The complainant ('person A') was refused a loan to buy a car. He made an access request under section 4 of the Data Protection Act to a credit referencing agency in order to see his credit record. His record showed that he had borrowed a sum of money from a certain financial institution ('Institution X') some years previously, and that this loan had not been repaid. His record also showed that a number of other financial institutions had recently made enquiries about his credit record.
The complainant received a letter from a bank inviting her to convert her local authority housing loan to a housing loan provided by that bank. The bank informed the complainant that the offer was unique to people who held mortgages from the local authority in question. The complainant queried this matter with her local authority. It admitted that it had passed names and addresses to the bank, in order to allow the bank to advise people of its re-mortgage facilities. The local authority said that no loan account details had been passed to the bank.
A parent contacted my Office to complain that the local primary school was publishing personal details of pupils on the school web site, without the knowledge or consent of parents. The details included photographic images of named individual pupils, as well as general details volunteered by pupils regarding their hobbies, likes and dislikes.
The complainant received a phone call from a market research company carrying out a survey. As his telephone number is ex-directory, the complainant asked how this had been obtained. He was given to understand that his phone number had been obtained from the telephone service provider.
The complainant and another person held a joint account with a bank. It came to the complainant's attention that her name was not included in the details of the account kept by the bank. The bank undertook to correct the omission. Subsequently, the complainant found that the name which was recorded on the account was not her own, but a name similar to hers that could be regarded as having a certain public notoriety
A retail company sought advice from my Office on the extension of its loyalty card scheme to a new outlet. In the normal course of events, customers become members of the loyalty card scheme by making an application at any of the company's retail outlets.
Use of telemarketing company in the management of customer accounts - transfer of data to agent not disclosure - obligation of data processors to register. The complainant received an unsolicited telephone call from a telemarketing service company. The call was in connection with the complainant's account with another company (the 'supplier company'), not the telemarketing company.
A large organisation, whose staff are employed at several locations throughout the country, used a central database to record information relating to its employees and their work. The complainant questioned the security arrangements in respect of his personal data, and the extent of access to such data throughout the organisation.
A number of people complained to me of having received unsolicited mail from a direct mailing company. They wished to establish how the company concerned had obtained their names and addresses and also wished to have their personal data deleted from the company's database.
A person complained to me that details of his bank account had been disclosed to a close relative by his bank. The bank account details had been posted to the relative. The bank acknowledged that the complainant's bank account data had in fact been addressed (as a result of an administrative error) to the relative.