At work tonight I was having a discussion with a few mates and thought I'd throw it open to you guys.

One of them is going through a messy relationship breakdown. He's moved out of the 'marital' home while it's all being dealt with.

Just before he moved out he had a parking ticket and the fine came through the door which he was planning on getting around to paying, although with his personal problems he didn't get around to doing so, so they sent him an increased fine of £90 for not paying it within 14 days.

This isn't the issue by the way.

Whilst he's estranged from his ex, he doesn't want her knowing anything about his affairs, however when the 2nd demand came through the door (his vehicle is still registered at that address) she opened it and phoned the company to find out more details of any other fines he has outstanding (he has 3).

Apparently she told them she was willing to pay them all with her credit card so the parking company told her exactly how much he owed.

She then ended the call without paying a penny and now knows about his situation which he is not happy about.

The question is, has the parking company broken the DPA?

They aren't married and he's never given her permission to speak to them on his behalf. He's furious that she was able to get this information on the pretence that she would pay it. When he phoned them to complain, all they said was "most people would be grateful to have someone offer to pay their bills".

The question is, has the parking company broken the DPA?

I believe that yes, they have, especially since any data regarding:


"(g) the commission or alleged commission by him of any offence, or

" (h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings."

... is classed as "sensitive personal data".

(Edit: Although I'm not sure if that's only *criminal* offences, as opposed to civil offences, ie parking fines)

http://www.opsi.gov.uk/acts/acts1998/80029--a.htm#2

Possibly more important, however, his ex-partner has, I believe, committed a criminal offence by opening post that was not addressed to her and without the consent of the addressee.

..."most people would be grateful to have someone offer to pay their bills".some people are thick! since when did an offer to pay the bills be something he should be greatful of! obviously the person at the fine company is stupid.

I believe that yes, they have, especially since any data regarding:

<snip>

Possibly more important, however, his ex-partner has, I believe, committed a criminal offence by opening post that was not addressed to her and without the consent of the addressee.

Both exactly what I was going to say. there's some old law about interferring with the Queen's Mail or something like that.

Whilst they are in breach of the DPA, there's not really any real harm done (after all, she paid his fine for him) - but it should warrant to sternly worded letter to the Data Protection Officer at the company called and demanding a full report as to why procedures were not met and what they will be doing to ensure they are met in future.

Read the first post again - the fines wern't paid.

Yep, that's a DPA breach, what he needs to do is to write to the data protection officer in the company and state clearly what happened and why it breached the DPA i.e. discussed personal financial details with a non-authorised person.

I can understand why it happened as payment of the fine is probably what the person on the end of the phone is there to take.

She's on very shaky grounds as it could be noted by the company that she promised to pay but then didn't because all she really wanted was the outstanding fines value.

Tell him to drop it on the company via letter, tell him to let the company know that they have 14 days to resolve this in a satisfactory manner or it goes to the DPA registrar (prob at the council)

At work tonight I was having a discussion with a few mates and thought I'd throw it open to you guys.

One of them is going through a messy relationship breakdown. He's moved out of the 'marital' home while it's all being dealt with.

Just before he moved out he had a parking ticket and the fine came through the door which he was planning on getting around to paying, although with his personal problems he didn't get around to doing so, so they sent him an increased fine of £90 for not paying it within 14 days.

This isn't the issue by the way.

Whilst he's estranged from his ex, he doesn't want her knowing anything about his affairs, however when the 2nd demand came through the door (his vehicle is still registered at that address) she opened it and phoned the company to find out more details of any other fines he has outstanding (he has 3).

Apparently she told them she was willing to pay them all with her credit card so the parking company told her exactly how much he owed.

She then ended the call without paying a penny and now knows about his situation which he is not happy about.

The question is, has the parking company broken the DPA?

They aren't married and he's never given her permission to speak to them on his behalf. He's furious that she was able to get this information on the pretence that she would pay it. When he phoned them to complain, all they said was "most people would be grateful to have someone offer to pay their bills".


Yes they have breached the data protection act if you pass him on to the information commissioner they can enforce they breach

http://www.informationcommissioner.gov.uk/

OK thanks everyone, I'll pass all this information on to him :)

Read the first post again - the fines wern't paid.

Ah sorry, that's what happens when I post just after waking up!

The rest of my reply seems to be correct though!

Exactly - a comparable situation I can think of is that I can pay Mrs Hs credit card bill, phone the company up, give them the card number and the balance I would like to pay. However if I ask them to take the entire balance or the minimum payment they cannot do that, they can only take a value specified by me as doing anything else would be breaching the DPA. Me paying them money is not a transaction that results in any personal information about the account holder flowing in my direction, the other actions do.

Yep, that's a DPA breach, what he needs to do is to write to the data protection officer in the company and state clearly what happened and why it breached the DPA i.e. discussed personal financial details with a non-authorised person.

I can understand why it happened as payment of the fine is probably what the person on the end of the phone is there to take.

She's on very shaky grounds as it could be noted by the company that she promised to pay but then didn't because all she really wanted was the outstanding fines value.

Tell him to drop it on the company via letter, tell him to let the company know that they have 14 days to resolve this in a satisfactory manner or it goes to the DPA registrar (prob at the council)

I had an issue where an ex-girlfriend went to work for 2 weeks at the callcenter at the same bank as my accounts are held, when she dumped me she asked me questions about my bank account and a large transfer I had made.

I spoke to my account manager and wrote to them, they were however unwilling to take any action because no loss had resulted. I was worried because it became clear the ex-gf had told me many lies about her personal situation, and appeared to be using many different names.

Some companies are quite willing to use the DPA (such as ntl) to be awkward when not needed, and others are not interested in a fuss when it is breached with possible intent.

How could she access your account without you providing authentication? Sounds like they are in breach of the DPA anyway. Certainly the access she was granted was in excess of necessary to do her job.

Most definitely is in breach of DPA... and the woman, as already pointed out, broke the law by intefering with the mail (isn't that what Gary Glitter is being done for too :disturbd: ).

Sadly some employers don't take the DPA very seriously... fortunately, mine does - even to the extent that we won't allow call centre staff to take their mobiles anywhere near their desks. We have very serious penalties for anyone found in breach of the DPA and have been known for terminating employees (not just the employee's contract :sniper: ) where we've caught people doing dodgy stuff.

How could she access your account without you providing authentication? Sounds like they are in breach of the DPA anyway. Certainly the access she was granted was in excess of necessary to do her job.

She had taken a job with the bank, only worked there for 2 weeks and looked at my account in that time. The bank confirmed an employee from the callcentre had accessed my account records, but apparently it was not her but another employee who had looked at the system.

never got to the bottom of it, but I guess she had used someone elses Login.