Anyone have DPA knowledge?
Discussion
I'm having a bit of bother with a website that is publicising my home address against my wishes.
The site offers a "free removal service" but they then demand a phone number, full DOB, email address etc. which is information I doubt they have, so I have provided only part of my number and DOB. They have refused to remove my record from the site or search results and will have no further discussion unless I pay a fee. The reason they give is that the information provided was false and they could not therefore identify the data subject. The information provided isn't false, it is partially redacted to prevent people like them from abusing it.
However, they have updated their website stating that I am at the address as of today, based upon the fact that I have contacted them! So they are obviously sure enough who I am to do that!
It appears to be a scam to be honest. They either get more personal information about people which they will no doubt find a way of exploiting or when people won't provide it they charge a fee for further consideration of the matter.
The ICO has said they'll look at it but that the process is fairly slow. The registrar of the site and web host have said they will act only when legally required to do so or when their T&Cs have been breached.
I would like to stop these people using my personal information as swiftly as possible,. Any pointers from someone in the know would be appreciated.
The site offers a "free removal service" but they then demand a phone number, full DOB, email address etc. which is information I doubt they have, so I have provided only part of my number and DOB. They have refused to remove my record from the site or search results and will have no further discussion unless I pay a fee. The reason they give is that the information provided was false and they could not therefore identify the data subject. The information provided isn't false, it is partially redacted to prevent people like them from abusing it.
However, they have updated their website stating that I am at the address as of today, based upon the fact that I have contacted them! So they are obviously sure enough who I am to do that!
It appears to be a scam to be honest. They either get more personal information about people which they will no doubt find a way of exploiting or when people won't provide it they charge a fee for further consideration of the matter.
The ICO has said they'll look at it but that the process is fairly slow. The registrar of the site and web host have said they will act only when legally required to do so or when their T&Cs have been breached.
I would like to stop these people using my personal information as swiftly as possible,. Any pointers from someone in the know would be appreciated.
Answers below in caps for clarity, I'm not shouting.
used fairly and lawfully - was consent given for them to have this information in the first place?
I SUSPECT THEY GOT THE INFO FROM COMPANIES HOUSE. I MUST BRIEFLY HAVE BEEN A DIRECTOR REGISTERED AT THE ADDRESS.
used for limited, specifically stated purposes - if consent was given, for what stated purpose was it, and have they exceeded that?
I WOULD HAVE GIVEN IT BECAUSE I WAS LEGALLY REQUIRED TO AT THE TIME.
used in a way that is adequate, relevant and not excessive - is this excessive use, again, what initial consent was there?
IT COULD ONLY HAVE BEEN COMPANIES HOUSE. I NEVER GIVE OUT MY PERSONAL ADDRESS AND I HAVE ALWAYS OPTED OUT OF THE ELECTORAL ROLL (PUBLIC)
accurate - I think we can assume that it is at least accurate otherwise you wouldn't have a complaint
kept for no longer than is absolutely necessary - again, what was the initial purpose for this information, do they still have a legitimate reason for keeping it?
THEY HAVE NEVER BEEN GIVEN IT, THEY MUST HAVE HAD IT FROM COMPANIES HOUSE.
handled according to people’s data protection rights - if it is marketing related, you do have a legal right to request its deletion.
IT WOULD SEEM TO BE IN USE TO DRAW PEOPLE TO THE SITE TO SELL THEM MORE DATA.
kept safe and secure - err, Hell no if it's on a public web page.
IT IS NOT BEING KEPT SAFE AND SECURE.
not transferred outside the UK without adequate protection - again, it's on a web page, so you could argue that if it is browsed outside the UK, it has effectively been transferred without adequate protection.
QUITE
If you can ascertain an address, send a letter (recorded delivery) stating which parts of the DPA you believe them to have violated, and indicate that you have the ICO involved. A colleague has just got his information corrected and a few £100 'good will' out of a utilities company using this approach.
THIS OUTFIT OPERATES OUT A NEW BUILD HOURING ESTATE IN (AS I RECALL) BOLTON. I THINK THE OWNER IS A PRIVATE DETECTIVE WHO HAS DECIDED TO BRANCH OUT BY PIMPING PEOPLE'S PERSONAL DETAILS.
Good luck,
Mick
[/quote]
TheHound said:
Problem is if it was registered with companies house you will probably find the information listed on a number of legitimate websites;
companycheck.com
companydirectorcheck.com
companiesintheuk.com
192.com
etc
Possibly, but there are no Google search returns for my name at the address.companycheck.com
companydirectorcheck.com
companiesintheuk.com
192.com
etc
Furthermore IF it was from companies house the data is years old. It was provided to companies house for a specific purpose and has not been updated. This outfit is saying I am there today and doing so publicly and via a Google search.
Breadvan72 said:
What's the big secret? The postman knows where you live. OK, if you are a Bond Villain and your address is Number 1, Secret Evil Base Inside a Hollowed Out Volcano With All Monorails And Lasers And Stuff, you might have a beef, but otherwise, why bother?
This is a bit like people blanking out their car registrations when posting photos of jalopies. Kinnell, anyone walking past can see the number.
Actually the postman seems to be one person who doesn't know where I live, but that's another matter.This is a bit like people blanking out their car registrations when posting photos of jalopies. Kinnell, anyone walking past can see the number.
The "big secret" as you put it is that I don't want my home address to come up when someone searches my name. In part it is about privacy but also I have in the past had a nutter trying to find me. He only managed to find the address registered to one of our domain names. I don't want to make it easier for future nutters to find me.
TooMany2cvs said:
Eleven said:
I SUSPECT THEY GOT THE INFO FROM COMPANIES HOUSE. I MUST BRIEFLY HAVE BEEN A DIRECTOR REGISTERED AT THE ADDRESS.that?
I WOULD HAVE GIVEN IT BECAUSE I WAS LEGALLY REQUIRED TO AT THE TIME.
IT COULD ONLY HAVE BEEN COMPANIES HOUSE. I NEVER GIVE OUT MY PERSONAL ADDRESS AND I HAVE ALWAYS OPTED OUT OF THE ELECTORAL ROLL (PUBLIC)
If that's the case, then the information is in the public domain.I WOULD HAVE GIVEN IT BECAUSE I WAS LEGALLY REQUIRED TO AT THE TIME.
IT COULD ONLY HAVE BEEN COMPANIES HOUSE. I NEVER GIVE OUT MY PERSONAL ADDRESS AND I HAVE ALWAYS OPTED OUT OF THE ELECTORAL ROLL (PUBLIC)
Steffan said:
I regularly recommend not recording home addresses on Companes House.There are provisions that allow alternatives. Sadly CH has become as much of a nuisance as advertising your address in the paper. Best avoided. Regrettably identity theft and Internet sutupidity and the scam business have consequences one of which is being aware how information can be genuinely provided but from that point...... Better to be safe .....
It used to be mandatory for directors. It's only been more recent that a service address could be used.Breadvan72 said:
Henry talks good sense. Data protection law is particularly misunderstood by banks, service providers etc, and hence those stupid conversations when they call you but want you to provide lots of info before they will tell you why they have called. This is based on misreading the DPA.
Subject to a rather daft and practically unenforceable recent ECJ ruling about the so called right to be forgotten, you can't re write history, and public domain info remains in the public domain.
Absurd misreadings of data protection can lead to ridiculous outcomes such as this one: a lawyer mentioned on his website that he had acted in a particular case. The case had been heard in public and is reported in major law report series, available on free websites etc. A stupid ombudsman nonetheless said that the lawyer should pay compensation to the client who objected to having his name mentioned. It's not me, by the way,but the ruling is to be challenged with the backing of the professional body, as it's plainly bonkers.
I can see merit in that complaint on a common sense basis. The subject provided information because he or she was obliged to do so for a specific legal purpose. Why should a solicitor then be able to use that information for marketing purposes?Subject to a rather daft and practically unenforceable recent ECJ ruling about the so called right to be forgotten, you can't re write history, and public domain info remains in the public domain.
Absurd misreadings of data protection can lead to ridiculous outcomes such as this one: a lawyer mentioned on his website that he had acted in a particular case. The case had been heard in public and is reported in major law report series, available on free websites etc. A stupid ombudsman nonetheless said that the lawyer should pay compensation to the client who objected to having his name mentioned. It's not me, by the way,but the ruling is to be challenged with the backing of the professional body, as it's plainly bonkers.
You have an opinion about how concerned individuals should be about how their data is used. It is not an opinion shared by everyone.
HenryJM said:
I think one of the things that people miss with law is that it matters not one iota what you think it should be. It only matters what it is. You may want something to be against the law, it may cry out for it to be so, but so what? All that matters (unless you are going into campaigning) is what it is and how it is interpreted.
So it matters not one jot whether you want someone to do something with your data, there is no relevance whatsoever if you think it is wrong, all that matters is whether it is actually contrary to legislation or not.
Couple of things there. So it matters not one jot whether you want someone to do something with your data, there is no relevance whatsoever if you think it is wrong, all that matters is whether it is actually contrary to legislation or not.
The second principle of data protection is:
2.Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
If I am correct, the data was provided to Companies House for use in connection with a limited company of whioh I was a director. It is being used to market the services of a people locator. In my view the current use is incompatible with the reason for which the data was provided.
Secondly, S10 of the DPA says:
10 Right to prevent processing likely to cause damage or distress.E+W+S+N.I.
(1)Subject to subsection (2), an individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject, on the ground that, for specified reasons—
(a)the processing of those data or their processing for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another, and
(b)that damage or distress is or would be unwarranted.
I have made it clear to the data controller why the data being used this way is likely to cause distress. I did this in writing. He has refused to remove it.
As far as I am aware the law is on my side. But then I am not a lawyer.
HenryJM said:
Eleven said:
HenryJM said:
I think one of the things that people miss with law is that it matters not one iota what you think it should be. It only matters what it is. You may want something to be against the law, it may cry out for it to be so, but so what? All that matters (unless you are going into campaigning) is what it is and how it is interpreted.
So it matters not one jot whether you want someone to do something with your data, there is no relevance whatsoever if you think it is wrong, all that matters is whether it is actually contrary to legislation or not.
Couple of things there. So it matters not one jot whether you want someone to do something with your data, there is no relevance whatsoever if you think it is wrong, all that matters is whether it is actually contrary to legislation or not.
The second principle of data protection is:
2.Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
If I am correct, the data was provided to Companies House for use in connection with a limited company of whioh I was a director. It is being used to market the services of a people locator. In my view the current use is incompatible with the reason for which the data was provided.
Secondly, S10 of the DPA says:
10 Right to prevent processing likely to cause damage or distress.E+W+S+N.I.
(1)Subject to subsection (2), an individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject, on the ground that, for specified reasons—
(a)the processing of those data or their processing for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another, and
(b)that damage or distress is or would be unwarranted.
I have made it clear to the data controller why the data being used this way is likely to cause distress. I did this in writing. He has refused to remove it.
As far as I am aware the law is on my side. But then I am not a lawyer.
In this case they are obviously not like that, as I read it they are primarily hiding behind 7(3):
Where a data controller—
(a)reasonably requires further information in order to satisfy himself as to the identity of the person making a request under this section and to locate the information which that person seeks, and
(b)has informed him of that requirement,
the data controller is not obliged to comply with the request unless he is supplied with that further information.
The difficulty is that your recourse is to court and/or the ICO. At court it's a lot of hassle and cost for the verdict of them ordering them to take it down. With the ICO it's slow wheels grinding on something that probably won't excite them too much. So they'll get to it eventually.
Having stated that he couldn't identify the data subject (me) he has then updated the record on his site to say that I am at the address as of yesterday. If he cannot identify me as the data subject he should not be updating the record.
dredge said:
You could ask Google to remove that website from the results that appear when someone searches for your name:
https://support.google.com/legal/contact/lr_eudpa?...
The information would still be there and certainly visible via other search engines, and indeed Google outside of the EU. You might consider it better than nothing, if other options aren't available.
As I understand it, Google would inform the website in question that they have removed that specific result, so they would certainly know you were behind it. That could either be good or bad.
Thanks Dregde, I knew that existed but couldn't find it! I have submitted a request.https://support.google.com/legal/contact/lr_eudpa?...
The information would still be there and certainly visible via other search engines, and indeed Google outside of the EU. You might consider it better than nothing, if other options aren't available.
As I understand it, Google would inform the website in question that they have removed that specific result, so they would certainly know you were behind it. That could either be good or bad.
The ICO seem pretty helpful and have asked that I call them on Monday when my case will be on their system.
voyds9 said:
Eleven said:
Couple of things there.
The second principle of data protection is:
2.Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
If I am correct, the data was provided to Companies House for use in connection with a limited company of whioh I was a director. It is being used to market the services of a people locator. In my view the current use is incompatible with the reason for which the data was provided.
Secondly, S10 of the DPA says:
10 Right to prevent processing likely to cause damage or distress.E+W+S+N.I.
(1)Subject to subsection (2), an individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject, on the ground that, for specified reasons—
(a)the processing of those data or their processing for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another, and
(b)that damage or distress is or would be unwarranted.
I have made it clear to the data controller why the data being used this way is likely to cause distress. I did this in writing. He has refused to remove it.
As far as I am aware the law is on my side. But then I am not a lawyer.
The data controller for CH collected the information for one purpose. That information is then in the public domain. There is nothing to then stop another data controller from collecting that information and using it for a different purpose.The second principle of data protection is:
2.Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
If I am correct, the data was provided to Companies House for use in connection with a limited company of whioh I was a director. It is being used to market the services of a people locator. In my view the current use is incompatible with the reason for which the data was provided.
Secondly, S10 of the DPA says:
10 Right to prevent processing likely to cause damage or distress.E+W+S+N.I.
(1)Subject to subsection (2), an individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing, or processing for a specified purpose or in a specified manner, any personal data in respect of which he is the data subject, on the ground that, for specified reasons—
(a)the processing of those data or their processing for that purpose or in that manner is causing or is likely to cause substantial damage or substantial distress to him or to another, and
(b)that damage or distress is or would be unwarranted.
I have made it clear to the data controller why the data being used this way is likely to cause distress. I did this in writing. He has refused to remove it.
As far as I am aware the law is on my side. But then I am not a lawyer.
A better tack might be to send a declaration (via solicitor) that the address is no longer accurate. Then they fall foul of principle 4 Personal data shall be accurate and, where necessary, kept up to date.
Jon1967x said:
TooMany2cvs said:
Eleven said:
It is being used to market the services of a people locator. In my view the current use is incompatible with the reason for which the data was provided.
That's where you're getting confused. If you'd provided your details to this company, then you'd be right. But you haven't. They've taken them from the public record of your directorship. Public domain information. Once your data was published - not only legally, but as legally required - by CH, then you have no expectation of privacy over those details.If you really want your name & address hidden again, move - and remember to never sign up to being a director again.
http://www.companieshouse.gov.uk/freedomInformatio...
..states that the public are allowed to see.. this is not for companies to lift and use with impunity
Steffan said:
First step must be removing the address and using one of the approved alternatives. Far far safer and a lot less trouble.
As I said, I didn't have a choice regarding putting my home address on the CH papers. But I have now taken steps to get Google to remove me from searches and asked CH to change the record to a service address. HOWEVER the company in question is now in liquidation and I don't have the web access code to change the record. I have asked CH for permission to change it on a paper, it remains to be seen whether they will allow it.Martin4x4 said:
Perhaps not, assuming he was the defacto director and therefore legally compelled to become the registered director otherwise he would have been a shadow director; either way he would still a director.
I started the business and needed to be limited, so I had little choice.Steffan said:
TooMany2cvs said:
Steffan said:
Fanatical considerations are but part of the motivation and decision.
ITYM "financial", but...And, yes, you're right - but one of the factors to consider is that doing so has until recently inevitably put your name and address into the public domain. For some people, that's important enough that they probably ought to have considered it first...
In my view, one needs either to be "out there" or non-existent in terms of "public profile". If you depend upon your profile for one reason or another, business reputation for example, it needs to be out there and carefully managed. If you have nothing to gain by being "known" then complete privacy is the way to go.
A mentor of mine once cautioned me about becoming better known. He is far, far wealthier than I am so perhaps he had a point.
But whatever one's public profile is, it needs to be the decision of the individual and not parasites who trade in peddling personal data.
Breadvan72 said:
One of the many reasons for deploring the mostly pointless DPA is that it has given people the delusion that their name and address are some sort of secret or even a form of property. What are we? Ancient tribespeople who believe that if someone knows our name he has magical power over us?
This appears to be another of your "it doesn't bother me, therefore it shouldn't bother everyone else" lines of thought. We had a similar conversation about cash some time ago. You didn't understand why people use cash outside of being, in your words, "A wannabe Arthur Dailey". Yet a great many people and businesses would not be able to operate without it.
YOU may not be bothered about your personal details being all over the Internet. But I am. I also have experience to suggest that my concerns are valid. I accept of course that if someone really wanted to find me they could, but I don't want to make it any easier than necessary.
I also have reason to believe that my address simply not being available on search engines is a barrier to access that would filter out most of the people I don't want to hear from.
Breadvan72 said:
What are you talking about? You appear to be mistaking me for someone else who has pissed you off, but as it appears that everything and everyone pisses you off that is perhaps not surprising.
No, it was definitely you. But you didn't piss me off at all, nor have you this time. I was merely pointing out that sometimes your comments appear a little, "Let them eat cake".
To flesh things out for you a little: I run a business in one of the country's poorer cities and have some quite colourful customers who unfortunately it is sometimes necessary to upset. They are the sort of people who would Google my address and act upon the information. It has happened before and could do again. I honestly doubt that many of these people would have the nous to seek further than a search engine though. That said, one once tried to trace me via Whois.
I was alerted to my address being available too easily on one occasion when a debt collector turned up at MY house because they thought I might know where one of my customers had moved to! It was a brief conversation and they went away swiftly, but I'd have preferred not to see them at all.
TooMany2cvs said:
Eleven said:
YOU may not be bothered about your personal details being all over the Internet. But I am.
Yet you then chose* to make a career decision that inherently and unavoidably put that information into the public domain.Now you're complaining about that.
- - Yes, chose. Nobody ever _forced_ anybody to be a director of a limited company.
There are times when if you're going to be in business you need limited liability, which most often is via a limited company. The rules have changed but once upon a time the home addresses of directors had to be provided and were made available via a paid-for search at Companies House. There MAY have been ways around it but if there were neither I nor my accountant knew about it. Nor it would seem did the directors of some pretty big businesses (banks for example) because they too have / had their home addresses available for the price of a search.
Now of course I could have just not gone into business to avoid providing my address. But that would have been ridiculous. I would have been denying economic progress for the sake of avoiding a smallish risk. Furthermore, as I point out above, the information not being free and returned by a search engine provided a barrier to access. My concern is that the barrier has now been removed and if you knew my real name you could find my home address in seconds.
The risk remains small, but having my address out there is still a risk and I'd prefer it wasn't. So I am setting about putting that right.
TooMany2cvs said:
Eleven said:
You keep saying this and it's essentially wrong.
No, it really isn't.Eleven said:
There are times when if you're going to be in business
See? THAT "If", right there, that's the one I'm talking about. That was a _choice_. You _chose_ to "be in business", rather than work for somebody else. Every choice comes with compromises. You chose that set, whether you fully understood the consequences or not.Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff