Thursday, September 21, 2006

Another infringement of the DPA by Lloyds TSB...

I've just realised that Lloyds has probably just infringed my rights under the DPA again. I made my second request to them at the beginning of August and now - more than 50 days later - they have admitted that they are continuing to search for the information I requested and are trying to provide it.

This is not within the 40-day limit imposed under the DPA and therefore, I suspect they have failed to act according to the Act again.

Not surprising, really.
A trail starts to emergeā€¦

Following my complaint to Lloyds that they hadn't provided me with the full information I requested, I received more information from Lloyds on the 19th.
It was simply a record of one of my initial phone calls to them about the problems I had with my SMS alerts. Not very interesting but it shows the initial steps the Customer Care team took when they heard from me. It also shows they "handed off to Internet" banking.

A letter from the Data Subject Access Request team said they would continue to investigate for more information and get back to me.

I find it interesting that the data trail ends when my complaint was handed over to the Internet Banking team. Firstly, because I'd generally expect that the internet team would be the ones most able to provide the data under the DPA but also because I'd expect the internet banking team to be most aware of the act.

However, it's also interesting because it makes me wonder if they haven't found any data about it because the Internet Banking team never did anything. Maybe they can't find any data because Lloyds could care less about what they had done when they disclosed my personal financial details.

Tuesday, September 12, 2006

Now why didn't I think of this before...

I've just searched on the BBC Website for "Data Protetcion Act" only to discover and even greater wealth of content on the act than I expected. Golly, I sure think that website is the greatest one on the Web ;)

Here's some of the treasures I found:

Simple information on the act for students revising for IT GCSEs: http://www.bbc.co.uk/schools/gcsebitesize/ict/legal/0dataprotectionactrev1.shtml

Questions and Answers about the act:
http://www.bbc.co.uk/webwise/askbruce/articles/security/dataprotection_1.shtml

Friday, September 08, 2006

Some related stuff...

I've done some searching around to see if anyone else is on a similar mission to me and to see who else is concerned about these types of issues. Here's what I found:

Matt is on a similar journey with Orange and has organised an online pledge group to get people to request their personal data.

Tim is trying to get his data from the NHS.

Non-Terminal Boredom and McBlog are both using the DPA to try to get data in cases against their banks regarding overdraft fees.

Rebecca Wong's blogging on the DPA and similar issues is also interesting reading.

Thursday, September 07, 2006

New ICO site...

The Information Commissioner's Office has published a new - much improved - website. Well done!

http://www.dataprotection.gov.uk/
I thought I'd made progress...

A package of documents arrived from LLoyds TSB on September 1st. However, instead of shedding light on the situation, I'm afraid it points to more deception (or incompetence) on their part.

While the documents contained a tremendous amount of interesting detail about me (including that I have a good credit score - PHEW!), they hardly contained any reference to the incident with my financial details being disclosed via SMS.

There was one reference to my initial phone call - but no further information. Strange since I called numerous times and got numerous personal letters from Lloyds about it. There were records of other (less serious) complaints including details of my contacts with the bank, how it was handled and what correspondence was sent.

I suspect Lloyds are trying to cover their tracks on this by withholding the information on it.

Today I spoke to Lloyds Data Subject Access Request team again (to a chap called Graham Hooper who works with Janet Ayers, the woman I originally spoke to). I explained the situation to him, including the fact that I was getting very suspicious, and asked him to try to find the missing information.

I'm also going to be writing to the Information Commissioner's Office to update my file on the matter as they've let me know they're assigning it to a case team for investigation.