Apologies for the delay in commenting on this but I've been on leave.
People forget that subject access doesn't entitle you to the information in
the format you wish (subject to diversity issues such as language or Braille
etc), only to receive the information in an 'intelligible form'. This only
has to be the way a data controller holds it along with details of
codes/abbreviations/acronyms used.
DP does not make any provision for the data subject to decide what is
'intelligible'.
Most, if not all, High Street Banks generate their statements as a 'one-off'
process and do not retain copies of the statements given the volumes of
information that would need to be held. Using the Lloyds example they
produce millions of statements a month and do not retain copies due the
sheer numbers.
They do however have the historic information on their systems and as such
you are entitled to that raw data under subject access. If however you want
the data in a specified form its not a SAR so the bank can charge £15 or
whatever per statement.
The fact is a statement requires manual intervention, albeit entering dates
and pressing a button, but manipulates the raw data into a format that it is
not held in.
Most banks will provide the raw data and copies of any codes their systems
use to allow you to identify what a particular transaction is. Provision of
these along with the raw data means that the information has been provided
in an 'intelligible form'.
In essence it's up to the data controller to decide what constitutes an
'intelligible form' and if they can do it without recreating statements then
they have met their s7 obligations. Anything over what they consider
'intelligible' then falls outside of s7 and is open to the data controller's
charging structure.
Lee
-----Original Message-----
From: Nigel Roberts [mailto:[log in to unmask]]
Sent: Fri 21 July 2006 10:24
To: [log in to unmask]
Subject: Re: [data-protection] That B4U enforcement notice
You may be interested in the attached letter I sent to a 'Big 4' bank
yesterday. I would appreciate any comments, mainly on the Data Protection
implications, as it amounts to a subject access request.
Nigel
---
21 July 2006
Xxx Xxxxxxxx by fax
Manager
Customer Accounts
Lloyds TSB Bank plc
Brighton
BN1 4BE
Dear Ms. Xxxxxxx
Thank you for your l etter of 17th July 2006 (copy attached). My date of
birth (for identification) is **/**/****. Please note that relevant account
is Accucard number **** **** **** **** (My enquiry does not relate to the
new account ending in ****).
Secondly, please note that I am not asking for 'copy' statements.
No paper statements are normally issued for my Accucard account - one of the
conditions on the account was that it was an entirely paperless account
whereby all statements on this account are made available by the Internet
banking facility at www.accucard.com ("the Online Statement") and could be
reviewed by me using an Internet Browser program.
Several months ago, your Bank told me that my Accucard was to be replaced by
a Lloyds Bank Platinum card and that my account number would change.
It was not made clear to me at this time that any of the other operational
characteristics would change, nor that, certain major benefits, such as
Online Statement access would be withdrawn.
Despite this, your Bank, entirely without notice, removed my ability to
access my online statements last month. This is entirely unacceptable to me
and is a breach of the Accucard Agreement. I was never able to view the most
recent Accucard statement at all.
Please note that I absolutely require you to restore the access to my
statements in order thjat I maintain the required records for taxation
purposes (for up to 6 years statements). Your Banking Licence must require
you to retain this records similarly. I also need them to be able do my
books and expense claims for my company. I have tax return deadlines to
meet, which you are now jeopardising, risking an administrative tax penalty.
In view of the all above, I asked, and your colleague agreed, to restore my
access to my account statements for the abovementioned Accucard account.
However at the same time he told me that your bank is now only prepared to
make available these statements on paper. Although I would have preferred
that you restore my access to the Internet Statement facility where I could
download them as before, I accepted this.
Today I receive your letter threatening to charge me over £250 (£6 per
statement) for this. This is even more unacceptable.
Please note that I require from you, within the statutory time period, every
piece of information stored by the Bank about me, including the operation of
my Accucard account. This includes copies of all statements on the account
issued since the account was opened in 2002.
I am entitled to all this information by virtue of our Agreement, and by
rights that obtain under the Data Protection Act.
By law you may only charge me a maximum of £10 for this enquiry. I confirm
that, under protest, I will authorise such a charge of £10 to my Lloyds
account, but I hereby give you notice that any and all charges you make
against me will be claimed back from you (in Small Claims court if
necessary) since the necessity of having to exercise my rights in this
manner flows directly from and is a direct consquence of your withdrawal of
my Online Statements without notice.
Furthermore, in processing this request, the law allows you to have me to
provide you with only such additional information as in necessary to
identify me. As you have my name, address and date of birth both in this
letter and on file, it is clear that you have all the identifying
information you need, and therefore the statutory time limit runs from the
date of transmission of this fax.
Please also note, that in attempting to respond to your letter, your staff
refused to put me through to you.
Today I spent 40 minutes on the telephone to the number you gave me (see
attached letter). I spoke to XXX XXXX and to ZZZZ ZZZZZ. The former was
unable to determine whether you existed. The latter evenutally located you,
but was only able to get through to your answering machine. For training
purposes, you may wish to refer to the recording of the conversation with Mr
XXXX, in particular. (Please note, that you are also required to provide me
with copies of the recordings you have made my calls, today and in the
past).
Whilst on the telephone I was given to understand there was a policy of not
allowing customers to speak to you as you were a 'higher up' and did not
take calls from customers. As a customer, this give me an extremely poor
perception of your Department, and of the Bank. You should not write letters
under your name if you are not prepared to answer to your customer for the
contents!
Accordingly unless I receive a satisfactory initial response to this
complaint within 3 working days I will write to each of the Directors of the
Bank, at each of their home addresses (a matter of public record at
www.companieshouse.gov.uk) since I have been unable to get any sense out of
your soi-disant "inbound call centres".
The one light at the end of the tunnel (after 40 minutes on your premium
rate 0870 number) was that I told by YYYY that the Bank makes no charge
where paper statements are required for tax purposes. If this is true, I
look forward to receiving such statements being sent within 5 working days
of today.
I trust your Department will telephone me tomorrow at the latest to let me
know how you will resolve this issue?
Nigel Roberts
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses using Sophos
anti-virus software.
www.mimesweeper.com
www.sophos.com
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|