What to do if a debt recovery company has leaked my private information

As a hard-and-fast rule, companies have a responsibility under the Data Protection Act (DPA) to use and store sensitive information correctly. Although the law is there, not all organisations successfully uphold the regulations they’re supposed to.

So, in this example, what can you do if a debt recover company has leaked your private information? Do you have a valid claim for Data Leak Compensation?

The DPA contains eight primary principles that companies should adhere to:

Debt recovery companies’ responsibilities

When it comes to debt recovery companies, the responsibilities don’t vary too much. As data controllers, a debt recovery company still owes the same responsibilities to individuals listed above. If they fail to do so, they can be subject to severe scrutiny from the Information Commissioner’s Office (ICO) – the U.K.’s data privacy watchdog.

What constitutes as a data breach?

As defined by the ICO, a personal data breach is:

“…a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service.”

As the ICO explains, this may be intentional or unintentional. Either way it still amounts to a data breach.

Is debt sensitive information?

A data leak by a debt recovery company will almost certainly be considered as a leak of sensitive information, as many people who are in debt wouldn’t usually want people to know.

ICO powers

If the ICO sufficiently finds there to be an infringement of your privacy rights and that the company has breached their DPA responsibilities, they can impose a monetary penalty on the company. These penalty notices are designed for serious contraventions of the DPA, and mustn’t exceed £500,000. Recently, TalkTalk was fined £400,000 for their massive data breach.

Consequences

Debt is something that I’m sure many individuals would like to keep quiet. If the debt recovery company has leaked personal data of the said individuals, this could have many consequences for them. As a result, a person may have good grounds to make a claim.

Data breaches by debt recovery companies

Following a Freedom of Information request by Gladys Evening, the ICO confirmed that, from 2011-12, there were 13 and 88 occasions where the ICO observed breaches of the DPA by debt collection agencies.

The Financial Ombudsman are also equipped to deal with complaints of a financial nature. This also ties in with data protection privacy. One case study details where a consumer complained after a debt collector left debt details on his front door. As Mr M arrived home from work, he was told by a neighbour that a debt collector had been asking after him. There was a note on his front door, explaining they’d visited about arrears on his loan.

This is most certainly a data privacy breach, as Mr M’s personal details and financial circumstances were on full display, and anyone could’ve seen it. The Financial Ombudsman told the debt collector to offer Mr M £400 for the worry and embarrassment for their actions. There are many of these occasions that would constitute as a data protection breach and warrant action under the DPA.

Your financial circumstance is highly sensitive data. If you believe it’s been wrongfully used or leaked, please don’t hesitate to contact us. Our dedicated and experienced team of lawyers may be able to proceed with your claim.

“Spying in schools becoming the norm” – More than 1,000 schools use software to monitor their students online use

Sports Direct yet again under fire after reportedly hiding a data breach that compromised 30,000 employees’ personal data.