Results 1 to 5 of 5

Thread: Subject Access Request Data Protection Act - How to get your information.

  • Share
  • Thread Tools
  • Display
  1. #1
    Tools's Avatar

    Site Admin



    Joined
    May 2007
    Posts
    8,392
    Mentions
    57 Post(s)

    Default Subject Access Request Data Protection Act - How to get your information.

    The Data Protection Act 1998 came into force on 1 March 2000 and replaced the Data Protection Act 1984. It gives individuals (‘data subjects’) a general right of access to ‘personal data’ (ie personal information) about themselves held by ‘data controllers’ within the United Kingdom. It also lays down principles for the way personal data must be managed.

    The Information Commissioner is responsible for ensuring compliance by public authorities with the Data Protection Act 1998 and the Freedom of Information Act 2000. This may involve monitoring, issuing guidance or taking formal steps to enforce compliance with the acts. The Information Commissioner is a Crown appointment, reporting directly to Parliament.

    SAR (Subject Access Request)
    Right of access to personal data (section 7 of the Act).
    There is a general right of access by a data subject to the personal data held about the data subject by the data controller. The process by which this right is exercised is called a ‘Subject Access Request’ (often abbreviated to SAR). The Act describes how the data controller must respond to such requests when an exemption does not apply. A data controller has 40 calendar days in which to provide the requested data, if no exemption applies.
    Following a subject access request to a data controller by a data subject, and the data controller having failed to comply, the data subject can apply to court, which may support the Request and order the data controller to comply.



    Here is a letter to be used when requesting your personal information from a bank or any company

    Dear Sir/Madam

    SAR (Subject Access Request)
    FULL NAME : FULL ADDRESS : POSTCODE
    Any past names/addresses

    Account numbers (if you know them)


    1. I formally request that you forward me a true record of any Data held by your organisation relating to myself for any and all accounts held currently or in the past with your company. This should include, but not be limited to all transaction lists, agreements
    2. This request should include any Data held for more than 6 years as under the Data Protection Act there is no time limit for information requested.
    3. If you do not hold Data for a period longer than 6 years I also request confirmation of this in writing along with your methods used for disposal of such information to comply with the Data Protection Act stating the name and contact information of your registered Data Controller and Code Compliance Officer.

    I enclose the statutory maximum fee of £10. You have 40 days from receipt of this request in which to return to me the information requested , securely and in legible condition.

    Please note that the above address is the one registered with your organisation and which you have previously found to be acceptable.


    Yours faithfully,


    (signature)


    (name)
    You will find a list of addresses here

    http://www.legalbeagles.info/forums/showthread.php?t=21
    Last edited by Amethyst; 10th May 2009 at 09:18:AM. Reason: Updating

  2. #2
    Amethyst's Avatar

    Site Owner



    Joined
    May 2007
    Posts
    61,261
    Mentions
    1852 Post(s)

    Default Guide to the Data Protection Act & Non Compliance

    The Data Protection act should be quite simple - it basically entitles an INDIVIDUAL to have access to any information directly relating to them, held by a company.

    If you have sent the above letter or similar with the required fee then;


    When you can take further action.

    If you have:

    * Asked your bank/credit company for the information held about you under the Data Protection Act.
    * Paid the fee (if required),
    * Waited for more than 40 days

    and you have not received any response from them, we recommend that you contact them again to find out why using the non compliance letter below

    If their response to your further enquiry is unsatisfactory then you can make a data protection complaint using the data protection complaint form.

    When you send the Information Commissioners Office your form you must also send:

    * a copy of your Subject Acces Request letter,
    * confirmation of when your letter was received, and you cheque/postal order cashed.
    Last edited by Amethyst; 19th July 2008 at 08:31:AM.

  3. #3
    Amethyst's Avatar

    Site Owner



    Joined
    May 2007
    Posts
    61,261
    Mentions
    1852 Post(s)

    Default

    Letter for DPA non compliance - when you wish to force compliance through the courts


    Your Name
    Address


    Date


    Banks Data Controller Name
    Address



    Dear Sir / Name

    Section 7 - Data Protection Act Subject Access Request

    Account: xxxxxxxx

    I sent a formal request for information under section 7 of the Data Protection Act, including the maxiumum £10 fee, to XXXXXX Bank on XX/XX/XXXX.

    You will be aware that under the Data Protection Act 1998 you have an obligation to comply fully with my request within 40 days.

    As of XX/XX/XXXX I have not received any/complete information from you.

    If you do not comply fully with my Subject Access Request by XX/XX/XXX {7 days from posting of this letter date} , I shall apply to the County Court for an order to enforce compliance, together with damages at the discretion of the court.


    Yours faithfully,



    [name]





    Last edited by Amethyst; 13th March 2009 at 11:01:AM.

  4. #4
    Amethyst's Avatar

    Site Owner



    Joined
    May 2007
    Posts
    61,261
    Mentions
    1852 Post(s)

    Default

    Letter if you only wish to complain to the ICO for the moment

    Your name
    Your Address

    Date



    Bank Data Controller Name
    Address



    Dear Sir / Name

    Section 7 - Data Protection Act Subject Access Request
    Account: xxxxxxxx

    I sent a formal request for information under section 7 of the Data Protection Act, including the maxiumum £10 fee, to XXXXXX Bank on XX/XX/XXXX.

    You will be aware that under the Data Protection Act 1998 you have an obligation to comply fully with my request within 40 days.

    As of XX/XX/XXXX I have not received any/complete information from you.

    If you do not comply fully with my Subject Access Request by XX/XX/XXX {7 days from posting of this letter date} , I shall enter a complaint to the Information Commissioner.


    Yours sincerely/faithfully



    NAME



    Complaint to the ICO - Complaint form in PDF available HERE
    This page holds information regarding your entitlement to information specifically related to unfair bank charging LOOK HERE
    Last edited by Tools; 11th October 2013 at 01:45:AM. Reason: Removed broken links

  5. #5
    Amethyst's Avatar

    Site Owner



    Joined
    May 2007
    Posts
    61,261
    Mentions
    1852 Post(s)

    Default

    Another strategy you may employ to obtain your data is to issue a claim against the company through the County Court for non-compliance with your Data Protection Act request.

    Some County Court staff are unused to this type of claim and therefore you must ensure that they do not advise that you file it as a Pre Action Disclosure under CPR Part 31 or a claim under CPR Part 8 as both of these options attract higher court fees.

    It is important to stress therefore, that the Information Commissioner has indicated that these claims are to be treated as Small Claims Track claims .

    Do not let the clerks give you any other forms to complete.
    This claim should be filed using an N1 Claim Form and must be filed at a County Court, MCOL cannot be used.


    Particulars of Claim for DPA non compliance


    1. The Defendant is a Data Controller within the meaning of the Data Protection Act and is responsible for the processing of data of which the Claimant is a Subject.

    2. The Claimant has an account number xxxxxxxx ("the Account") with the Defendant which was opened on or around xx/xx/xxxx(date)

    3. On xx/xx/xxxx(date) the Claimant sent a Subject Access Request, pursuant to Section 7 of the Data Protection Act 1998 to the Defendant.

    4. The Defendant has failed to comply.

    5. By virtue of the Defendant's failure to comply with the Subject Access Request the Claimant has suffered damage.

    6. The damage caused is:

    Extra costs incurred in addition to court costs, due to the Defendants failure to comply - this includes the cost of additional correspondence and time spent preparing documents and seeking legal advice, I estimate this cost to be £XX (a reasonable cost would be between £25 and £35)

    7. The Claimant seeks an order that the Defendant do comply with the Claimant's Subject Access Request

    8. Under the terms of Section 15(2) of the Data Protection Act 1998, where the Defendant contests that information requested under the Claimant's Subject Access Request is not included within the scope of Section 7 of the Data Protection Act 1998, the Claimant requests that the Court inspects that information, and where it finds that the Defendant's opinion is unfounded, that it orders such information be included within the information supplied to the Claimant under the Subject Access Request.

    9. Damages and costs within the discretion of the Court.
    Last edited by Tools; 13th March 2009 at 12:52:PM.

Similar Threads

  1. Replies: 0
    : 27th January 2008, 23:22:PM
  2. Subject Access Request- Joint accounts
    By natweststaffmember in forum RBS / Natwest
    Replies: 10
    : 11th July 2007, 20:57:PM
  3. Replies: 11
    : 5th July 2007, 16:42:PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Contact Us



© Celame (UK) Ltd 2017
LegalBeagles® are DPA Registered No. ZA158014
LegalBeagles® is the trading name of CELAME (UK) LIMITED ( 09220332 )
Registered Address: 25 Moorgate, London, England, EC2R 6AY
VAT registration number 206 9740 02
User Alert System provided by Advanced User Tagging v3.1.3 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Feedback Buttons provided by Advanced Post Thanks / Like (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd. Runs best on HiVelocity Hosting.
Celame (UK) Ltd Powered by vBulletin® Version 4.2.3
Copyright © 2017 vBulletin Solutions, Inc. All rights reserved.

To find out more about managing your money and getting free advice, visit the Money Advice Service,an independent service set up to help people manage their money.

TOP