Santander admitted breach of Data Protection Act

**Eloise01** · 2nd July 2013, 05:02:AM

Re: Santander admitted breach of Data Protection Act

I think you need to be careful here, because the strictly legal answer to how much compensation you should get is "none". Breaches of the DPA may be subject to a fine from the ICO - but the subject of that breach is not entitled to see a penny of it. There is no quantifiable loss here (time off work, etc.), and a court case for "upset" and "distress" may be unlikely to succeed, could be costly (to say nothing of very stressful) and could take years!

I would suggest that you put your argument in writing to the CEO of Santander - they may be willing to increase their offer to you, but equally you need to be realistic and not expect it to increase by a lot.

**charitynjw** · 2nd July 2013, 08:54:AM

Re: Santander admitted breach of Data Protection Act

I agree with Eloise1.

With the best will in the world, mistakes can happen.

I would imagine that the ICO, while treating your complaint seriously, would be looking to see if there was a problem with Santander's data storage & handling system.

You are perfectly within your rights to start your own claim against them, but is it worth it?

If it were me, I would probably avoid the stress & negotiate some compo with them. (Santander)

The advice re the CEO seems good to me

**bluebottle** · 2nd July 2013, 09:02:AM

Re: Santander admitted breach of Data Protection Act

I am a Santander customer and shareholder. I do know that Santander have outsourced the printing and despatch of statements to a third party company. They admitted this to me when I hauled them over the coals over something similar. It sounds like the third-party company is at fault, but it is down to Santander to ensure these sort of foul-ups do not happen and, ultimately, Santander who get it in the neck from the ICO.

**enquirer** · 2nd July 2013, 09:15:AM

Re: Santander admitted breach of Data Protection Act

Originally posted by Ladyami View Post

Santander have admitted outright to me that they have broken the 1998 Data Protection Act by sending out a copy of my Santander bank statement to a third party [....] I have taken advice from the ICO, who are quite willing to assist me in this matter and take action against Santander.

Accept the offer by ICO.

My question is just how much compensation should a customer expect to receive for breach of the Data Protection Act, given the fact that I am disabled with a rare heart condition and that the upset and distress the disclosure caused set my angina off 'big time' and I had to have full bed rest for upwards of 10 days (on & off) following the breach.

Firstly, the court will take into account the fact that Santander has made an offer, so you need to be careful, lest your motivation be called into question. Secondly, you will need to convince the court that what you say is true.

As Eloise01 has pointed out, you are not actually entitled to anything. You have to show that you have suffered some form of loss as a result of their action or inaction.

**Eloise01** · 2nd July 2013, 09:19:AM

Re: Santander admitted breach of Data Protection Act

I think you need to be very careful about what the ICO has promised - I very much doubt that their "support" extends to supporting the OP in any proceedings for compensation because this would be outside their jurisdiction. The ICO actually state "distress alone will not usually be sufficient to entitle an individual to compensation (unless the processing was for the purposes of journalism, literature or art)." - http://www.ico.org.uk/for_organisati...6/compensation

**wales01man** · 2nd July 2013, 09:25:AM

Re: Santander admitted breach of Data Protection Act

I like most people receiving a bank statement of someone elses account would probablly glance at it return it or destroy it,does the OP think the receipient used the info on the statement for some sinister reason?on the subject of compo what do they expect?hundred quid seems a good deal.One has to wonder how many times statements have been received by the wrong person not only due to error by santander or other banks is a hundred quid justified everytime after all we have all no doubt received someone elses correctly addressed mail in the wrong letter box

**enquirer** · 2nd July 2013, 18:46:PM

Re: Santander admitted breach of Data Protection Act

Originally posted by Eloise01 View Post

I think you need to be very careful about what the ICO has promised - I very much doubt that their "support" extends to supporting the OP in any proceedings for compensation because this would be outside their jurisdiction.

Agreed.

Although ICO may prosecute or reprimand Santander, I certainly don't see them assisting the OP with a compensation claim.

**Ladyami** · 2nd July 2013, 22:06:PM

Re: Santander admitted breach of Data Protection Act

When I say 'third party' I mean Santander sent a copy of my account details , that's all money in and out and how much I have or do not have a certain times in the month .........everything about my account in fact was copied to my husband and I received nothing !!!! this may not seem much to some of you but surely I have the right to keep certain financial affairs to myself , we both have single accounts at different banks as well as a joint account, joint savings account and a joint household running account. I have never given permission for santander to send a copy of my single account to my husband as its used for special items.

I look at it this way if I was a unscrupulousness married person who was having an affair , dodging paying for household items by saying I had less money than I had or thinking of divorcing my other half and wanted to keep my money safe and quiet ( I know people who have done this ) then how would I now feel knowing that my bank could at any time 'slip up' and send everything I don't want my other half to know to them .
The reason they gave was that at some point the single account WAS a joint account , er excuse me , that was over 9 years ago and it has clearly been just my account since then .

**charitynjw** · 2nd July 2013, 23:16:PM

Re: Santander admitted breach of Data Protection Act

Originally posted by Ladyami View Post

When I say 'third party' I mean Santander sent a copy of my account details , that's all money in and out and how much I have or do not have a certain times in the month .........everything about my account in fact was copied to my husband and I received nothing !!!! this may not seem much to some of you but surely I have the right to keep certain financial affairs to myself , we both have single accounts at different banks as well as a joint account, joint savings account and a joint household running account. I have never given permission for santander to send a copy of my single account to my husband as its used for special items.

I look at it this way if I was a unscrupulousness married person who was having an affair , dodging paying for household items by saying I had less money than I had or thinking of divorcing my other half and wanted to keep my money safe and quiet ( I know people who have done this ) then how would I now feel knowing that my bank could at any time 'slip up' and send everything I don't want my other half to know to them .
The reason they gave was that at some point the single account WAS a joint account , er excuse me , that was over 9 years ago and it has clearly been just my account since then .

Hi Ladyami,

Apologies if I misled you.

What I meant to say, in my usual hamfisted way, is that the ICO will not award compensation.

http://www.ico.org.uk/complaints/handling

As you can see from the above link, they may assist you if you should decide to go to court.

**Eloise01** · 3rd July 2013, 04:59:AM

Re: Santander admitted breach of Data Protection Act

Originally posted by Ladyami View Post

When I say 'third party' I mean Santander sent a copy of my account details , that's all money in and out and how much I have or do not have a certain times in the month .........everything about my account in fact was copied to my husband and I received nothing !!!! this may not seem much to some of you but surely I have the right to keep certain financial affairs to myself , we both have single accounts at different banks as well as a joint account, joint savings account and a joint household running account. I have never given permission for santander to send a copy of my single account to my husband as its used for special items.

I look at it this way if I was a unscrupulousness married person who was having an affair , dodging paying for household items by saying I had less money than I had or thinking of divorcing my other half and wanted to keep my money safe and quiet ( I know people who have done this ) then how would I now feel knowing that my bank could at any time 'slip up' and send everything I don't want my other half to know to them .
The reason they gave was that at some point the single account WAS a joint account , er excuse me , that was over 9 years ago and it has clearly been just my account since then .

I think you are misunderstanding the basis of advice given. It is irrelevant whether we think much of it or not. You asked how much compensation you should expect for a breach under the DPA. The answer to that is that you should not expect any. The ICO neither deal with nor support claims for compensation. As a separate issue - courts rarely uphold claims for compensation for distress alone and they will certainly not entertain "what if" claims.

The answers to your question are not relevant to what we or the law think about what your rights may be - or what you think they ought to be.

I do not know why chaitynjw is contradicting that advice - the link she provided does not confirm that the ICO may assist you in a court claim, and in fact they will not. If you wish to make a legal claim you will have to fund that action yourself. A decision of the ICO that the DPA has been breached would support the evidence for such a claim - but it will not change the fact that a court requires evidence of quantifiable loss incurred and not simply distress, and you have none.

**Inca** · 3rd July 2013, 06:02:AM

Re: Santander admitted breach of Data Protection Act

I'm more confused as to why it's such an issue that the husband saw the statement...mistakes happen now and then,,we received a page of a strangers bank account and just sent it back to the bank.

Of course nowadays there is no need to receive statements at all.with the advent of online banking which is only accessible via passwords although I will say my OH knows all mine and I know all his..no secrets..no fretting that he might see something I don't want him to know about and vice versa.
As for compensation.......I'd take the offer and be satisfied....it was a mistake and we all make them

**wales01man** · 3rd July 2013, 08:06:AM

Re: Santander admitted breach of Data Protection Act

Im with you there INCA seems like there may not be a lot of trust in the OPs relationship as a couple we know everthing and if my wife asks how much we have i tell her,my passwords for emails and other online accounts are known to my sons the pin numbers my wife knows if she got the santander statement of mine would i try for compo NO .If the OP is so keen on pursuing a claim get a solicitor take it to court and try,have a feeling that wont happen take the money before they change the offer

**charitynjw** · 3rd July 2013, 08:11:AM

Re: Santander admitted breach of Data Protection Act

Originally posted by Eloise01 View Post

I think you are misunderstanding the basis of advice given. It is irrelevant whether we think much of it or not. You asked how much compensation you should expect for a breach under the DPA. The answer to that is that you should not expect any. The ICO neither deal with nor support claims for compensation. As a separate issue - courts rarely uphold claims for compensation for distress alone and they will certainly not entertain "what if" claims.

The answers to your question are not relevant to what we or the law think about what your rights may be - or what you think they ought to be.

I do not know why chaitynjw is contradicting that advice - the link she provided does not confirm that the ICO may assist you in a court claim, and in fact they will not. If you wish to make a legal claim you will have to fund that action yourself. A decision of the ICO that the DPA has been breached would support the evidence for such a claim - but it will not change the fact that a court requires evidence of quantifiable loss incurred and not simply distress, and you have none.

Hi Ladyami & Eloise1,

I can't see a contradiction - the ICO, on request & being satisfied re the requesting person's identity, can carry out a 'compliance assessment' as per s42 of the Data Protection Act.

http://www.legislation.gov.uk/ukpga/1998/29/section/42

**Eloise01** · 3rd July 2013, 08:51:AM

Re: Santander admitted breach of Data Protection Act

Originally posted by charitynjw View Post

Hi Ladyami & Eloise1,

I can't see a contradiction - the ICO, on request & being satisfied re the requesting person's identity, can carry out a 'compliance assessment' as per s42 of the Data Protection Act.

http://www.legislation.gov.uk/ukpga/1998/29/section/42

They can indeed - and as per thier jurisdiction they can determine that an organisation is not in compliance. That may be evidence that could be used in a court case - it it not support and it is not assistance if you decide to go to court. It is nothing but evidence. The evidence may prove that a breach occurred. It has nothing to do with a claim for compensation, and it is not a recommendation to the court in that matter. You said that the link suggested that the ICO " may assist you if you should decide to go to court". The link you have pasted does not say that; the ICO will not; and the link that I pasted previously states that fact categorically. That seems to be a contradiction?

Santander admitted breach of Data Protection Act

Santander admitted breach of Data Protection Act

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Announcement

Court Claim ?