Results 1 to 13 of 13

Thread: Subject Access Request Data Protection Act - How to get your information.

  • Share
  • Thread Tools
  • Display
  1. #1
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,392
    Mentions
    57 Post(s)

    Default Subject Access Request Data Protection Act - How to get your information.

    The Data Protection Act 1998 came into force on 1 March 2000 and replaced the Data Protection Act 1984. It gives individuals (‘data subjects’) a general right of access to ‘personal data’ (ie personal information) about themselves held by ‘data controllers’ within the United Kingdom. It also lays down principles for the way personal data must be managed.

    The Information Commissioner is responsible for ensuring compliance by public authorities with the Data Protection Act 1998 and the Freedom of Information Act 2000. This may involve monitoring, issuing guidance or taking formal steps to enforce compliance with the acts. The Information Commissioner is a Crown appointment, reporting directly to Parliament.

    SAR (Subject Access Request)
    Right of access to personal data (section 7 of the Act).
    There is a general right of access by a data subject to the personal data held about the data subject by the data controller. The process by which this right is exercised is called a ‘Subject Access Request’ (often abbreviated to SAR). The Act describes how the data controller must respond to such requests when an exemption does not apply. A data controller has 40 calendar days in which to provide the requested data, if no exemption applies.
    Following a subject access request to a data controller by a data subject, and the data controller having failed to comply, the data subject can apply to court, which may support the Request and order the data controller to comply.



    Here is a letter to be used when requesting your personal information from a bank or any company

    Dear Sir/Madam




    ACCOUNT NUMBER(s): xxxxxxxxx (or multiple numbers if more than one account)
    1. I formally request that you forward me a true record of any Data held by your organisation relating to myself for the complete term of the account(s).
    2. I am also aware this request should include any Data held for more than 6 years as under the Data Protection Act there is no time limit for information requested.
    3. If you do not hold Data for a period longer than 6 years I also request confirmation of this in writing along with your methods used for disposal of such information to comply with the Data Protection Act stating the name and contact information of your registered Data Controller and Code Compliance Officer.
    4. Additionally, where there has been any event in my account history over this period which has required manual intervention by any member of your staff, or any other person, I require disclosure of any indication or notes which have either caused or resulted in that manual intervention, or other evidence of that manual intervention in relation to my business with you.If you are unable to supply this data because there has been no such manual intervention, then please be so kind as to confirm this in your writing.
    I enclose the statutory maximum fee of £10. You have 40 days from receipt of this request in which to return to me the information requested , securely and in legible condition.

    If there is specific information which you require in order to satisfy yourself as to my identity, please let me know promptly. However, please note that the above address is the one registered with your organisation and which you have previously found to be acceptable.


    I would be happy to prove my identity or collect any documents at my local branch.


    Yours faithfully,


    (signature)


    (name)
    You can find the correct address https://ico.org.uk/esdwebpages/search
    Last edited by Amethyst; 9th February 2015 at 12:39:PM.

  2. #2
    Amethyst's Avatar

    Site Owner



    Joined
    May 2007
    Posts
    61,254
    Mentions
    1849 Post(s)

    Default Guide to the Data Protection Act & Non Compliance

    The Data Protection act should be quite simple - it basically entitles an INDIVIDUAL to have access to any information directly relating to them, held by a company.

    If you have sent the above letter or similar with the required fee then;


    When you can take further action.

    If you have:

    * Asked your bank/credit company for the information held about you under the Data Protection Act.
    * Paid the fee (if required),
    * Waited for more than 40 days

    and you have not received any response from them, we recommend that you contact them again to find out why using the non compliance letter below

    If their response to your further enquiry is unsatisfactory then you can make a data protection complaint using the data protection complaint form.

    When you send the Information Commissioners Office your form you must also send:

    * a copy of your Subject Acces Request letter,
    * confirmation of when your letter was received, and you cheque/postal order cashed.
    Last edited by Tools; 11th October 2013 at 01:53:AM. Reason: Removed broken links

  3. #3
    Amethyst's Avatar

    Site Owner



    Joined
    May 2007
    Posts
    61,254
    Mentions
    1849 Post(s)

    Default

    Letter for DPA non compliance - when you wish to force compliance through the courts


    Your Name
    Address


    Date


    Banks Data Controller Name
    Address



    Dear Sir / Name

    Section 7 - Data Protection Act Subject Access Request

    Account: xxxxxxxx

    I sent a formal request for information under section 7 of the Data Protection Act, including the maxiumum £10 fee, to XXXXXX Bank on XX/XX/XXXX.

    You will be aware that under the Data Protection Act 1998 you have an obligation to comply fully with my request within 40 days.

    As of XX/XX/XXXX I have not received any/complete information from you.

    If you do not comply fully with my Subject Access Request by XX/XX/XXX {7 days from posting of this letter date} , I shall apply to the County Court for an order to enforce compliance, together with damages at the discretion of the court.


    Yours faithfully,



    [name]






  4. #4
    Amethyst's Avatar

    Site Owner



    Joined
    May 2007
    Posts
    61,254
    Mentions
    1849 Post(s)

    Default

    Letter if you only wish to complain to the ICO for the moment

    Your name
    Your Address

    Date


    Bank Data Controller Name
    Address


    Dear Sir / Name

    Section 7 - Data Protection Act Subject Access Request
    Account: xxxxxxxx

    I sent a formal request for information under section 7 of the Data Protection Act, including the maxiumum £10 fee, to XXXXXX Bank on XX/XX/XXXX.

    You will be aware that under the Data Protection Act 1998 you have an obligation to comply fully with my request within 40 days.

    As of XX/XX/XXXX I have not received any/complete information from you.

    If you do not comply fully with my Subject Access Request by XX/XX/XXX {7 days from posting of this letter date} , I shall enter a complaint to the Information Commissioner.


    Yours faithfully



    NAME



    Complaint to the ICO - Complaint form in PDF available HERE
    This page holds information regarding your entitlement to information specifically related to unfair bank charging LOOK HERE
    Last edited by Tools; 11th October 2013 at 01:52:AM. Reason: Removed broken links

  5. #5
    Amethyst's Avatar

    Site Owner



    Joined
    May 2007
    Posts
    61,254
    Mentions
    1849 Post(s)

    Default

    Another strategy you may employ to obtain your data is to issue a claim against the company through the County Court for non-compliance with your Data Protection Act request.

    Some County Court staff are unused to this type of claim and therefore you must ensure that they do not advise that you file it as a Pre Action Disclosure under CPR Part 31 or a claim under CPR Part 8 as both of these options attract higher court fees.

    It is important to stress therefore, that the Information Commissioner has indicated that these claims are to be treated as Small Claims Track claims .

    Do not let the clerks give you any other forms to complete.
    This claim should be filed using an N1 Claim Form and must be filed at a County Court, MCOL cannot be used.


    Particulars of Claim for DPA non compliance


    1. The Defendant is a Data Controller within the meaning of the Data Protection Act and is responsible for the processing of data of which the Claimant is a Subject.

    2. The Claimant has an account number xxxxxxxx ("the Account") with the Defendant which was opened on or around (date)

    3. On (date) the Claimant sent a Subject Access Request, pursuant to Section 7 of the Data Protection Act 1998 to the Defendant.

    4. The Defendant has failed to comply.

    5. By virtue of the Defendant's failure to comply with the Subject Access Request the Claimant has suffered damage.

    6. The damage caused is:

    Extra costs incurred in addition to court costs, due to the Defendants failure to comply - this includes the cost of additional correspondence and time spent preparing documents and seeking legal advice, I estimate this cost to be £XX (a reasonable cost would be between £25 and £35)

    7. The Claimant seeks an order that the Defendant do comply with the Claimant's Subject Access Request

    8. Under the terms of Section 15(2) of the Data Protection Act 1998, where the Defendant contests that information requested under the Claimant's Subject Access Request is not included within the scope of Section 7 of the Data Protection Act 1998, the Claimant requests that the Court inspects that information, and where it finds that the Defendant's opinion is unfounded, that it orders such information be included within the information supplied to the Claimant under the Subject Access Request.

    9. Damages and costs within the discretion of the Court.

  6. #6
    Amethyst's Avatar

    Site Owner



    Joined
    May 2007
    Posts
    61,254
    Mentions
    1849 Post(s)

    Default

    Other examples of DPA letters used;

    Tools v MBNA ** SETTLED**
    “We may not win by protesting, but if we don’t protest we will lose. If we stand up to them, there is always a chance we will win.” Hetty Bower

    Any advice I provide is given without liability, if you are unsure please seek professional legal guidance.

    Find Solicitors offering fixed fees on our sister site - JustBeagle.com

  7. #7
    Junaid30's Avatar

    Junior Member



    Joined
    Dec 2013
    Posts
    1
    Mentions
    0 Post(s)

    Default Re: Subject Access Request Data Protection Act - How to get your information.

    You certainly know how to keep a reader entertained. I really enjoyed what you had to say.it according to my need and demand.

  8. #8
    Mrweb's Avatar

    Junior Member



    Joined
    Feb 2015
    Posts
    1
    Mentions
    1 Post(s)

    Default Re: Subject Access Request Data Protection Act - How to get your information.

    Quote Originally Posted by Tools View Post
    The Data Protection Act 1998 came into force on 1 March 2000 and replaced the Data Protection Act 1984. It gives individuals (‘data subjects’) a general right of access to ‘personal data’ (ie personal information) about themselves held by ‘data controllers’ within the United Kingdom. It also lays down principles for the way personal data must be managed.

    The Information Commissioner is responsible for ensuring compliance by public authorities with the Data Protection Act 1998 and the Freedom of Information Act 2000. This may involve monitoring, issuing guidance or taking formal steps to enforce compliance with the acts. The Information Commissioner is a Crown appointment, reporting directly to Parliament.

    SAR (Subject Access Request)
    Right of access to personal data (section 7 of the Act).
    There is a general right of access by a data subject to the personal data held about the data subject by the data controller. The process by which this right is exercised is called a ‘Subject Access Request’ (often abbreviated to SAR). The Act describes how the data controller must respond to such requests when an exemption does not apply. A data controller has 40 calendar days in which to provide the requested data, if no exemption applies.
    Following a subject access request to a data controller by a data subject, and the data controller having failed to comply, the data subject can apply to court, which may support the Request and order the data controller to comply.



    Here is a letter to be used when requesting your personal information from a bank or any company



    You will find a list of addresses here

    http://www.legalbeagles.info/forums/showthread.php?t=21
    hi everyone, very helpfull on here to a point, but when I click the link above to access the addresses available for particular banks I'm told I can't access due to lack of privileges, I was informed that this was a free site after only 3 minutes of registering I'm being asked to upgrade? Please help is it me or do I have to pay for certain info

  9. #9
    Kati's Avatar

    LB Team Member



    Joined
    Jun 2014
    Posts
    11,752
    Mentions
    1213 Post(s)

    Default Re: Subject Access Request Data Protection Act - How to get your information.

    I'll see what I can figure out @Mrweb ... it may be a 'broken link' or something

    Rest assured ... access to the site is free, the upgrade to VIP merely affords those users who desire it extra privacy (threads are not searchable online etc...) there is no information that could be needed by most people inaccessible to non-vip's

    Kati x
    Debt is like any other trap, easy enough to get into, but hard enough to get out of.

    It doesn't matter where your journey begins, so long as you begin it...

    recte agens confido

    ~~~~~

    Any advice I provide is given without liability, if you are unsure please seek professional legal guidance.

    I can be emailed if you need my help loading pictures/documents to your thread. My email address is [email protected]
    But please include a link to your thread so I know who you are.

    Specialist advice can be sought via our sister site JustBeagle

  10. #10
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,392
    Mentions
    57 Post(s)

    Default Re: Subject Access Request Data Protection Act - How to get your information.

    That post has been archived as many of the addresses & contact details were outdated. Is there a particular detail you are looking for MrWeb?
    Any opinions I give are my own. Any advice I give is without liability. If you are unsure, please seek qualified legal advice.

    IF WE HAVE HELPED YOU PLEASE CONSIDER UPGRADING TO VIP - click here


  11. #11
    Amethyst's Avatar

    Site Owner



    Joined
    May 2007
    Posts
    61,254
    Mentions
    1849 Post(s)

    Default Re: Subject Access Request Data Protection Act - How to get your information.

    Hi, Yes it is a broken link as the post it pointed to was from 2007 and some of the addresses were obsolete. I'll remove the link and point it to the Data Protection Register as that contains the correct up to date details for each bank for the moment while I sort out a new directory for the informantion.

    https://ico.org.uk/esdwebpages/search

    eg. Lloyds Bank

    Registration Number: Z7107034

    Date Registered: 26 September 2002 Registration Expires: 25 September 2015

    Data Controller: Lloyds Banking Group PLC
    Address:

    The Mound
    Edinburgh
    EH1 1YZ
    “We may not win by protesting, but if we don’t protest we will lose. If we stand up to them, there is always a chance we will win.” Hetty Bower

    Any advice I provide is given without liability, if you are unsure please seek professional legal guidance.

    Find Solicitors offering fixed fees on our sister site - JustBeagle.com

  12. #12
    daytona77's Avatar

    Junior Member



    Joined
    Jun 2016
    Posts
    2
    Mentions
    0 Post(s)

    Default Re: Subject Access Request Data Protection Act - How to get your information.

    Quote Originally Posted by Amethyst View Post
    Another strategy you may employ to obtain your data is to issue a claim against the company through the County Court for non-compliance with your Data Protection Act request.

    Some County Court staff are unused to this type of claim and therefore you must ensure that they do not advise that you file it as a Pre Action Disclosure under CPR Part 31 or a claim under CPR Part 8 as both of these options attract higher court fees.

    It is important to stress therefore, that the Information Commissioner has indicated that these claims are to be treated as Small Claims Track claims .

    Do not let the clerks give you any other forms to complete.
    This claim should be filed using an N1 Claim Form and must be filed at a County Court, MCOL cannot be used.


    Particulars of Claim for DPA non compliance



    The entity that process my data have confirmed to the ICO that they do not hold or process my data. This is in spite of court evidence that proves otherwise.

    I therefore need to make an application to the Court for the matter to be heard and the judge to decide to order my data is yielded by the entity concerned.

    The thread here is from 2007 so has anything changed?

    Is it a straightforward claim lodged with the Court under form N1 at a cost of £280?

    As previously stated here, the court staff seem baffled with " subject access data" so does anyone know of any such cases / cost / which courts please?

    Many thanks

  13. #13
    whiterabbit's Avatar

    Junior Member



    Joined
    Oct 2017
    Posts
    1
    Mentions
    0 Post(s)

    Default Re: Subject Access Request Data Protection Act - How to get your information.

    hey I have 2 questions about this.

    1) I thought you had to give 14 days notice before court action in small claims not 7?
    2) You mention you can claim damages and costs within the discretion of the court. Would this not bring it out of the small claims court and into the more expensive high court? As for example if you lost a tribunal case because of a companies failure to respond to a SAR request and you wanted to claim damages would in this situation it still stay in the small claims or escalate?

    For example in the case of 'Dawson-Damer v Taylor Wessing LLP


    She did the process in the high court as opposed to small claims, why is this?

    see link here: https://www.burges-salmon.com/news-a...urt-of-appeal/

Similar Threads

  1. subject access request
    By molly123 in forum General
    Replies: 3
    : 30th August 2008, 09:55:AM
  2. Replies: 0
    : 27th January 2008, 23:22:PM
  3. Subject Access Request- Joint accounts
    By natweststaffmember in forum RBS / Natwest
    Replies: 10
    : 11th July 2007, 20:57:PM
  4. Replies: 4
    : 21st May 2007, 13:15:PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Contact Us



© Celame (UK) Ltd 2017
LegalBeagles® are DPA Registered No. ZA158014
LegalBeagles® is the trading name of CELAME (UK) LIMITED ( 09220332 )
Registered Address: 25 Moorgate, London, England, EC2R 6AY
VAT registration number 206 9740 02
User Alert System provided by Advanced User Tagging v3.1.3 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Feedback Buttons provided by Advanced Post Thanks / Like (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd. Runs best on HiVelocity Hosting.
Celame (UK) Ltd Powered by vBulletin® Version 4.2.3
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.

To find out more about managing your money and getting free advice, visit the Money Advice Service,an independent service set up to help people manage their money.

TOP