A question regarding the data protection act? - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HotUKDeals, you accept our cookie and privacy policy.
Get the HotUKDeals app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

A question regarding the data protection act?

£0.00 @
Scenario: credit card company sends a statement, default notice, in fact any personal/sensitive information that could be used for identity theft. It is sent in a bog standard windowed envelope frank… Read More
Scribbles Avatar
8y, 6m agoPosted 8 years, 6 months ago
Scenario: credit card company sends a statement, default notice, in fact any personal/sensitive information that could be used for identity theft. It is sent in a bog standard windowed envelope franked by the sender, and the envelope is not sealed at all. Is the company in contravention of the DPA?
TIA
Scribbles Avatar
8y, 6m agoPosted 8 years, 6 months ago
Options

All Comments

(14) Jump to unreadPost a comment
Comments/page:
#1
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
The Act works in two ways. Firstly, it states that anyone who processes personal information must comply with eight principles, which make sure that personal information is:
[LIST]
[*]Fairly and lawfully processed
[*]Processed for limited purposes
[*]Adequate, relevant and not excessive
[*]Accurate and up to date
[*]Not kept for longer than is necessary
[*]Processed in line with your rights
[*]Secure
[*]Not transferred to other countries without adequate protection[/LIST]
I guess you could argue it wasn't secure
#2
Thanks, that's what I thought. Any number of people could have seen the contents with no chance of being detected. Completely unacceptable.
#3
Scribbles
Thanks, that's what I thought. Any number of people could have seen the contents with no chance of being detected. Completely unacceptable.


I am not sure what you will gain from complaining. An apology at best.
#4
Maybe the peace of mind of knowing it won't happen again. I've been the victim of identity theft once already, so i'm kinda paranoid about stuff like that lol
#5
statements dont have enuff info to get your bank details or use the card if thats any help, no expiry dates of cvv number or nawt
#6
onlyme23;3457056
statements dont have enuff info to get your bank details or use the card if thats any help, no expiry dates of cvv number or nawt

They have enough information on them to steal an identity.
a) sort code and account number can be used to set up a direct debit
b) statement with false ID. can be used for a number of things especially trying to gain credit.

I may wrong but I'm pretty sure I'm not, be glad to be proved wrong though.
#7
Scribbles
Maybe the peace of mind of knowing it won't happen again. I've been the victim of identity theft once already, so i'm kinda paranoid about stuff like that lol


It won't make it any safer for you, the envelopes are sealed by machine, it happens, they won't change because you quote the D.P.A.

t0mm
They have enough information on them to steal an identity.
a) sort code and account number can be used to set up a direct debit
b) statement with false ID. can be used for a number of things especially trying to gain credit.

I may wrong but I'm pretty sure I'm not, be glad to be proved wrong though.


A credit card statement default notice won't have Bank account numbers on it, even if it did and someone bothered to set up a direct debit, they could only pay a company and not an individual. The money would be returned under the DD guarantee.

A default notice is unlikely to be an acceptable proof of address or identity.
#8
thesaint;3457191
It won't make it any safer for you, the envelopes are sealed by machine, it happens, they won't change because you quote the D.P.A.



A credit card statement default notice won't have Bank account numbers on it, even if it did and someone bothered to set up a direct debit, they could only pay a company and not an individual. The money would be returned under the DD guarantee.

A default notice is unlikely to be an acceptable proof of address or identity.

thanks for clearing it up saint.
#9
t0mm
They have enough information on them to steal an identity.
a) sort code and account number can be used to set up a direct debit
b) statement with false ID. can be used for a number of things especially trying to gain credit.

I may wrong but I'm pretty sure I'm not, be glad to be proved wrong though.


if it were that big a issue dont u think all statements would be sent out recorded delivery instead they come normal post in obviously bank envelopes.. i used to work for credit card customers services there isnt any details on a statement which would pose a risk....

as for using for credit and stuff most things like that req 2 proofs and as far as bank statements go alot of places req 3 months worth

sure identity theft is a issue but statements arent the biggest threat going or everyone would have issues :thumbsup:
#10
thesaint
A credit card statement default notice won't have Bank account numbers on it, even if it did and someone bothered to set up a direct debit, they could only pay a company and not an individual. The money would be returned under the DD guarantee.


True but if somebody got a bank statement with sort code/account they could get a few months listing on ebay for 'free', as an example :whistling:

Likewise if you request somebody pay you by 'BT' you are giving them those details :lol:
#11
Any statement can be used in 'some' of the mobile phone shops to get a contract (or more than one).

They 'should' require 2 proofs of ID, but some will happily do it with 1. I work as a fraud investigator with one of the mobile networks, I see it all the time. . .
#12
I work with the data protection act (DPA) very closely and look at data protection breaches for the bank I work for. It doesn't matter with regards to what you can access from the statement but the DPA covers any personal information from dob, payment history, asset financed, outstanding balances etc. Basically anything I can find out about your account without your knowledge is a breach of data protection as it is the finance company's responsibility to hold that information private.

I know if our place sent out any letters unsealed it would be seen as a breach of data protection, however how serious I wouldn't know as although the letter is unsealed it is clearly addressed to another person and shouldn't be opened by a third party.

Perhaps a word to them should be sufficient as they will no doubt have to look into why this happened. If you mention that this is a breach of data protection on their behalf they will have to raise a risk event to explain to senior management why this has happened and what steps will be taken to ensure it doesn't happen again.
banned#13
Shengis;3458955
True but if somebody got a bank statement with sort code/account they could get a few months listing on ebay for 'free', as an example :whistling:

Likewise if you request somebody pay you by 'BT' you are giving them those details :lol:

every time you hand a cheque over, you give the same details over. I'd be more concerned with who gets hold of your physical credit card even for a few seconds. Still amazes me that some restaurants etc think it is acceptable to disappear with your card when paying the bill.
#14
credit card company sends a statement, default notice, in fact any personal/sensitive information ...


Everyone assumes i'm talking about a statement. I was asking a theoretical question based on actual events, but I can tell you that it was a copy of a Consumer Credit Agreement in my case. It included my signature, credit card application no., previous address and mothers maiden name. Had it been included (luckily it wasn't) it would have had a copy of all debits and credits on my credit card acct also. I have no doubt that those details would leave me open to fraud in the hands of the right person.
Thanks for the info, I will report the matter to the company in question as a formal complaint.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!