Breaches of the DPA by bailiffs and debt collection agencies

Gladys Evening (Account suspended) made this Freedom of Information request to Information Commissioner's Office

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was successful.

Gladys Evening (Account suspended)

Dear Information Commissioner’s Office,

I would like to receive a replication of the table and the spreadsheet focusing on breaches of the Data Protection Act by bailiffs and debt collection agencies, including but not limited to the following companies;

Rossendales
JBW Enforcement
Equita
Jacobs
Marston Group
Swift
Bristow & Sutor
Philips
Crichtons
Dukes
Rundle & Co
Newlyn PLC
Phoenix Commercial
Swift Credit Services
Task Enforcement Ltd
CCS Enforcement
Wescot
Gregory Pennington

1. On how many occasions did the ICO establish/observe breaches of the Data Protection Act in the years 2008 to date (calendar or financial year as appropriate) by bailiff and debt collection agencies.

2. On how many occasions did the ICO receive complaints about breaches of the Data Protection Act in the years 2008 to date (calendar or financial year as appropriate) by bailiff and debt collection agencies.

3. Listed separately if necessary for 1 & 2 above, for those categorised as data disclosure and security breaches in each of those years please provide a description of:

A the name of the company

B the breach including the source of the breach (eg. system failure or employee negligence)

C the recommendation made by the ICO

D the actions undertaken by the data controller to remedy the situation

3. Please indicate the cases in which the ICO made use of any of the following powers; information notices, undertakings, enforcement notices, audits, assessment notices, monetary penalties, criminal prosecutions and reports to Parliament.
Yours faithfully,

Gladys Evening

Information Commissioner's Office

PROTECT

15th January 2013

Case Reference Number IRQ0480900

Dear Ms Evening

Thank you for your correspondence dated 15 January 2013.
 
Your request is being dealt with in accordance with the Freedom of
Information Act 2000. We will respond promptly, and no later than 12
February 2013 which is 20 working days from the day after we received your
request.
 
Should you wish to reply to this email, please be careful not to amend the
information in the ‘subject’ field. This will ensure that the information
is added directly to your case. However, please be aware that this is an
automated process; the information will not be read by a member of our
staff until your case is allocated to a request handler.
 
 Yours sincerely
 
 
 
Tim Clarke
 
Information Governance Officer
Information Commissioner’s Office

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

Information Commissioner's Office

PROTECT

22 January 2013

Case Reference Number IRQ0480900

Dear Ms Evening

 
I am writing further to our acknowledgement of 15 January 2013, about your
request of the same date. In that request, you ask for information about
breaches of the Data Protection Act by bailiffs. You also request:
 
“a replication of the table and the spreadsheet focusing on breaches of
the Data Protection Act by bailiffs and debt collection agencies”
 
Unfortunately I am not familiar with ‘the table and the spreadsheet’ you
refer to, so I am not clear what replication you may be requesting. Please
can you clarify for me what information you are asking for in this part of
your request? For example, are you requesting information under any
particular headings in a table or spreadsheet and, if so, what are those
headings? If you have an existing table or spreadsheet and can send a
small sample to illustrate the information you are requesting in that
form, that would be of assistance.
 
Secondly, you refer in your request to ‘bailiff and debt collection
agencies’. Our casework records do define a category of ‘debt collection
agencies’ but makes no distinction between debt collection agencies and
bailiffs. We can therefore search under the category of ‘debt collection
agencies’ and this is likely to produce results including bailiffs, but we
will be unable to make any distinction between the two in our response.
Please will you confirm that this will be satisfactory?
 
Once you provided some clarification we will be able to begin to process
your request.  If we do not receive clarification within three months your
request will be considered to have lapsed. (Under section 1(3) of the
Freedom of Information Act (FOIA), a public authority need not comply with
a request unless any further information reasonably required to locate the
information is supplied). I hope this may be of some assistance to you.

Yours sincerely

Steven Dickinson                 Lead Information Governance Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF.

 

 
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

Gladys Evening (Account suspended)

Dear Information Commissioner’s Office,

Here is an example of the table.

http://www.ico.gov.uk/about_us/how_we_co...

It would be preferable if it was indicated which of the companies I've specified corresponds with the complaint.

In regards your second point, this will be satisfactory, i.e., search under the category of ‘debt collection agencies'.

Yours faithfully,

Gladys Evening

Thank you for emailing the Information Commissioner's Office (ICO).  This
is an automatic acknowledgement to tell you we have received your email
safely.  Please do not reply to this email.

 If your email was about a new complaint or request for advice it will be
considered by our Customer Contact Department.  One of our case officers
will be in touch as soon as possible. If you have sent us a complaint we
may need specific information from you before we are able to consider it. 
You can find out the type of information we would need from the
[1]complaints section of our website. 

 If your email was about an ongoing case we are dealing with it will be
allocated to the person handling your case.

If your email was about a case you have already submitted, but is yet to
be allocated to one of our case officers your email will be added to your
original correspondence and will be considered when your case is
allocated. Please note that further correspondence may not be viewed until
your case is allocated to a case officer.

 If you require any further assistance please contact our Helpline on
0303 123  1113 or [2]01625 545745 if you prefer to use a national rate
number.

 We will not respond to correspondence where the ICO is copied in. If
you have a matter you would like to discuss with us please call our
Helpline on the number above.

         Thank you for contacting the Information Commissioner's Office

 ICO Customer Contact Department

 

Making a request for information held by the ICO?

For more information about the ICO’s handling of requests for information
please visit our [3]Information about us section of our website.

Equality and Diversity

The Information Commissioner’s Office is committed to providing equality
for all and opposes all forms of unlawful or unfair discrimination. We
have produced a questionnaire to help us to produce a profile of our
customers. The questionnaire can be found on our [4]Equality and Diversity
webpage.

Our newsletter

Details of how to sign up for our quarterly newsletter can be found at
[5]Information Commissioner's Office enewsletter.

Twitter

Find us on Twitter at [6]http://www.twitter.com/ICOnews

 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

References

Visible links
1. file:///tmp/blocked::http:/www.ico.gov.uk/complaints.aspx
2. file:///tmp/blocked::tel:01625 545745
3. file:///tmp/blocked::http:/www.ico.gov.uk/about_us.aspx
4. file:///tmp/blocked::http:/www.ico.gov.uk/about_us/how_we_work/equality_and_diversity.aspx
5. file:///tmp/blocked::http:/www.ico.gov.uk/tools_and_resources/enewsletter.aspx
6. file:///tmp/blocked::http:/www.twitter.com/ICOnews

Information Commissioner's Office

PROTECT

28 January 2013

Case Reference Number IRQ0480900

Dear Ms Evening

Request for Information
 
Thank you for your e-mail of 28 January 2013 , in which you have provided
the clarification we sought regarding the scope of your request for
information.
 
As we have already advised, your request will now be dealt with in
accordance with the Freedom of Information Act 2000 under the reference
number shown above. 
 
Following receipt of your latest e-mail we will now respond to your
request promptly, and no later than 25 February 2013 which  is 20 working
days from the day after we received clarification of your request.
 
Should you wish to reply to this e-mail please be careful not to amend the
information in the ‘subject’ field. This will ensure that your reply is
added directly to your case. However, please be aware that this is an
automated process; the information will not be read by a member of our
staff until your case is allocated to a request handler.
 
Yours sincerely
 
Steven Dickinson                 Lead Information Governance Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF.

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

Information Commissioner's Office

4 Attachments

  • Attachment

    A427a DP complaints with sector recorded as debt collectors with outcome v0 1 crosstab.pdf

    23K Download View as HTML

  • Attachment

    A427a DP complaints with sector recorded as debt collectors with outcome v0 1 list one redaction.pdf

    49K Download View as HTML

  • Attachment

    A427b ENF cases with sector recorded as debt collectors with outcome summary.pdf

    19K Download View as HTML

  • Attachment

    A435a DP complaints regarding named debt collection agencies using keywords.pdf

    34K Download View as HTML

PROTECT

25 February 2013

Case Reference Number IRQ0480900

Dear Ms Evening
 
I am writing further to your clarification of your request, received 22
January 2013. We are now in a position to provide our response. As you
know, we are dealing with your request under the Freedom of Information
Act 2000 (FOIA). You clarified that a response providing you with
information relating to our casework system category of ‘debt collection
agencies’ would be sufficient to respond to your description of ‘bailiffs
and debt collection agencies’
 
Firstly, however, please note that we do not hold information described in
your request from 2008. The information we have located is held in our
casework records, which are retained for two years from the closure of the
case. The information provided below is for the financial year 2011-12,
which is the oldest for which full data is available, and the financial
year 2012 to the date of your request. Some information prior to this has
been published on our website and I note, from the link you have provided,
that you are already aware of this information.
 
You asked:
 
“1. On how many occasions did the ICO establish/observe breaches of
the Data Protection Act in the years 2008 to date (calendar or
financial year as appropriate) by bailiff and debt collection
agencies.”

Our response:

Financial year Named debt collection parties Debt collectors sector
2011-12 13 88
2012-13 YTD 10 69

 
Please note that our role as regulator requires that we assess whether it
is likely or unlikely that the data controller has complied with the
requirements of the Data Protection Act 1998 (DPA). We refer to these as
‘compliance likely’ or ‘compliance unlikely’ assessments and they reflect
the ICO’s view based on the information available to us.
 
You asked:
 
“2. On how many occasions did the ICO receive complaints about
breaches of the Data Protection Act in the years 2008 to date
(calendar or financial year as appropriate) by bailiff and debt
collection agencies.”
 
Our response:
 

Financial year Named debt collection parties Debt collectors sector
2011-12 44 285
2012-13 YTD 33 247

 
Please note however that the information recorded above relates to
complaints cases which were finished in each of the years, not necessarily
cases which were received. This has been done because the complained-about
party’s details may not be added to a case until some time after the
complaint is received, which may in some circumstances be several weeks or
months after the initial complaint was received and could therefore fall
into the next financial year. Similarly case attributes such as the sector
(eg debt collection agencies) are not always added until the case is
closed. Consequently, we are unable to search for information about when a
complaint is received about specified parties or sectors; accurate reports
of the type specified in your request can only be run for completed cases,
not cases received.
 
You asked:

“3. Listed separately if necessary for 1 & 2 above, for those
categorised as data disclosure and security breaches in each of
those years please provide a description of:

A the name of the company

B the breach including the source of the breach (eg. system failure
or employee negligence)

C the recommendation made by the ICO

D the actions undertaken by the data controller to remedy the
situation”
 
Our response:
 

Financial year Sector debt collection with compliance unlikely outcome
Nature - Disclosure of data Nature - Security
11

Recover Debt Solutions Limited
(Bluesky Claims)
Mackenzie Hall Ltd 4
CapQuest Debt Recovery Ltd
HFO Services Limited Neo Media Solutions Ltd
2011-12 Rossendales Collect Aktiv Kapital (UK) Limited
Sheriffs High Court Enforcement Northern Debt Recovery
Ltd Equita Limited
HFO Services Limited
ARC (Europe) Ltd
The Lewis Group Ltd
Equita
HFO Services Limited
7
5
SRJ Debt Recoveries Ltd
Optima Legal Services Limited Marston High Court
2012-13 YTD Capquest Debt Recovery Ltd Bailiffs & Enforcement
SRJ Debt Recoveries Limited Sigma Red Limited
CCI Legal Services Ltd Lowell Portfolio Ltd
Ascent Collections Ltd IQor Recovery Services
PHILIPS COLLECTION SERVICES Lowell Portfolio Ltd
LIMITED

 
 
Please also see attached reports which record the name of the company and
the category of the complaint (eg ‘inaccurate data’; ‘disclosure of data’;
etc) and whether remedial action has been taken. The ‘crosstab’ report
shows the available categories of breach, and the number of instances of
each.
 
In one case, the name of the complained-about party has been redacted (on
p5 of the ‘A427a … with outcome’ report) because this is the name of an
individual rather than a company. This is therefore personal data and we
have determined that disclosure of the individual’s name would be unfair,
not least because no adverse assessment was made in that case, therefore
there are no grounds to conclude that any breach of the DPA had occurred.
The first data protection principle requires that personal data is
processed fairly and lawfully, therefore, disclosure would be unfair and
would breach the DPA. This specific information is refused under the
provisions of section 40(2) and 40(3)(a)(i) of FOIA, which states:
Personal information.
Section 40(1) provides that –
“Any information to which a request for information relates is exempt
information if it constitutes personal data of which the applicant is the
data subject.”
Section 40(2) provides that –
“Any information to which a request for information relates is also exempt
information if-

 1. it constitutes personal data which do not fall within subsection (1),
and
 2. either the first or the second condition below is satisfied.”

Section 40(3) provides that –
“The first condition is-

 1. in a case where the information falls within any of paragraphs (a) to
(d) of the definition of "data" in section 1(1) of the Data Protection
Act 1998, that the disclosure of the information to a member of the
public otherwise than under this Act would contravene-

 1. any of the data protection principles

 
With regard to providing further detail in respect of parts B, C and D of
this section of your request, we are not able to search for this
information. We do not separately record or categorise the details of the
circumstances of the breach, or the remedial action required or taken, as
these are likely to be specific to the circumstances of the case. We can
only search our casework system for defined options which are recorded as
attributes of the case. Therefore we are unable to search for categories
of breach beyond the sort of headings provided in the summaries above and
attached spreadsheets, or for details of the actual remedial action
recommended or taken.
 
It would be necessary to examine the case correspondence to determine what
specific breaches occurred, recommendations were made, or actions
undertaken. Note also that in cases where the outcome is recorded as ‘no
remedial action taken’ this may in some cases be because our investigation
found that sufficient remedial action had been taken by the data
controller prior to, or during, the ICO’s investigation. Therefore it
would be necessary to review the case correspondence in each case to
provide the information requested at parts 3B, 3C and 3D to you. Given the
large number of cases, this information is refused under the provisions of
section 12 of FOIA, as below:
Exemption where cost of compliance exceeds appropriate limit
Section 12(1) provides that –
“Section 1(1) does not oblige a public authority to comply with a request
for information if the authority estimates that the cost of complying with
the request would exceed the appropriate limit.”
In the ICO’s case, the appropriate limit is £450, which is calculated at
the rate of £25 per hour and therefore represents 18 hours’ work. I have
examined a sample of cases and found that to locate and review the
relevant case correspondence in order to retrieve this information took
around 6 minutes per case. As the ‘A427a’ report alone lists over 530 such
cases, it is clear that the 18 hour limit would be exceeded in examining
approximately one third of the cases listed on this report, without
addressing any of the other reports provided. Note also that, even having
located and retrieved the information from the relevant case files,
extracting the information from the file would then be an additional and
time-consuming activity and I estimate that it would be likely to take a
similar amount of time again, for each case.
 
If you still wished to obtain some of this information, you would need to
submit a refined request which we would be able to deal with under the
cost limit. I hope that the information disclosed might be sufficient in
any event, or may be of assistance in enabling you to describe more
closely any specific information which you require in addition to that
provided in this response.
 
You asked:
 
 “3. Please indicate the cases in which the ICO made use of any of
the following powers; information notices, undertakings,
enforcement notices, audits, assessment notices, monetary
penalties, criminal prosecutions and reports to Parliament.”
 
Our response:
 
No use of information notices in respect of debt collection agencies is
recorded for this period. Information about undertakings, enforcement
notices, assessment notices and monetary penalties is published on our
website and details of our regulatory activity can be found via the
following section:
 
[1]http://www.ico.gov.uk/enforcement.aspx  and
 
[2]http://www.ico.gov.uk/what_we_cover/taki...
 
and this information is therefore reasonably accessible to you by other
means. For your convenience, however, I can confirm that no assessment
notices, monetary penalties or reports to Parliament have been issued
against the named companies or others within the sector relating to debt
collection agencies.
 
Information about audits is also available online:
 
[3]http://www.ico.gov.uk/what_we_cover/audi...
 
[4]http://www.ico.gov.uk/for_organisations/...
 
It may be helpful if I explain that audits are conducted with the consent
of the data controller, the ICO has no powers to conduct a compulsory
audit (except for central government bodies), so all audits of debt
collection agencies or bailiffs would be with their consent. Further,
audits are not as a rule conducted as an outcome of a specific case but
are typically undertaken where the ICO becomes aware of a pattern of
activity (perhaps due to a number of complaints received, for example),
which suggests that an audit may assist the data controller in improving
their practice. Consequently, we are unable to indicate the cases in which
an audit was undertaken as the audit is not associated with any specific
case. Again, however, I can confirm that no audits were undertaken for the
named companies you listed in your request, but two audits of
organisations likely to fall within the broad category of debt collection
agencies were undertaken within the period covered by this response.
 
We hold no information on any prosecutions or reports to Parliament for
organisations within the bailiffs and debt collection agencies sector.
Having checked with the relevant sections of the ICO, we are satisfied
that no such actions have been taken against organisations within this
sector. Reports to Parliament are usually relatively high-profile events
of some significance, which would receive publicity via the ICO website.
 
This concludes our response to your request.
 
If you are dissatisfied with the response you have received and wish to
request a review of our decision or make a complaint about how your
request has been handled you should write to the Information Governance
Department at the address below or e-mail
[5][email address]
 
Your request for internal review should be submitted to us within 40
working days of receipt by you of this response.  Any such request
received after this time will only be considered at the discretion of the
Commissioner.
 
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation.  To make such an application, please write
to the First Contact Team, at the address below or visit the ‘Complaints’
section of our website to make a Freedom of Information Act or
Environmental Information Regulations complaint online.
 
A copy of our review procedure is available [6]here.
 
Yours sincerely
 
Steven Dickinson                 Lead Information Governance Officer
 
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF.
 
 
 

show quoted sections

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire, SK9 5AF
Tel: 0303 123 1113 Fax: 01625 524 510 Web: www.ico.gov.uk

References

Visible links
1. http://www.ico.gov.uk/enforcement.aspx
2. http://www.ico.gov.uk/what_we_cover/taki...
3. http://www.ico.gov.uk/what_we_cover/audi...
4. http://www.ico.gov.uk/for_organisations/...
5. mailto:[email address]
6. http://www.ico.gov.uk/about_us/~/media/d...