• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

Possible GDPR breach?

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Possible GDPR breach?

    Hi,

    I'm not sure where to place this question as it is a strange one and first time posting on this forum.

    I sent an email to a debt recovery agency to negotiate a settlement figure.

    I didn't receive a reply but 1 of the my parents did on their personal email and within the reply was sensitive information.

    I called and asked how they got my parents email and they didn't know.

    Is this a breach of GDPR?

    Tags: None

  • #2
    The answer to your question is No. Unless you can expand on the sensitive information question?

    Comment


    • #3
      Yes. If they sent them personal and sensitive information about you.

      Comment


      • #4
        Were they ever linked to the debt such as guarantor on a loan or anything? - does seem odd for sure.

        As for GDPR, carelessness with Personal Data usually does breach data protection regs somewhere. Whether you'd get anywhere with it is another matter as it would have to be pretty serious/widespread for the ICO to do anything. My usual advice is find out who the registered data controller is for the company concerned and complain to them in the first instance. You can look that person up here https://ico.org.uk/ESDWebPages/Search

        I've done this numerous times and you'd be surprised how effective it is at getting to the bottom of things like this.

        Comment


        • #5
          Hi All,

          Thanks for the replies.

          Here's a little more info. I'm not sure how far personal or sensitive data is evaluated nowadays but on the email contained my Reference Number for the recovery agent, my full name and debt information.

          I called them and have it recorded and I stated where did you get that email address. They looked and they didn't know.

          The debt was on a credit card and there was no direct link. However I believe there is an indirect link as we both have/had credit cards from the same Bank and lived at the same address.

          Should I send the data controller letter to both the recovery agent and the original creditor?

          Comment


          • #6
            GDPR recognises special categories of data that need to be handled with particular care, but it doesn't actually include finance/debt info. The list is here:

            https://ico.org.uk/for-organisations...ory-data/#scd1

            So this is just an incorrect disclosure of your Personal Data which has (perhaps?) caused you embarrassment with your parents due to the nature of it. If your objective is just to get a proper/thorough investigation into how it happened, assurances they have got to the root cause of it and made changes to systems or procedures to stop it happening again, and a profuse apology, that's a reasonable expectation.

            Sounds like it's just a system or human error. Bit of a mix-up between records or something.

            I would send to the creditor as they were the ones who originally collected your data, and are the Data Controller + it sounds like the error is more likely to be theirs. i.e. if the debt company was responsible for the mix up, how would they have your parents data in the first place as they have no lawful basis to be holding it (unless of course, your parents were in debt too). The debt company is usually a Data Processor under contract to the creditor - so you'd still kick the same butt even if you thought the debt company was responsible for the bad data, and (in this case) were the ones who actually disclosed it.

            Comment


            • #7
              Most emails contain a disclaimer to cover such an eventuality?

              Comment


              • #8
                Originally posted by EnglandPi View Post
                Most emails contain a disclaimer to cover such an eventuality?
                True. You can issue warnings that if they are not the intended recipient, they should delete it and notify, but lets be honest, it's just a hope and pray strategy for carelessness that has already occurred and proper control lost.

                Comment


                • #9
                  It does contain a disclaimer.

                  I'll just enquire to figure out how it happened because what's to stop them next time emailing another random person who isn't related with even more personal information. As long as there's accountability and an explanation as to how it happened I'll settle for an apology. If it goes deeper and trying to bait a family member into paying then I'll take it further but to prove that will be virtually impossible.

                  Comment

                  View our Terms and Conditions

                  LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

                  If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


                  If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
                  Working...
                  X