Cancelling Permission to Report Financial Details.greenspun.com : LUSENET : Repossession : One Thread
Any news on the Information Commissioner's consideration of the case below?
On July 12th Harry Pearson wrote, in response to a post headed "Credit File":
....The other tack you could take is to snd Sunbank and the credit reference agency a letter stating that: "Any agreement with Sunbank to report your personal financial details is hereby cancelled". They will therefore cease reporting of your Sunbank financial details as defined by European Data Protection Act and UK Data Protection Act laws. Worth a try, my mate sent this letter to Equifax, MCL & Experian. Equifax & MCL immediately complied and deleted all his Abbey national Data. Experian refused and this is now being considered by the I.C.......
Any news on the IC's muses yet?
Two separate questions for you Harry, if you don't mind: might such a retraction work (at least to the extent that it has worked so far with Equifax and MCL) with any standard mortgage agreement? and separately any CCA regulated agreement? And now two pieces of rhetoric: If so then what's stopping all of us from retracting our various permissions and all have our credit files wiped clean? (Hey, this even has the potential to put Equifax and Experian out of business for a while, like that accountant did over electoral rolls!).
-- Darius De La Ronde (DARIUSici@aol.com), September 24, 2002
I asked my mate what was happening to this;
Experian eventually stated that Grabby Nasty were responsible for the reporting of his financial details, and they refused to delete, block, amend or alter the data being reported by Grabby Nasty.
Grabby Nasty in turn refused to cease reporting his mortgage account details to the credit reference agencies.
He's waited 10 months for the Information Commissioner to apply the terms of the DPA regarding cessation of reporting, but the IC have stated that Grabby Nasty are entitled to continue reporting because he agreed & gave his permission with his financial contract with them. My mate has brought to the attention of the IC that under European DPA law he is entitled to withdraw this permission, and he has so retracted his permission. But the IC has simply repeated their decision.
So, my mate has issued a High Court Judicial Review for the IC decision to be considered by a judge.
The IC is now considering their defence to the JR.
I shall provide an update of his situation when itís available.
-- Harry (firstname.lastname@example.org), September 26, 2002.
Thank you for that update, Harry. It just goes to show how ineffective an arbitrator the IC is: afraid to step on the toes of Experian. One senses the negativity on the IC's website (eg in the FAQ's, where the greater emphasis is on what the IC WON'T do rather than on what she WILL).
Would you mind mulling over this; nothing to do with my mortgage, but similar lines to your mate's case.
A year ago I applied for a copy of a regulated loan agreement under S78 of the Consumer Credit Act. I paid the £1 fee, and sent the application by recorded post. The debt-chaser company have acknowledged that the application was received. However a year down the line they still haven't come up with a copy of an agreement. Looks unlikely they ever will. So do you think that if I were to retract any permission that may* exist to report my financial details *(I realise this would have to be carefully worded so as not to admit the existence of an agreement), in similar fashion to your mate, that I might succeed with Experian where he didn't? I'm assuming that in your mate's case Grabby were able to come up with his original written permission to report his details (or at least his acknowledgement that such a document existed); whereas my persecutors seem unable to produce any such document, neither for express nor implied permission from me to report my financial details.
Phew! So would, in your opinion, the outcome with Experian be different from your mate's if the company chasing me were unable to produce evidence of any permission from me?
-- Darius De La Ronde (DARIUSici@aol.com), September 26, 2002.
When my mate made an assessment request to the IC about them continuing to report his personal details, Grabby produced the agreemment as their permission to do so.
So if your loan company can't offer up the agreement, then your request to cease processing does not require anybodies consent.
Go for it.
-- Harry (email@example.com), September 26, 2002.
Here is discussion on "Consent" regarding the 1998 DPA, which is based on the European Directive;
One of the conditions for processing is that the processing is carried on with the consent of the data subject. The existence or validity of consent will need to be assessed in the light of the facts.
Rather surprisingly, "consent" is not defined in the ACT !!
So perhaps the only way to understand what may or may not amount to consent in any particular case one should refer back to the European Directive. This defines "the data subject's consent" as:-
"... any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed."
The fact that the data subject must "signify" their agreement means that there must be some active communication between the parties. Data controllers cannot infer consent from non-response to a communication, for example from a customer's failure to return or respond to a leaflet.
The adequacy of any consent or purported consent must be evaluated. For example, a consent which was later found to have been obtained under duress or on the basis of misleading information would not be a valid basis for processing.
Even when consent has been given it will not necessarily endure forever. While in most cases consent will endure for as long as the processing to which it relates continues, data controllers should recognise that the individual may be able to withdraw their consent.
Consent must be appropriate to the particular circumstances. For example, if the processing to which it relates is intended to continue indefinitely or after the end of a trading relationship then the consent should cover those circumstances.
SENSITIVE PERSONAL DATA
There is a distinction in the Act between the nature of the consent required to satisfy the condition for processing and that which is required in the case of the condition for processing sensitive data. The consent must be "explicit" in the case of sensitive personal data. The use of the word "explicit" suggests that the consent of the data subject should be absolutely clear. In appropriate cases it should cover
the specific detail of the processing, the particular type of data to be processed (or even the specific information), the purposes of the processing and any special aspects of the processing which may affect the individual, for example disclosures which may be made of the data.
So, the level of detail appropriate to a consent will vary. In some cases implied consent may be sufficient. In others nothing less than clear written consent will suffice. A blanket consent to the processing of personal data is unlikely to be sufficient as a basis on which to process personal data, particularly sensitive personal data. The more ambiguous the consent being relied upon by data controllers in any particular case the more likely there are to be questions about its existence or validity.
-- Harry (firstname.lastname@example.org), September 27, 2002.