Re: Data Protection Act 1998

Here is the SRA Rule Book makes interesting reading.

Just put data protection in the search box and hit enter

http://www.sra.org.uk/rules/

Re: Data Protection Act 1998

Hi All, been following your convo about DP and LA's. I believe LA's have different rules to the rest of the nation when it comes to money! because 1. they are centrally funded and 2. they are not for profit government organisations - and as such they are ruled by Financial Regulations for Public Funds - or something similar from memory

RE: the DP and a former address being passed on by the solicitor - its likely that this is due to legislation around preventing money laundering and I believe is/was quite common practice.

Furthermore although there are DP requirements for data held by LA's - I think they are not all encompassing as they are classed as 'government' and as such, usually have some counter act.

That being said a usual SAR will turn up some interesting reading but be warned I got mine back a couple of weeks ago and they give you EVERYTHING! so if you're going looking for something specific - tell them to limit it to set areas, otherwise they will send you a couple of trees worth of paper!!

Just my two pence worth = lots of things may have changed in the last 3 years tho, which is when I left LA employment

Re: Data Protection Act 1998

An interesting thought Casper, however section 35 of DPA provides -

35 Disclosures required by law or made in connection with legal proceedings etc.

(1)Personal data are exempt from the non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court.

(2)Personal data are exempt from the non-disclosure provisions where the disclosure is necessary—
(a)for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), or
(b)for the purpose of obtaining legal advice,
or is otherwise necessary for the purposes of establishing, exercising or defending legal rights.



So it appears a council would not be in breach of DPA as the rules prohibiting disclosure of data to a third party do not apply to matters in connection with legal proceedings, prospective legal proceedings or seking legal advice

Stuart

Re: Data Protection Act 1998

No a solicitor is still expected to treat a (former) clients data as confidential irrespective of money laundering regs & as none payment of council tax is not money laundering (illegal) that argument fails

What should have happened is that they should have written to their client requesting consent to give that info & if he refused notifying the council who then could choose whether or not to seek a court order compelling them. They owed no duty to the council

Breaching confidentiality for whatever reason is very serious & could cost them dearly

Re: Data Protection Act 1998

JM - I am very grateful for your post thank you. I have been battling with this for a few days. I'm intentionally playing devil's advocate here, but would any of the following hold water:

An interesting thought Casper, however section 35 of DPA provides -

35 Disclosures required by law or made in connection with legal proceedings etc.

(1)Personal data are exempt from the non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court.

(2)Personal data are exempt from the non-disclosure provisions where the disclosure is necessary—
(a)for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), or
(b)for the purpose of obtaining legal advice,
or is otherwise necessary for the purposes of establishing, exercising or defending legal rights.



So it appears a council would not be in breach of DPA as the rules prohibiting disclosure of data to a third party do not apply to matters in connection with legal proceedings, prospective legal proceedings or seeking legal advice

Given the above, if there is no mention of court proceedings has been mentioned, are they then in breach?

Passing a debt to a DCA is not usually in connection with legal proceedings. It they pass it to one DCA and this one DCA follows it through to court, fair enough, but if they pass it from DCA to DCA are they in breach as they are clearly not intending the first third party to pursue legal proceedings.

Without looking, does 35 apply just to councils or all corporations?

What happens when a debt is sold. Your details are clearly being passed onto a third party, but there is clearly no motive for legal proceedings from the OC as they are selling the debt. Even if the buyer wanted to pursue legal proceedings, would it be in breach for the OC to pass details to the purchaser of the debt as the clear intent is not legal proceedings, it is writing off bad debt.

As I say, playing devil's advocate, but would be interested in your response!

David

Re: Data Protection Act 1998

David:

Your original post referred to councils passing on data to Bailiffs pursuing parking fines etc, section 35 would always apply as legal proceeding would have commenced for Bailiffs to be involved. Section 35 applies to all Data Controllers, not just to Local Authorities.

If the parking fine was for parking on a local authority car park without paying the required fee, it may also be that a provision within the terms of using the car park includes a consent clause.

In the case of a DCA pursuing a debt, if the DCA threatens legal action in their correspondence they would no doubt argue that it was in relation to prospective legal proceedings.
It is also highly likely that the contract relating to the debt would have a consent clause.
In any event Schedule 2 of the DPA sets out the circumstances under which data can be processed .....
Section 2 The processing is necessary—.
(a)for the performance of a contract to which the data subject is a party.

A debt sold to a third party would be done so under a 'right to transfer' clause within an agreed contract and is therefore done 'with consent'

I think the difficulty you will have in finding ways to use the DPA in this way is that the Act was never intended to be used for that purpose.

Regards

Stuart

Re: Data Protection Act 1998

Thanks Stuart, I'm not actually thinking of using it any way particularly. It is just my nature that when I get an interest in things (like this site) my thirst for knowledge is unquenchable and while I know I'm on a very steep learning curve, I love to try to help people. The way I think means i rarely just accept anything at face value without thinking about it and questioning it, hence my thread here. I'm trying to clear things up in my head in order that I can continue to move forward.

Thanks for your help as ever,

David

Re: Data Protection Act 1998

Just come back from a meeting with solicitors about my council having failed to meet their obligations under the DP act. My solicitors have suggested a way forward would be bring a case under a pre trial disclosure. I was a little surprised as to why this would be used as to taking the case under the appropriate part of the DP Act.

Would welcome some information on the differences between the two.

Second question can you action a combined DP & FOI case?

Regards
Mac

Re: Data Protection Act 1998

Mac.

The person best placed to answer your question would be the solicitor you discussed the matter with as he has access to the specifics of your dispute, however I can offer a general answer as I have recently issued an application for disclosure using both Data Protection Act and Civil Procedure rules pre-action disclosure scheduled for a hearing on Dec 7th.

The DPA provides for you to obtain data which you are the subject, the CPR 31.6 offers wider scope as it provides for the disclosure of documents where the other person or organisation is, or is likely to be a party in future proceedings.

The CPR allows for the disclosure to establish you have a claim or not, however disclosure is not automatic and the applicant has to clearly show that they would have a case against the defendant with a 'real chance of sucess' in the future proceedings and that the documents are material to those proceedings, as opposed to 'fishing' or trying to advance a speculative claim. the applicant also has to show that the defendant has acted unreasonably in not disclosing prior to the application being made, otherwise they will normally be granted their cost

The reason both were used is that if you are entitled to disclosure under both, why not use both? that way the defendant has to successfully argue both points to prevent an order being granted.

Stuart

Re: Data Protection Act 1998

Hi Stuart,

Thanks very much. That I think was the answer I was looking for. Are you doing this through a solicitors?

Keep us updated as would be interested to see how you get on with yours.

Regards
Mac

Re: Data Protection Act 1998

I complained to the ICO about a SAR request not having been met. As part of that I attached the original letter sent. ICO have come back and said that they cannot action it as there is no proof of receipt and wont action until such proof can be provided.

Is this correct.

Regards
Mac

Re: Data Protection Act 1998

Recorded delivery or did you get a proof of posting?
Which bank was it?
What address did you send it to?
Did they respond to the request in anyway?

Re: Data Protection Act 1998

Hi,

My original letter was hand delivered at reception to my council and subsequent letters asking the council to review their failure to reply was not addressed however the council id reply in writing to parts of that letter.

I guess this what I am trying to say is this appears to be a new tactic by ICO to close a case without doing anything about it because previous letters have been accepted without such proof. It does appear that this is one of the tactics used to bring down their waiting lists as all a person (who didnt send such letter by registered post) can do is to rewrite to the authority and then in the case of inaction write to ICO again which will further delay by anything up to 1 year.

I am fortunate in my own case that I also used a solicitor to chase up and that was acknowledged by the council.

Regards
Mac

Re: Data Protection Act 1998

Did they cash the £10?

Re: Data Protection Act 1998

Hi,

My Council do not charge for DP or FOI requests so none that way. As I say they replied to my solicitor so that is an acknowledgment.

I was curious as to what section of DP Act allows for the ICO to ensure that all requests under the DP Act have to be by registered post.

Regards
Mac