Who Do I Complain to Regarding Third Parties?

Q.

How or who do I complain to over a company who have passed my banking details to a third party?

Is this a breach of the data protection act, as well as a breach of the advertising regulations?

A.

Yes, this would definitely constitute a breach of the Data Protection Act and you have the right – and are actively encouraged - to seek a satisfactory resolution for this security violation.

The Data Protection Act

If a third party company is able to see your banking details without permission then this constitutes unlawful access. The Data Protection Act has been set up to provide rules to prevent such kinds of unauthorised access to personal data and information.

When you agreed to a transaction with the company and they accepted your personal details, they did so under the proviso that they follow strict rules of good practice for handling sensitive information, as outlined by the Data Protection Act. By passing your banking details onto a third party, they have breached this law. It doesn’t make any difference if they did this knowingly or not, it is still their responsibility and you are entitled to receive some kind of appropriate resolution.

Obviously the extent of measures to resolve the issues will depend on the damage that has been caused by the security violation.

Complain To The Organisation Responsible

You should begin by writing a complaint letter to the organisation guilty of committing the breach. By doing this you will give them an opportunity to put things right. Most data protection issues can be solved satisfactorily without the need to get anyone else involved.

Information Commissioner’s Office

If after contacting the company you have still failed to receive a satisfactory resolution then your next step is to contact the Information Commissioner’s Office (ICO). This is an independent UK authority that has been set up to protect personal details, as well as promote access to official information.

They will investigate the complaint and if they conclude that the Data Protection Act has been breached then they will advise the company and request that it solves the issue. If necessary then they will order it to do so. For them to do this you will of course need to support your complaint with any evidence or information you have relating to the issue.