SME ALLIANCE LTD
  • Home
  • About
  • 2023 Campaigns
  • Contact
  • Blog
  • Members Area
  • Join Us
  • APPG Banking
  • NAB Customer Support Group

Subject Access Requests - What Are You Entitled To

7/24/2015

2 Comments

 
I know many of our members have been struggling in the last few weeks with DSAR requests. And even where members have had invaluable help in submitting their requests in the most effective format, there's been no consistency to the replies. While one member managed to get 600 heavily redacted pages and another got 80 pages, one member got a curt letter saying “bugger off” or words to that effect. In any event lack of transparency means no one really knows what they are entitled to! And this is a fundamental issue for SMEs because, in many cases, access to central files would force banks to resolve complaints based on information they hold.

I've been reading the ICO website about DSAR and it's very interesting especially the section for organisations. Under the heading “In brief - what is an individual entitled to?” it very clearly states an individual is entitled to be:
  • “given a copy of the information comprising the data; and given details of the source of the data (where this is available).”

This certainly seems to imply banks have to give customers all their information complete with the source. I was also particularly interested in firms having to comply with Section 1 of the Data Protection Act which is about 'fairness' which includes the following point when dealing with customers:
  • be open and honest about your identity;

  • tell people how you intend to use any personal data you collect about them (unless this is obvious);

  • usually handle their personal data only in ways they would reasonably expect; and

  • above all, not use their information in ways that unjustifiably have a negative effect on them.

In my opinion NOT supplying information does in itself constitute an unjustifiable negative effect! But to make sure I phoned the ICO and I'm happy to say they were completely transparent and very helpful. The lady I spoke to explained that the starting point for firms is “they should release 'all' of your data in order to comply with the data protection act.” So the point above “given a copy of the information comprising the data; and given details of the source of the data (where this is available)” is actually based in legislation and we can rely on it.

As always there are buts. The biggest one being the customer is not entitled to anyone else's data – except where that person is working in a professional capacity with your data. The example I was given is: if you're working in an office and the person sitting at the next desk makes a complaint against you, you won't necessarily be entitled to see data relating to that person. However if your manager, working in his/her professional capacity, makes a complaint about you then you would be able to see their data on this subject. Therefore it is perfectly reasonable for you to be given data or documents relating to you even if they contain comments or information about your account supplied by your RM or anyone working on your account in a professional capacity. Which makes me wonder if you/we are also entitled to information from IPs, lawyers or accountants?

There are various exemptions to firms supplying information but, as far as I can see from the ICO website, these mostly relate to tax issues or crimes. In any event if the bank is going to rely on an exemption they should identify what it is.

The lady at the ICO suggests any member not satisfied with the information received after a DSAR request should:
  • Write back to their bank explaining they are not satisfied that the full amount of information available has been supplied and asking why information has been held back?

  • If the bank still won't give you your data/information, you can 'Report a concern' to the ICO and they will asses whether or not the bank has legitimately withheld information and, if it's not a legitimate reason under the data protection act, the ICO can ask them to release data. They are a regulator and it sounds as if they actually do what it says on the tin!
I know one of our members recently received some (not much) data under a DSAR which made absolutely no sense because all dates and references had been removed. I forgot to ask my contact if banks can do this – supply useless information? So I called back and a new contact explained that Section 7.1.c of the data protection act states “data must be communicated to him [customer] in an intelligible form. http://www.legislation.gov.uk/ukpga/1998/29/section/7

Here's a link to the ICO https://ico.org.uk/

If any members do decide to 'report a concern' please mention you are a member of SME Alliance Ltd as I have already told them several members have concerns but, for the time being we're not reporting as an organisation (data protection issues). Also please bear in mind the ICO will only deal with your concerns where you have reached an impasse with the bank and where you contact the ICO within 3 months of that impasse. So I suggest anyone who sent a DSAR a while back and is unhappy with what they received, should write to their bank again with a new DSAR request and using the information above to explain you now understand there are things you are entitled to which you feel you have been denied. If the bank don't reply in the appropriate time scale or if they reply still refusing access – then report a concern to the ICO. They are very helpful people!

Hope this helps!!
2 Comments

Clive May - North Wales Police Investigating RBS For EFG Loan Abuse

7/16/2015

1 Comment

 
Picture
1 Comment

    Archives

    November 2021
    January 2021
    April 2020
    December 2019
    November 2019
    October 2019
    July 2019
    June 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    March 2016
    February 2016
    January 2016
    November 2015
    October 2015
    September 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014

    RSS Feed

Terms and Conditions
Privacy Policy
Web Design By: Laura Maria Photography & Design
  • Home
  • About
  • 2023 Campaigns
  • Contact
  • Blog
  • Members Area
  • Join Us
  • APPG Banking
  • NAB Customer Support Group