Announcement

**Never-In-Doubt** · 8 April 2015, 22:37

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

We are DPA registered too mate. The way it works is a mixture between ICO guidelines and HMRC Business rules. The ICO are quite specific in that they stipulate you can only process data for as long as is relevant. For example whilst the customer holds an account. Once the customer no longer has a LIVE account the historic data is archived and purged anytime after 12 months.

However HMRC state businesses must retain financial records for at least 6 years from closure of account which really means that coupled with the ICO guidelines, a business should retain all data about the subject (customer) from the day of first account or service inception until 6 years AFTER closure of any remaining accounts or services.

So if a bank only provides 6 years data on a 12 year account they're in breach of DPA and you can complain to the ICO followed by a complaint to the FOS. The FOS would then determine if, as a result of the bank destroying "live" historic data, you were / are in a worse off position. If they lose / destroy paperwork then the FOS estimate in your favour if it's a case of the bank offering a derisory refund for instance.

However, you are the data subject hence we always say it's a SAR (subject access request). You're the subject requesting all data held about you. Some banks only send account specific data - another breach. It's EVERYTHING about YOU (the data subject).

**Bill-K** · 9 April 2015, 00:49

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Of course - I should have remembered that you see the DPA from 'the other side of the counter,' as it were, Niddy - and I appreciate your explanation of the way it all works. So it appears that for an account that is still 'live,' the firm must keep records going back to account inception - and that of course concurs with the CCA s.77-79 principles. But for an account that is now closed, the HMRC rules stipulate that data only needs to be retained for 6 years after the closure date - and therefore we should still have full access to it. So for an account closed in May 2009, we should still have access to data going back to May 2003 ? That is probably what AC was mentioning as regards the Money-Laundering Regs. - although it may simply be to encompass DSAR's where mortgage accounts were involved, as they get 12 years, I believe.

As regards the 'account-specific' data - yeah, I get that. Putting account numbers in a DSAR is to assist the DPO, but they will sometimes abuse that help and restrict the data to just those accounts. What is needed is as much 'Data Subject' info as possible, such as previous surnames & addresses etc. - and perhaps a paragraph to make it clear that 'account-specific' is not good enough.

**Never-In-Doubt** · 9 April 2015, 09:44

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Bill,

Below is a SAR that was proof-read by a solicitor and does indeed cover everything that would be required by a data subject, within a SAR. You are free to use / edit as you please.

Dear Sirs,

Reference: 123456789

Subject Access Request - S.7 Data Protection Act 1998

Please supply me with a copy of all information your company hold on me including a list of accounts and details of payments along with copies of statements.

Under the Data Protection Act 1984 and 1998, and including the right of subject access under these acts, I hereby request that you supply me with any and all historical data in your possession which relates to me and that I am entitled to under section 7(1) of the Act.

If you store any of the older records on microfiche, please be aware that the Information Commissioner deems this to be a relevant filing system under the Act. As such, any microfiche data must be sent to me in fully legible and comprehensible form.

Additionally, where there has been any event in my account history over this period which has required manual intervention by any member of your staff, or any other person, I require disclosure of any indication or notes which have either caused or resulted in that manual intervention, or other evidence of that manual intervention in relation to my business with you.

If you are unable to supply this data because there has been no such manual intervention, then please be so kind as to confirm this in your response.
For the avoidance of any and all doubt, I reiterate:

I hereby request that you supply me with any and all historical data in your possession which, in any way appertains to me, including (but not exhaustively) a copy of the original signed executed agreement; statements of account; duplicate statements and/or print outs of all account transactions; all internal and external correspondence sent or received by you including memo’s, logs, notes, screen prints and transcripts; notes of manual interventions such as telephone attendants' notes, copies of stored telephone conversations, internal and external emails; any other information held on all types of media in any relevant filing system (microfiche included). If you have disclosed any information to a third party (with or without my express permission), will you please include details of this in your reply, along with notes of any legal action passed or pending (to include a true copy of default notices, court orders and the like).

Where any information that you provide includes any charges, for example returned payments, late payment fees, and so forth, would you please advise your breakdown of actual costs (liquidated damages) incurred for each charge, and the Term or Condition on which you rely upon to claim such a charge.

I also require that you forward a true copy of the Terms and Conditions that were in force at the time my account was opened, and any subsequent amendments to those Terms and Conditions.

I enclose the statutory maximum fee of £10.00 to access ALL data held by you about myself.

You should be fully aware of your statutory obligations under the Data Protection Act and that any failure to comply with this request will involve a complaint to the ICO as well as potential legal action.

You have 40 days in which to comply with this request and note that this request has been sent Recorded Delivery so I can ensure compliance on these issues comply within the legislative time frames.

Yours faithfully,

Type Name Here

**Bill-K** · 9 April 2015, 15:43

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Thanks for posting the DSAR here, Niddy - and I must say that sure seems like a magnificent and comprehensive job !!!

**Tuttsi** · 9 April 2015, 17:32

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Thanks Niddy

I will use that SAR as I believe it covers everything that I require.

Bill, should I send a SAR to both Sentinel as well as MasterCard, what is your suggestion? MasterCard took the money, I have never really had any direct contact with Sentinel, but I am sure interest(ed) (excuse the pun) it getting the max amount back for their wrong doing.

Tuttsi x

**5corpio** · 9 April 2015, 19:29

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

CPP card and identity protection compensation scheme closure - latest on blog and back dates - HERE

**Never-In-Doubt** · 9 April 2015, 22:44

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Originally posted by Tuttsi View Post

Thanks Niddy

I will use that SAR as I believe it covers everything that I require.

Bill, should I send a SAR to both Sentinel as well as MasterCard, what is your suggestion? MasterCard took the money, I have never really had any direct contact with Sentinel, but I am sure interest(ed) (excuse the pun) it getting the max amount back for their wrong doing.

Tuttsi x

Mastercard is a brand - you can't SAR Mastercard. You'd usually SAR whoever you took the agreement out with, ie Lloyds. However for your purposes and for completeness Id send one to Sentinel as well. They will have different details to the bank plus they'll likely show the commission paid to the bank for your referral.

**Bill-K** · 10 April 2015, 01:39

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Interesting blog link 5corpio - I particularly like:
" The Financial Ombudsman Service can consider complaints that are within the scope of the scheme but has to determine them based on what it thinks should have been decided under the scheme rules. "
This implies that the door may still be open in some cases - but of course, it depends on the FOS to decide - so don't expect it to be easy-peasy !!!

Further down, we have this:
"Compensation scheme results
By 5 March 2015, the scheme administrators paid £451m of compensation to 2.37 million claimants, an average of £190 per claim. This represents a response rate of 33.9% of all potential claims. "

So - doesn't that mean that around two-thirds of those who were mis-sold CPP policies never received any redress ? That means that CPP got away with around £900 million - thanks to the FCA's nifty little 'Scheme' - and that is just the tip of the iceberg when we consider the CPP-associated account interest that the lenders have quietly pocketed from mis-selling CPP over the years.

Originally posted by Niddy

However for your purposes and for completeness Id send one to Sentinel as well. They will have different details to the bank plus they'll likely show the commission paid to the bank for your referral.

That's an interesting thought as regards the commission, Niddy. Sending 2 DSAR's looks like a good move. You may even be able to reclaim the DSAR cost as part of your redress, Tuttsi !!!

**Tuttsi** · 10 April 2015, 11:52

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Niddy, it is Barclaycard who run the MasterCard account. I never signed up to my knowledge for this and just accepted that this was normal in the days when we did not have access to wonderful web site like this.

Bill, I will send two SAR's request then one to Sentinel and the other to Barclaycard (MasterCard account) that should be very interesting, the cost of £20 is nothing compared to the interest that they owe me for taking this money unlawfully.
Tuttsi x

Originally posted by Never-In-Doubt View Post

Mastercard is a brand - you can't SAR Mastercard. You'd usually SAR whoever you took the agreement out with, ie Lloyds. However for your purposes and for completeness Id send one to Sentinel as well. They will have different details to the bank plus they'll likely show the commission paid to the bank for your referral.

**Never-In-Doubt** · 10 April 2015, 23:33

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Barclays will blame loss of data on the Iron Mountain fire. Good luck with this

-> http://forums.all-about-debt.co.uk/s...l=1#post343809

BBC -> http://news.bbc.co.uk/1/hi/england/london/5175568.stm

**Bill-K** · 10 April 2015, 23:37

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

I agree Tuttsi - I reckon you should easily get the £20 back.

Remember - don't make the DSAR's specific to any one account, as you may be restricting the data they send you. I believe you can also send a DSAR to cover both joint and single accounts if you both provide your names and both sign the DSAR. Providing previous addresses may help, as well.

I think what Niddy was saying about 'Mastercard' is that it is a 'type' of card, in the same way that 'Visa' is another type of card - so it would normally be the lender/card-provider who you DSAR and who you claim from. This appears to be Barclaycard - but that seems odd to me, as I thought Barclaycard were of the 'Visa' persuasion.

Iron Mountain appear to have a bad record for losing their data through fires - coincidence or convenience, I wonder !!! Storing data in hardcopy paper form, with no backup copies anywhere seems a bit odd to me, when most of the DSAR data I see appears to have been printed from computer-held records. Sure - original agreements & similar docs must be held as hardcopy - but I can't see that scanning such docs for DPA purposes can be that impossible.

Hopefully, AI/Sentinel will not try the Iron Mountain excuse - so their data may be complete. I don't know how to check where they store their data, but it may be worth trying to find out - in case they 'try it on.'

**Never-In-Doubt** · 10 April 2015, 23:40

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Originally posted by Bill-K View Post

I agree Tuttsi - I reckon you should easily get the £20 back.

Remember - don't make the DSAR's specific to any one account, as you may be restricting the data they send you. I believe you can also send a DSAR to cover both joint and single accounts if you both provide your names and both sign the DSAR. Providing previous addresses may help, as well.

Indeed. A joint SAR is useful on joint accounts. Saves buying one each - and as you say, just both sign it and you're saving a tenner.

#frugal

**Tuttsi** · 11 April 2015, 08:39

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

My account with MasterCard is in my name only, but good point for folks reading thin who have joint accounts, the SAR can be jointly. I have a very good SAR for Mortgages, which takes care of all parties.

Niddy, I might dig out that Mortgage SAR and maybe your lawyers could dot the i'ssss and cross the t'ssssss so to speak. I am sure whilst I think it is a good comprehensive Mortgage one, it could possibly do with updating or being put better in more legal terms.
x

**Tuttsi** · 11 April 2015, 08:44

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Going back to Irony Mountain.... my pet name for them, did they take over from Hayes storage?

Our company have stuff stored at Irony Mountain in the West Midlands old memorabilia stuff from the football world and financial papers.

**Angry Cat** · 11 April 2015, 09:25

Re: Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Originally posted by Tuttsi View Post

Niddy, it is Barclaycard who run the MasterCard account. I never signed up to my knowledge for this and just accepted that this was normal in the days when we did not have access to wonderful web site like this.

Bill, I will send two SAR's request then one to Sentinel and the other to Barclaycard (MasterCard account) that should be very interesting, the cost of £20 is nothing compared to the interest that they owe me for taking this money unlawfully.
Tuttsi x

For what it is worth;
the correct term is a Data Subject Information Request (DSIR) and not a DSAR. However, agree these requests are generally known as SAR (Subject Access Requests).

I have never known any Bank to provide information prior to the 6 year rule, other than pretty useless transaction logs. Most have had to rely on section 77, 78 & 79 CCA requests to obtain anything prior.
And, I agree that under the Money Laundering Regs Banks must keep information for 6 years after the account has ceased to be live; this id of course for HMRC.
But this information does not fall under Section 7 of the Data Protection Act 1998, therefore Banks will not release same...

RE: your MasterCard account Tuttsi. Was it by any chance a Morgan Stanley Dean Witter, Morgan Stanley or Goldfish card. As they were selling the Sentinel product with their credit cards. Tesco Personal Finance and the various RBS affiliate cards too.

Barclays took over several MC credit card providers who sold the ill fated Sentinel (useless) product.

http://www.barclaycard.co.uk/persona...ard-protection

Announcement

Card Protection Policies (CPP) - We're STILL Being Scammed !!!

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment