Donate SIGN UP

Data Protection Act loopholes

Avatar Image
David H | 02:04 Thu 12th Jan 2012 | Law
8 Answers
The purpose of the Data Protection Act was to stop unauthorised third parties accessing our data. Therefore people calling hospitals to ask if their friend or relative is there, or OK, are banned from being replied to, but Insurance companies sell claimants details to lawyers. How do they get round the law, that was why it was written, not to stop people calling hospitals.
Gravatar

Answers

1 to 8 of 8rss feed

Avatar Image
The DPA specifically allows customer databases to be sold where customers have consented to such a sale.

So, for example, when you purchase insurance from a company which intends to sell your details, the "small print" (in perfectly readable sized print) will inform you that by purchasing the policy you consent to any future sale of your...
02:53 Thu 12th Jan 2012
> Therefore people calling hospitals to ask if their friend or relative is there, or OK, are banned from being replied to

That's never happened to me...
Question Author
It's one example of many I have heard, it may not be endemic but tends to be the way most organisations apply it. Or refusing to allow your own father to help you on a law related call despite me asking if they will speak to him as he is qualified. That sort of thing. In fact virtually any way to be as obstructive as possible to people who are making enquiries about someone who wants them to, but continue to share the data with people who actually make them money.

That is the actual question, and if there's a loophole which apparently seems to skirt the complete purpose of the act then it ought to be appended or just repealed as a bad job. DVLA still sell our details to private clamping firms even when they may be breaking the law in clamping people illegally as another example. It appears regardless of endless examples of where the act is used in ways outside its ambit the one exact reason it was written in the first place is clearly not enforced and there must be a clause they are using to wriggle out of what the law was written for.

Having studied law myself I am stumped, otherwise I'd not have asked here as it's a rare time I've seen a law pretty well not be applied as written. There is a rule of statutory interpretation called 'The mischief rule' ie when not sure the judge looks to see why the law was written. I can answer 'To prevent third parties accessing our private information without consent or legal authority'.

Selling claimant's details on is a typical example of this, if the judges have apparently found a reason not to enforce this (it must have gone to court once at least as such a situation is normally tested by well-heeled complainants very soon after a statute is law) and as I'm not in practice haven't the resources to dig up the cases myself and my father's been retired over 20 years.
The DPA specifically allows customer databases to be sold where customers have consented to such a sale.

So, for example, when you purchase insurance from a company which intends to sell your details, the "small print" (in perfectly readable sized print) will inform you that by purchasing the policy you consent to any future sale of your details.

The details and application of the DPA are readily accessible on the ICO website so how you were stumped on this issue has stumped me.
Question Author
Ah, a 'read the contract' situation. Which of course is a massively wide scope to contract out of most statutes basically except the ones which say they can't do. At least that is legal although whether ethical considering even many lawyers probably don't read everything on the policies once the basics have been covered as most people altogether are pretty much too busy which they clearly rely on.

But when mine comes round later this year I will let them know I do not consent to that. If a contract includes a term as a standard form without an option to challenge that is not consent, it should always be possible to reject, and up to a court to decide per contract. But car insurance is universal and if they all do it then it will not stand, I can probably find blanket case to cover all future attempts to foist terms against public policy/statute in, and if there is no choice to simply 'go elsewhere' (the reason some are allowed) I can't see that working. It's a shame no one's asked me to challenge one, I'd enjoy the process although I'm not allowed to charge as not practising but can help people for nothing like an unqualified driving instructor.
i'm sure DPA applies to written info - not someone calling to ask if someone else is there!.. If so am i breaking the DPA everytime someone calls and asks for my husband and i go and get him - revealing that he is indeed there?
David you are quite correct, the Data protection Act 1998 is much abused, not understood, and used as an excuse not to co-operate and often misunderstood, though if you were able to identify yourself on the telephone and authorise the organisation to whom you were speaking to talk to your Father they should have done so, though they may argue they need written consent, which, as you will know, is not correct.
Keep up the pro bono publico work.
Bedknobs, I think you are safe; your husband would have given implied authority, which is what a hospital ward would no doubt argue.
Question Author
I'm fully aware that when blocking normal phone calls they are almost definitely doing the same as police who stop people in the street taking photos. A new law is written that creates a few specific restrictions, and they use it to cover everything, either deliberately or because no one there has ever gone through it to learn the rules.

Not allowing access where it should be is wrong but not illegal, but allowing it where it should not is simply breaking the law blatantly. If there's a clause allowing to contract out that is allowed by mutual consent only, and a standard form contract only implies mutual consent. It is always open to a challenge or a total rejection, and if a case is then made the decision will be binding until a new one comes from a higher level. But if every car insurance contract contains this clause already then no one is bound by it prima facie, and should either send back the contract with the term crossed out (which we are always entitled to do) or take them to court after the event, assuming you can afford it. So far neither appear to happen and people just wait and hope the government will decide to ban it. It may be a long wait.
Question Author
It seems the UK isn't alone, I've copied a story from another discussion from Canada. I don't know their law but they certainly apply it the same way when it suits them.

"Last year my husband had a craniotomy to repair a disturbingly huge brain aneurysm (which hadn't burst yet, thankfully). On Day One he was in ICU. I had to provide ID to see him at all and was told to leave after 15 minutes because there were 5 other patients in the room and somehow (although I hadn't said a word) I may have been disturbing them. Further, they said that I could not be privy to followup exams/discussions with my husband due to "privacy rules". Yup, been with him for 37 years now, but I was not "entitled" to know either his prognosis or his treatment, even though I had a signed, authorised proxy form on my person. I came back to see him the next morning (again, during designated visiting hours) and was told he was not in ICU and they didn't know where he was. "

Whether or not any law really does this (and I very much doubt it) it makes it very convenient for those with uniforms and hats to do as they please.

1 to 8 of 8rss feed

Do you know the answer?

Data Protection Act loopholes

Answer Question >>

Related Questions

Sorry, we can't find any related questions. Try using the search bar at the top of the page to search for some keywords, or choose a topic and submit your own question.