Help - Search - Members - Calendar
Full Version: Are you happy your personal data is available Worldwide
FightBack Forums > Queries > Speeding and other Criminal Offences
TomP
General Interest is "Locked" therfeore herewith

Are any of you concerned that your Bank or Insurance Company is allowing companies outside the UK Legal Umbrella access to your personal data?
Think about it HSBC, Lloyds TSB, Norwich Union and many others have overseas Branches, are sub contacting out their Customer Services to call Centres in the Far East Australiasia and Eastern Europe who is going to police this and could your identity be stolen?


Its one way also of trying to get rid of those useless overseas call centres and such like. It has been reported recently that one of Lloyds TSB customers is taking them to Court over Personal Data being made available to overseas subcontracted call centres!

I am now in the process of evoking Section 10 of the Data Protection act which is quoted as follows and it has caught a few of them on the hop, remember also that the Banks own Conditions cannot over rule British Law: -

Right to prevent processing likely to cause damage or distress.

10. - (1) Subject to subsection (2), an individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject, on the ground that, for specified reasons-
(a) the processing of those data or their processing for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another, and
(B) that damage or distress is or would be unwarranted.
(2) Subsection (1) does not apply-
(a) in a case where any of the conditions in paragraphs 1 to 4 of Schedule 2 is met, or
(B) in such other cases as may be prescribed by the Secretary of State by order.
(3) The data controller must within twenty-one days of receiving a notice under subsection (1) ("the data subject notice") give the individual who gave it a written notice-
(a) stating that he has complied or intends to comply with the data subject notice, or
(B) stating his reasons for regarding the data subject notice as to any extent unjustified and the extent (if any) to which he has complied or intends to comply with it.
(4) If a court is satisfied, on the application of any person who has given a notice under subsection (1) which appears to the court to be justified (or to be justified to any extent), that the data controller in question has failed to comply with the notice, the court may order him to take such steps for complying with the notice (or for complying with it to that extent) as the court thinks fit.
(5) The failure by a data subject to exercise the right conferred by subsection (1) or section 11(1) does not affect any other right conferred on him by this Part.
Right to prevent processing for purposes of direct marketing. 11. - (1) An individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing for the purposes of direct marketing personal data in respect of which he is the data subject.
(2) If the court is satisfied, on the application of any person who has given a notice under subsection (1), that the data controller has failed to comply with the notice, the court may order him to take such steps for complying with the notice as the court thinks fit.
(3) In this section "direct marketing" means the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals.


Go for it you lot

Tomp
Tamara-D
This is very interesting indeed! Not only is there an issue with data being available worldwide but how that data was transferred. It is illegal to transfer data either directly or indirectly to any country with the following exceptions:

QUOTE
The effect of such a decision is that personal data can flow from the 25 EU member states and three EEA member countries (Norway, Liechtenstein and Iceland) to that third country without any further safeguard being necessary. The Commission has so far recognized Switzerland, Canada, Argentina, Guernsey, Isle of Man, the US Department of Commerce's Safe harbor Privacy Principles, and the transfer of Air Passenger Name Record to the United States' Bureau of Customs and Border Protection as providing adequate protection.


I am currently trawling through the information commissioners website, but if anyone can point me directly to where it states that processing data from the UK is illegal in any country not listed above, it would be very much appreciated.

Also, having previously been a data controller, I was aware that for example, any data from Spain had to remain on Spanish soil. So I would also be interested in finding the information relating to multinational companies and the transfer or processing of UK data in a foreign branch that is in a country not exempt.
g_attrill
QUOTE (Tamara-D)
I am currently trawling through the information commissioners website, but if anyone can point me directly to where it states that processing data from the UK is illegal in any country not listed above, it would be very much appreciated.

The Eighth Principle:

http://www.hmso.gov.uk/acts/acts1998/80029...--l.htm#sch1ptI
Bluedart
That is very interesting, concerning the Data Protection Act.

I have so many strings to my bow, I am now begining to get a little bit embarrassed. Only a little bit.

Question:- If the talivan is parked up, clocking motorists for exceding the limit, and then they use that video to provide evidence for another purpose, is that in contravention of The Data Protection Act. I wonder!

Hurry with your answers, I am in court on 4th Nov


Peter, xxx's for you
Tamara-D
QUOTE (g_attrill)

That does not make it illegal, it just sets out the guidelines that have to be met:

QUOTE
7.1 Even if a country has not been designated as adequate by the European Commission, a data controller can nevertheless come to its own conclusion that the country provides an adequate level of protection for a particular transfer or set of transfers. The Act indicates the sort of factors the data controller should take into account in reaching such a decision. These relate to the nature of the data being transferred, how they will be used and the laws and practices of the country to which they are being transferred. It implies some form of risk assessment. The data controller, must decide whether, in all the circumstances of the case, there is sufficient protection for individuals. In assessing adequacy a data controller should look not just at the extent to which data protection standards have been adopted but also at whether there is an effective mechanism for individuals to enforce their rights or obtain redress if things go wrong.


Compliance with the 8th data protection principle.

So, in theory, for example, if they mention in the small print that your data may be processed in India by another branch or subsidiary company, then it is legal to do so even if India is a non compliant country.
TomP
QUOTE (Tamara-D)
So, in theory, for example, if they mention in the small print that your data may be processed in India by another branch or subsidiary company, then it is legal to do so even if India is a non compliant country.


Not however, contract permiting, the way I read it, if you evoke your rights under section 10.

I know its a lot of gobble dee gook but am I reading correctly that a Registered Data Controller has to be in charge of the Data's access, how can this be done by him/her if resident in one country and the access is made in another, the operator in the Indian Call Centre may have some one looking over his shoulder when he/she accesses your personal data when you make a customer service call!


Tomp
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2019 Invision Power Services, Inc.