Things you really need to know
- 1 Do understand that your claim against your bank could end up in a Court!!
- 2 Are you claiming for a business?
- 3 Are you in scotland and want to claim £3000 - £5000?
- 4 Filing your Data Protection Act claim at court - guidelines
- 5 Data Protection Act FAQ's
- 6 Can I claim back beyond 6 years?
- 7 Rules Of Engagement
Do understand that your claim against your bank could end up in a Court!!
Since posting of Case Guidance Notes there have already been a number of messages expressing shock that cases might actually go to court.
You must assume that the claim you are making will end up in court. You must understand the issues and be sure that you could take your claim all the way if necessary.
This is not a get-rich-quick scheme.
Are you claiming for a business?
If you trade under the umbrella of a limited company, any claim for refunding of bank charges must be made by the company itself and normally will not affect you personally. A similar set of circumstances will apply to the company as the situation described below applies to you personally, but the advice of a fully qualified accountant will always be recommended.
If you have claimed as deductible expenses against self-employed income any bank charges which are subsequently refunded, those refunds must be declared on the tax return pertaining to the period in which the refund was made.
This can be done by reducing the bank charges paid in the same period of the refund. If this results in a negative figure it can be entered as a negative cost or as other trading income received.
This will have the unfortunate effect of increasing your taxable profits (or decreasing your trading losses); and although you may not wish to do this, you are in fact required to do so by law.
If HM Revenue and Customs were to discover an omission of such a declaration, they will re-assess your tax liability and may impose fines, penalties and / or interest.
Note that any receipts from the bank in excess of that which you had claimed as a tax deductible expense will be treated separately as a personal receipt. How this excess is treated will depend on your personal tax situation.
You are recommended to seek the professional advice of a qualified accountant if you are in receipt of such refunds and are in any way unsure of how to treat them on your tax return.
Are you in scotland and want to claim £3000 - £5000?
What is a summary cause?
A summary cause is a type of court procedure. You do not need to use a solicitor, but you can if you wish. If it relates to payment of money, it is used where the value of the claim is over £3,000 up to (and including)£5,000 . A summary cause can only be raised in the sheriff courts.
Still inexpensive to arrange, Summary Cause lets you claim more than "small claims in Scotland"
Ordinary cause rules will apply in cases over £5,000
Scottish Sheriff Court Locations
Filing your Data Protection Act claim at court - guidelines
We have had our first experience of filing a claim for non compliance with a Subject Access Request under section 7 of the Data Protection Act.
The first thing to understand is that under the Small Claims Procedure you can apply to any kind of remedy - not only money. However, it is unusual to apply for non monetary remedies using the small claims procedure.
The court officials told a user that he needed a form N244 - Application Notice. They told him that he was making a pre-action application. This was not true. A claim under the Data Protection Act is a substantive claim and not "pre-action".
The court staff were clearly confused and were really just trying to rely on previous experience to do with this matter. They eventually agreed that an Application Notice would not be the correct form and they then said that the Data Protection Act claim should be started using a part 8 claim form. However a part 8 claim form would automatically begin a court action off the small claims track!!
Eventually, after much insistence, the court manager was called but he also seemed to be rather confused. The problem is that the Data Protection Act claim did not contain any figure the damages and it was this that made the court staff believe that it had nothing to do with small claims. Our User persisted and eventually was allowed to commence his claim on an ordinary N1 to which he paid a fee of £30.
Of course it will be for the judge managing the case to decide whether the claim should stay on the small claims track. However it is a simple matter, there are no issues of law, there are no large sums of money, it is completely suitable for small claims track.
Data Protection Act FAQ's
This FAQ needs some careful reading
The challenge to the charging of excessive penalties by the banks and credit card companies involves a number of important Data Protection issues. These issues include the obtaining of information (Subject Access Requests – SARs) from the banks as to the unlawful charges which they have levied and very importantly the entering of defaults on bank customers in the credit files of Credit Reference Agencies.
We consider that it is beyond question that to enter a default in respect of a debt which is comprised entirely (or even remotly) of unlawful penalties is an abuse of the bank’s privileged access to the credit register. We are completely satisfied that such a default entry is a breach of the Data Protection Act 1998 and that it is also defamatory.
We hope that victims of unlawful penalties who have been defaulted in this way will soon start to make complaints about this aspect of the penalty charges in addition to merely claiming the return of their money.
We would expect that the victims of defamatory default notices would be able to recover damages both from the banks and from the Credit Reference Agencies.
For this reason an analysis of the Data Protection Act has been carried out and the following FAQ has been prepared. Hopefully it is not too complicated and no doubt it will be refined and expanded as User comments are received. Ideally this FAQ should be read in conjunction with the Data Protection Act which is linked in the library and also the helpful pamphlets published by the office of the Data Protection Commissioner whose website is also linked in the library
Q. What is The Data Protection Act 1998?
A. It is a law which seeks to give protection to individuals in respect of personal data which is held about them and in respect of the way that this personal data is handled. The UK Data Protection Act derives ultimately from Art.8 of the Convention on Human Rights which guarantees the right to privacy of the individual.
Q. What protections does the Data Protection Act give me?
A. The entire Data Protection regime is subject to 8 principles:
1. Personal data must be processed fairly and lawfully
2. Personal data may be obtained only for purposes which have been specified to the Data Protection Commissioner and may not be processed for other purposes.
3. Personal data must be adequate, relevant and must not exceed what is needed for the specified purpose
4. Personal data must be accurate and kept up to date.
5. Personal data must not be kept for longer than is necessary
6. Personal data may only be processed in accordance with the rights of data subjects under the Act.
7. Personal data must be secure against abuse, loss or destruction
8. Personal data must not be transferred to jurisdictions outside the European Economic Area which do not have acceptable levels of protection. (All jurisdictions within the EEA are assumed to have acceptable data protection)
Q. What is a “data subject”?
A. It is YOU.
Q. What is a “Data Controller”?
A. Any individual, group of individuals or company or other organisation which controls the processing of personal data about you.
Q. What is the Data Protection Commissioner?
A. He and his office are appointed by the Crown and by the Lord Chancellor to supervise the application of the Data Protection Act. He is independent of Government. He has various powers of enforcement in respect of breaches of the Data Protection Act.
Q. What is “processing”?
A. Processing is very wide and seems to include any activity relating to personal data including collecting it, holding it, operating on it in any way or disclosing it or passing it on to third parties.
Q. What is “personal data”?
A. Personal data is any information about you which can be linked back to you as an identifiable data subject either on its own or by the use of identifiers allowing it to be matched with some other data which may be held about you by some other data controller.
Q. Does the Data Protection Act apply only to computerised information?
A. No. It applies also to manual filing systems as long as they can be said to be “relevant filing systems”.
Q. What is a “relevant filing system”?
A. A relevant filing system is an attempt to bring manual non-computerised personal information under the protection of the Data Protection Act. The Data Protection Act defines a relevant filing system as a collection of information which relates to individuals and which is structured by reference to those individuals or by reference to criteria relating to those individuals so that specific information relating to a particular individual is readily accessible. (S.1 (1))
Q. I want to find out what personal data my bank has about me. May I do so?
A. Yes. You are entitled to make a Subject Access request (S.A.R - (Subject Access Request)). You can ask for all data which is held on you or you can limit your request to particular data which you specify. (s.7)
Q. How do I make the S.A.R - (Subject Access Request)?
A. You must make your request in writing. The bank is entitled to charge a maximum fee of £10 for this. (s.7 (2)) You are entitled to make further SARs at reasonable intervals.
Q. Where do I send my request?
A.The Bank will have registered its address with the Data Protection Commissioner. You can search the database at
Mark the envelope for the attention for the Data Controller. Send this through your local Post Office and be sure to obtain a FREE Certificate of Postage. Do not throw away the posting slip until you have received the information you have required.
Q. The Bank says that I must fill in a form. Do I have to do this?
A. The bank is entitled to ask you for such information as it reasonably requires to satisfy it as to your identity. (s.7 (3))
Q. How long does the bank have to comply with my S.A.R - (Subject Access Request)?
A. Once the bank has received your written request, the fee that it requires and has satisfied itself as to your identity, it must satisfy your request promptly and in any event within forty days. (s. 7(10))
Q. My bank says that information about me contained in a microfiche system is not contained in a relevant filing system.
A. This is not correct.
Q. My bank says that they will not comply with my Subject Access Request as to do so would require a disproportionate effort.
A. The justification of “disproportionate effort” is contained s.8 (2)(a) of the Data Protection Act. However, disproportionate effort relates only to the difficulty of supplying the data disclosure in hard copy. There is no definition of what is meant by “disproportionate effort” but commentators have suggested that it probably refers to data which is in image form or maybe as recorded sound.
We would suggest that there is no such difficulty with the provision of banking data and that the bank is probably in breach of s.7 Data Protection Act and that there are grounds for a complaint.
It is certain that s.8 (2)(a) is not intended to undermine the Subject Access Right in the Data Protection Act. This is a guaranteed right. Where there might be a difficulty in providing a hard copy disclosure then it is certain that the Data Controller would have to facilitate the disclosure in some other way – possibly by allowing personal inspection.
The Consumer Action Group will be contacting the Data Protection Commissioner to clarify this point. Watch this space
Q. My bank will not let me know who I should apply to for a Subject Access Request.
A. One of the tests of fair processing under the first principle is whether the Data Controller has supplied you with certain information. This includes the name of their Data Protection representative if one has been appointed. The role of Representative has not been defined by the Act and it is not obligatory to appoint one but we feel sure that any organisation the size of a British bank will have appointed a person to be responsible for Data Protection and we feel that this person would be the Representative for the purposes of the Act. If they do have a Representative then they are obliged to let you know who it is. Therefore it would be a breach of the first principle not to supply this information and therefore a ground for a complaint. The Consumer Action Group will be contacting the Data Protection Commissioner to clarify this point. Watch this space.
Q. Do I have any other rights under the Data Protection Act?
A. Yes. Insofar as the areas of interest to this Forum: You have the right to contact your bank directly to require them either to stop or else not to begin any processing which is likely to cause substantial damage or distress.
- You have the right to complain directly to the Data Commissioner about any activity which you believe is a breach of the Data Protection Act.
- You have the right to apply directly to the Court for compensation.You have the right to apply for an order for the breach to be rectified, blocked, erased or destroyed.
- You may opt to choose any or all of these courses of action.
1. Your right to contact your bank to require them either to stop or else not to begin processing which is likely to cause damage or distress. (s.10)You have a right to serve a notice on the data controller.
Your notice must give the reasons why you believe the processing will cause you damage or distress and must say why the damage or distress which you would suffer would be unjustified.
The Data Controller must respond within 21 days with a written notice stating either that he has complied with your request or else stating why he will not comply.
If the Data Controller will not comply with your s.10 request then you may seek an order from the court.
You are not entitled to serve a s.10 notice where you have agreed to the processing of the personal data.
In principle it would be true to say that you have agreed in your bank contract to the processing of personal data. However, we believe that you are entitled to make a s.10 request in respect of unlawful bank charges as it could never be said that you agreed to be treated unlawfully by your bank.
A section 10 Data Protection Act notice template is now included in the template library
2. Your right to complain directly to the Data Commissioner about any activity which you believe is a breach of the Data Protection Act.
Under s.42 of the Data Protection Act if you feel that personal data relating to you has been processed in any way which is contrary to the Data Protection Act you have the right to request the Data Protection Commissioner to make an “assessment” (meaning to conduct an investigation). The DPC has the power to enforce cooperation with his investigation and if he finds in your favour he may order rectification, blocking or erasure of the personal data or any expression of opinion which is based on inaccurate data.
3. Your right to apply directly to the Court for compensation.
S.13 Data Protection Act allows a court to award compensation for damage and also for distress if that distress is accompanied by damage where the damage and distress is cause by contravention of the Act.
Under English Law “damage” generally refers to any kind of harm which is discernible and can be valued in money terms. Increased cost of credit is certainly a good example. Possible heads of damage would have to be examined on a case by case basis. Distress would be best off being recorded by a psychologist or therapist but a court would probably be prepared to consider any distress which was properly documented as long as it accompanied “damage” as required by s.13(2)(a) of the Act.
4. Your right to apply for an order for the breach to be rectified, blocked, erased or destroyed.
S.14 allows the court to order the rectification, blocking, erasure or destruction of date which it is satisfied is inaccurate. Where the date is simply an accurate record of the information which has been received but the contents are untrue, the court may simply order that a statement of the true facts is added to the data. The Court may also order that the fact of the rectification, blocking, erasure or destruction be notified to any third parties to whom the inaccurate data has been disclosed.
If the court is satisfied that any other requirement under the Data Protection Act has been contravened in circumstances which would allow compensation to be awarded then the court may also order the rectification, blocking, erasure or destruction that data if it is also satisfied that there is a substantial risk of a repeat contravention. It may also order the notification of third parties to whom that data has been disclosed.
Q. So which route is the best to take?
A. Which ever course of action you choose to follow we would strongly urge you to be able to demonstrate that you have made a serious attempt to deal with the problem by means of a dialogue with your bank.
We would suggest that you do this by means of a preliminary letter asking for a response within 14 days. This should then be followed by a s.10 notice giving another 14 days. After this you can make your complaint to the Court or to the Data Protection Commissioner as you wish.
Q. But what are the pros and cons of a direct complaint to the Data Protection Commissioner?
A. If you want no stress, no hassle, no cost, no direct contact with the bank in the context of a court confrontation then the Data Protection Commissioner is the way to go. You make your complaint, the Data Protection Commissioner makes his investigation and eventually contacts you with his findings.
The disadvantages are that the Commissioner has no power to order compensation. You would still have to bring a court action for this. However, it is unlikely that there would be a problem doing this if you could show that you had already made a successful complaint to the DPC.
Another problem is that we are not aware that the Commissioner is subject to any set timescales for action or that you as a complainant would be made party to the evidence which was received by him from the bank. However, we shall be making enquiries of the DPC to ascertain the exact situation.
If the DPC is capable of providing a rapid and transparent procedure which is capable of challenging aggressively the technique of delay and prevarication which has been experienced so far by many Users of The Consumer Action Group forum then we would recommend this course of action as opposed to court action.
A final comment is that the Data Protection Commissioner has only a small staff dealing with the banking type of dispute. If too many people complain to the Data Protection Commissioner there is a serious risk that his staff will be swamped and may not be able to deal effectively with complaints. This would provide no benefit to anyone except possibly to the banks. Once again, we are in contact with the Commissioner’s office to try and resolve this problem.
Q. What are the pros and cons of a direct complaint to the Courts?
A. As long as you restrict the value of your claim to below £5000 your case should be allocated to the Small Claims Track. Beginning a claim in the County Courts is quite straightforward, there are clear timescales for action by both sides. Evidence is presented openly and it is clear that County Court judges are impartial. The Court process has “bite” and it is clear that the banks have respect for it.
In addition to requiring compliance with the Data Protection Act the court can also award compensation.
On the downside, there is the cost of issuing the action and of filing the allocation questionnaire – although these costs will be recoverable in the event of a successful claim. If the banks decide to challenge your claim then the case will have to be heard and this means that you will have to present your case in court. (If this worries you then see the guidelines in the library).
There is also a small risk – as with any claim that the matter may be allocated to a higher track and that this could result in a risk of some costs if you lose.
Can I claim back beyond 6 years?
The Limitation Act 1980 says that claims in contract which relate to breaches more than 6 years old are barred from recovery because too long a time has passed.
However, s.32 (1) (b) of the Act says:-
32.(1) .... where in the case of any action for which a period of limitation is prescribed by this Act, either-
(a) the action is based upon the fraud of the defendant; or
(b) any fact relevant to the plaintiff's right of action has been deliberately concealed from him by the defendant; or
(c) the action is for relief from the consequences of a mistake;
the period of limitation shall not begin to run until the plaintiff has discovered the fraud, concealment or mistake (as the case may be) or could with reasonable diligence have discovered it....
The OFT by their investigation has announced that at least all charges more than £12.00 are unfair in that they are most unlikely to represent the true costs of a breach of the banking contract. Also the OFT has made it clear that this is their tolerable maximum before automatic intervention and that charges will normally be much less than this figure. (OFT Report, April 5th, 2006)
The OFT has based their conclusion upon evidence provided by the banks and by their own research. Therefore we can reasonably conclude that the banks must have known this all along.
The banks have always refused to reveal their costs - even to a Treasury Select Committee and certainly to their customers. Most customers have received letters in which the banks have claimed that their charges have been fair and reasonable.
It seems quite reasonable to infer that the banks must have concealed the information and therefore the cause of action and that this has been done deliberately.
Of course, the test is simple. If the bank agrees to go to court with you, then simply ask them at the hearing if they will say what their costs are. The Bank will probably refuse to do so.
This refusal alone would probably establish the deliberate concealment.
The six year period should be calculated from the date of issue of your claim.
Section 5 of the Limitation Act states that the action must be brought within 6 years of the cause of action, ie. when the charge was made. The act also defines 'action' as meaning court proceedings. Practice Direction 5.1 (CPR Part 7) also defines the bringing of the action as the date the claim form is issued.
If you would like to try and claim your charges as far back as you have ever paid them, you should try to do so.
However, do note that you will only be able to rely directly on the Unfair Terms in Consumer Contracts Regs.1999 if your bank contract was entered into post 1995
As long as they are less than £5000 you will be claiming on the Small Claims track.
If the figure rises to between £5000 and £15,000 your claim will go onto the Fast track. This will means a limited cost penalty but you may think that it is a worthwhile risk for a larger claim.
It is likely that the banks would argue strongly against the application of s,32 (1)(b) of the Act.
You should state the limitations argument in your particulars of claim.
Rules Of Engagement
1. If you phone the bank asking for charges back and they offer a partial refund; accept the offer, but inform them that you will be writing asking for a FULL refund. If this is denied then legislative action will follow within 7 days.
2. If you write asking the bank for a full refund and they offer a partial refund; accept but write back informing them that if they do not refund the outstanding amount, legislative action will follow within 7 days.
3. If you do not know the amount that they owe you over the past 6 years, then write to them asking for a comprehensive list of charges. Make sure that they are aware that they are obliged under the Data Protection Act (1998 ) to furnish you with this information within 40 days of receipt of the request. If they deny that bank statement information is covered by the act, refer them to the Durant v FSA (2004) case, in which the judge presiding ruled that ALL bank statement information is personal information and is indeed covered by the Data Protection Act.
4. If, once action has been taken, you receive a letter from a their appointed solicitor claiming that they will not pursue you for costs if you drop the case now, write back stating that you will drop the case for a full refund plus costs and interest and nothing more. If the claim is under £5k it is extremely unlikely that they will be awarded costs in the unlikely event that you lose the case.
5. If, once action has been taken, you receive a letter from a their appointed solicitor offering a partial refund, write back stating that you will drop the case for a full refund plus costs and interest and nothing more. Remember, this money is legally yours.
6. Once a full refund has been obtained, inform the court immediately, either by phoning or writing.
7. Do NOT get angry at the telephone operative in phone calls - this will not get you anywhere. It's just a person doing their job. If they repeat themselves and keep quoting the terms and conditions of the account ask to speak to a supervisor, if they do the same keep escalating the call to the next level, insisting on taking a name and number and possibly an email address of each person you speak to.
This posting is the personal opinion of the poster and does not constitute sound legal advice, although each opinion expressed is held in belief by the poster. The Consumer Action Group and/or the poster will not be held responsible for any loss resulting from the following of the rules.