breached by Mr. Xxxxx Xxxxxx by disclosing details of an investigation to the xxxxxxxxxxx News paper (xxxxxxxx) in relation to a complaint that I made on Tuesday 13th February 2018 concerning a complaint that I raised regarding Xxxxx Xxxxxxxxxx calling me a “f**king retard” on the evening of January 31st 2018, causing me much distress.
            I noted that some of the requested documents were missing. Namely; the emails that I have since received from xxxxxxxxxxxxx Society and a further copy from the Information Commissioner, copy of a banning order, emails between yourselves and thexxxxxxxxxxxx News, an explanation as to why my complaint raised in relation to Xxxxx Xxxxxxxxxx calling me a “f**king retard” was ignored, and the reason I was banned for having Xxxxxxxxx’x Xxxxxxxx.
             On April 30th 2018, an email was exchanged with xxxx Society containing a fabrication that I allegedly told a female member (this was Xx Xxxxxxx) to “shut the f**k up, can’t you see I am on the phone”. This is not only untrue, I have documentary evidence to prove this, not only from the alleged victim, but also from the then chairman who investigated this and concluded it was “unproven”. Mrs. Xxxxxxx herself stated that this was not true.
            If it is solely for the failure to include copies of certain documents / data in the reply to the Subject Access Request I'd list the specific documents you believe were missing;

            1) Communications between xxxx Society and xxxx News relating to myself.
            2) Emails sent from xxxx Society to myself
            3) Emails dated on/around 30th April 2018 between xxx Society and xxx Society relating to myself.


            ( Emails sent to yourself by them you would have copies of?)

            The ICO have ruled and informed the Society that they consider sharing of your information breaches the Data Protection Act. The Society has taken the action ordered by the ICO ? or did the ICO request the Society disclose the missing documents as well which they haven't done? ( Do you have a copy of the ICO letter?)
            #staysafestayhome

            Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

            Received a Court Claim? Read >>>>> First Steps

            Comment


            • #36
              Originally posted by «THÖMÅS®©™» View Post
              Why is everyone silent? This matter is time sensitive, and I feel like I am being ignored again!


              the lba is much improved imho. It seems a big improvement to be focused on the distress rather than the breach itself.

              I don't see how you can be claiming exactly the same against BAS?
              Last edited by 2222; 29th November 2018, 12:16:PM.

              Comment


              • #37
                Hope you're okay 2222 xxx
                #staysafestayhome

                Any support I provide is offered without liability, if you are unsure please seek professional legal guidance.

                Received a Court Claim? Read >>>>> First Steps

                Comment


                • #38
                  Fine thanks.

                  I'd be even better if the nurses hadn't woken me every 30 minutes to check I was okay. Otherwise, just a routine visit. I'd have replied to Thomas whilst wide awake in the middle of the night if I had been able to work out how to connect to the hospital wifi.

                  Having vented, I'll remove the first line of that post!

                  Comment


                  • #39
                    Originally posted by Amethyst View Post
                    Looking at your letter - are you trying to get hold of evidence for a later Defamation complaint ? It seems more that what was shared was untrue and possibly defamatory as opposed to that your data was shared at all.
                    Then you also appear to be concerned that you were banned from the xxx Society for having a particular condition which may amount to Disability Discrimination.
                    I have all the evidence I need for a defamation complaint, the one problem is that defamation cases are extremely expensive and time consuming, so I will not be pursuing one, although, if I was in a finacially stable position, I would definitely pursue one. My complaint is that both societies shared data regarding me that they did not have permission to share, one of the societies tried to claim that it was "legitimate interests" as a defence while withholding the crutial emails from me. But the ICO does not agree, saying that they shared the data in breach of schedule 2 of the DPA 1998 because they did not have my permission nor did any of the conditions apply.

                     On or about April 30th 2018, my data protection rights were further breached by Mr. Xxxxx Xxxxxx by disclosing details of an investigation to the xxxxxxxxxxx News paper (xxxxxxxx) in relation to a complaint that I made on Tuesday 13th February 2018 concerning a complaint that I raised regarding Xxxxx Xxxxxxxxxx calling me a “f**king retard” on the evening of January 31st 2018, causing me much distress.
                    I noted that some of the requested documents were missing. Namely; the emails that I have since received from xxxxxxxxxxxxx Society and a further copy from the Information Commissioner, copy of a banning order, emails between yourselves and thexxxxxxxxxxxx News, an explanation as to why my complaint raised in relation to Xxxxx Xxxxxxxxxx calling me a “f**king retard” was ignored, and the reason I was banned for having Xxxxxxxxx’x Xxxxxxxx.
                     On April 30th 2018, an email was exchanged with xxxx Society containing a fabrication that I allegedly told a female member (this was Xx Xxxxxxx) to “shut the f**k up, can’t you see I am on the phone”. This is not only untrue, I have documentary evidence to prove this, not only from the alleged victim, but also from the then chairman who investigated this and concluded it was “unproven”. Mrs. Xxxxxxx herself stated that this was not true.
                    Originally posted by Amethyst View Post
                    If it is solely for the failure to include copies of certain documents / data in the reply to the Subject Access Request I'd list the specific documents you believe were missing;

                    1) Communications between xxxx Society and xxxx News relating to myself.
                    2) Emails sent from xxxx Society to myself
                    3) Emails dated on/around 30th April 2018 between xxx Society and xxx Society relating to myself.
                    No, my complaint is for breaching the DPA 1998 because they shared data that they should not have shared, especially when it contains utter fabrications and potentially libellous ones at that as well. As for the sent to myself, from xxxx Society, I will correct that error.


                    ( Emails sent to yourself by them you would have copies of?)

                    Originally posted by Amethyst View Post
                    The ICO have ruled and informed the Society that they consider sharing of your information breaches the Data Protection Act. The Society has taken the action ordered by the ICO ? or did the ICO request the Society disclose the missing documents as well which they haven't done? ( Do you have a copy of the ICO letter?)
                    The ICO have ruled that the data sharing was in breach of the DPA 1998 under schedule 2. The ICO gave them advice on how to improve thier data protection practices and I am unsure if that action has been taken even though one of them says they have, I see no sign of it yet. The society AND the ICO disclosed the missing emails that I asked for, BUT, they actually prove that a data breach has taken place, which is why the ICO have ruled against BOTH societies because they disclosed data without my permission or without any of the exceptions applying. This is what I am effectively suing them for. I will not let them get away with this. I am doing this out of principle.

                    What I am saying is that what they did was unacceptable. Currently they are probably walking away laughing at me saying they got away with it. Not just yet they havn't...

                    ------------------------------------------------

                    Originally posted by 2222 View Post
                    Since you demand an explanation, I spent last night in hospital. I hope that's okay ? Not much of an excuse, I know....
                    I apologise, I was not aware that you were in hospital... I do hope that you are OK.

                    Originally posted by 2222 View Post
                    the lba is much improved imho. It seems a big improvement to be focused on the distress rather than the breach itself.
                    This is why I am not sure, while I agree and felt that I had improved it significantly, I am not entirely sure if it will either have the desired effect, or be compliant with CPR should the matter go to court.

                    Originally posted by 2222 View Post
                    I don't see how you can be claiming exactly the same against BAS?
                    Because they did exactly the same as NAS, by disclosing details about me, along with fabrications I might add that they had no right to disclose. Most of what both societies claim about me is utter nonsense, only one of the claims are partially true, and I reffer to a laser incident that was an honest mistake. The way that the writer claims it happened makes it appear that I deliberatly pointed it at him and activated it. It is not true. It was an accident, I had it in my hand, with my phone checking a text message when I accidently activated it and it happened to be pointing at someone. I immediately apologised and that was the end of the matter. They seem to be digging up the past and twisting it to suit the situation to make them appear better than they actually are.

                    Comment


                    • #40
                      1. Delete the reference to small claims court - as I mentioned in previous post there is no such thing and no guarantee it will be heard on the small claims track. By keeping it in, you are simply showing your lack of knowledge of the legal process.

                      2. Factual background lacking in detail. Anyone can say personal data was disclosed without consent, so you need to specify what personal data was actually disclosed so that the dispute can be narrowed down to specific issues. Further down your letter you refer to a complaint but this isn't mentioned anywhere in the factual background.

                      3a. Judging by the dates you mentioned under the data breach heading, the GDPR is not applicable because these breaches occurred prior to 25 May 2018 so all references to the GDPR can be removed.

                      3b.I'm not entirely sure those bullet points you've listed should be in the breach section, I wold be considering if they need to be under factual background. It might be better to re-word it to say something along the lines of "... By disclosing my personal data to BAS, you were in breach of your duties under Section 4(4) of the 1998 Act which requires you to comply with the data protection principles set out in Schedule 1. More specifically, you did not process my personal data in a fair or lawful manner (Principle 1)." You may also want to re-iterate here that the ICO also confirmed by way of a decision that it believed NAS to be in breach of the DPA.

                      3c. What is the link between your complaint and Norwich Evening news, its not clear as I read it why they are referenced (see point 1).

                      4. You may want to consider whether it is reasonable to seek an undertaking from them and instead ask for confirmation that they have implemented the measures/advice given to them by the ICO.

                      5. In relation to the pargraph requesting documents from them, you are not likely to get the advice given to them by a solicitor as that is likely to be deemed privileged information, and I am not sure they would be obliged to hand over the advice given by the ICO although if the ICO has made a decision, it should have summarised that decision to you and explained what action it has taken. If you never got that, then you should request it from them.

                      6. the phrase "I would invite you to put forward any proposals in this regard." isn't necessary and contradicts with the resolution you are seeking so I would suggest that sentence is removed.

                      7. On the last paragraph, you referred to "anticipate that court action will be commenced." Personal preference but I would have said something like "I will commence legal proceedings and seek interest on the sums claimed at a rate of 8% per annum, together with any other reasonable costs or expenses incurred such as application fees and costs of attending the hearing."

                      As an aside, the disclosure of the information to BAS (and particularly Norwich Evening News) might also be considered a misuse of private information.

                      Also as a reminder of what I said initially about not everyone will be able to recover merely because of a breach. Take the very recent High Court decision of Lloyd v Google [2018] EWHC 2599 (QB) (link to judgment here) where the judge said this:

                      I do not believe that the authorities show that a person whose information has been acquired or used without consent invariably suffers compensatable harm, either by virtue of the wrong itself, or the interference with autonomy that it involves. Not everything that happens to a person without their prior consent causes significant or any distress. Not all such events are even objectionable, or unwelcome. Some people enjoy a surprise party. Not everybody objects to every non-consensual disclosure or use of private information about them. Lasting relationships can be formed on the basis of contact first made via a phone number disclosed by a mutual friend, without asking first. Some are quite happy to have their personal information collected online, and to receive advertising or marketing or other information as a result. Others are indifferent. Neither category suffers from "loss of control" in the same way as someone who objects to such use of their information, and neither in my judgment suffers any, or any material, diminution in the value of their right to control the use of their information.
                      That decision has only just come out in October and I believe Lloyd is seeking permission to appeal so that decision may be subject to change.
                      Last edited by R0b; 29th November 2018, 14:32:PM.
                      If you have a question about the voluntary termination process, please read this guide first, as it should have all the answers you need. Please do not hijack another person's thread as I will not respond to you
                      - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                      LEGAL DISCLAIMER
                      Please be aware that this is a public forum and is therefore accessible to anyone. The content I post on this forum is not intended to be legal advice nor does it establish any client-lawyer type relationship between you and me. Therefore any use of my content is at your own risk and I cannot be held responsible in any way. It is always recommended that you seek independent legal advice.

                      Comment


                      • #41
                        R0b Amethyst pt2537 2222 After reviewing thier own website, it appears that NAS were fully aware of thier responsibilities under the Data Protection Act 1998 by virtue of the following line in this page: "We do not share your data with third parties, or with other members without your permission."

                        It seems clear to me that they knew what they were doing when they repeatedly breached my rights and knew that there would potentially be consequences.

                        Can this be used in my LBA against them?

                        Some of what R0B has said above this post is a little confusing for me to follow. I am trying my best here, I am struggling to get this right for compliance... I am not sure what I have to put in here, copies of emails "which I will probably have to type out on to the page, or something else.

                        I know that I might be frustrating members that are trying to assist me, but given the situation, this is difficult for me.

                        Would someone specify what is meant by "factual background" please? I am rather confused on what I need to enter under this heading...
                        Last edited by «THÖMÅS®©™»; 2nd December 2018, 07:39:AM.

                        Comment


                        • #42
                          Originally posted by «THÖMÅS®©™» View Post
                          R0b Amethyst pt2537 2222 After reviewing thier own website, it appears that NAS were fully aware of thier responsibilities under the Data Protection Act 1998 by virtue of the following line in this page: "We do not share your data with third parties, or with other members without your permission."
                          It seems clear to me that they knew what they were doing when they repeatedly breached my rights and knew that there would potentially be consequences.
                          Can this be used in my LBA against them?
                          Some of what R0B has said above this post is a little confusing for me to follow. I am trying my best here, I am struggling to get this right for compliance... I am not sure what I have to put in here, copies of emails "which I will probably have to type out on to the page, or something else.
                          I know that I might be frustrating members that are trying to assist me, but given the situation, this is difficult for me.
                          Would someone specify what is meant by "factual background" please? I am rather confused on what I need to enter under this heading...
                          What is on the website now reflects the current position. I don't see how it can help your claim about past events. In my view, you would be better off just bunging your letters in, rather than worrying yourself to death.
                          I think this case is going to be mostly about quantum, ie can you justify the level of damages you are claiming. The court will need to satisfy itself that a breach took place and it is unjustified, but I assume the iCO was rigorous in their investigation of this, so the court will come to the same conclusion.

                          Comment


                          • #43
                            2222 I am not really sure what you are getting to.

                            I need clarification on what I need to put under that header.

                            Comment


                            • #44
                              factual background is a summary of facts / relevant facts. It's not opinions or argument, just facts leading up to your claim. Your facts are short and lacking in the detail of what personal data was disclosed. More specific is needed there on what was disclosed.
                              If you have a question about the voluntary termination process, please read this guide first, as it should have all the answers you need. Please do not hijack another person's thread as I will not respond to you
                              - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                              LEGAL DISCLAIMER
                              Please be aware that this is a public forum and is therefore accessible to anyone. The content I post on this forum is not intended to be legal advice nor does it establish any client-lawyer type relationship between you and me. Therefore any use of my content is at your own risk and I cannot be held responsible in any way. It is always recommended that you seek independent legal advice.

                              Comment


                              • #45
                                Hi Thomas, I was referring to "After reviewing thier own website, it appears that NAS were fully aware of thier responsibilities under the Data Protection Act 1998". Does it make any difference to your case? Answer is no, it doesn't. So, you don't need to include it. I'll go further: it's wrong to include it, because it side-tracks the main points you are making.

                                If you think I am wrong, please explain why, but it's clearly the data controller's job to know his duties, and whether he says that on a website or not makes no difference.

                                Comment

                                View our Terms and Conditions

                                LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

                                If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


                                If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
                                Working...
                                X