FSPO complaint - GDPR non compliance by bank

cmalone

Registered User
Messages
460
came across scenario where complaint lodged to FSPO and bank provides evidence from their files, that was not released / denied existed under Data Protection Act Request.

How would the FSPO determine such a case ?
 
Hi cmalone,

I'm sorry I can't help with your specific query but it does seem a common enough theme for banks to have "lost" key correspondence or not provided all details under data disclosure. Personally, I am highly suspicious that this is just a coincidence.

I have two disputed loans - one of which has gone through the FSPO process, the other is still in the oven. Whilst I "won" the completed one, I found the FSPO staff well intended but weak.
 
Agree with that analysis. Similar weaknesses with Data Protection Commissioner’s Office due to backlog of cases ... the bank’s know to ‘play the game’ and they can say what they want..

in this instance the bank’s management claimed to DPC that important documentation/ notes on file regarding customer instructions were temporary in nature (post its/ verbal messages) and were not available ...

Fortunately the customer was able to show that the call centre staff actually sent emails to relevant departments per recorded calls and did not use post-it’s!
 
Agree with that analysis. Similar weaknesses with Data Protection Commissioner’s Office due to backlog of cases ... the bank’s know to ‘play the game’ and they can say what they want..

in this instance the bank’s management claimed to DPC that important documentation/ notes on file regarding customer instructions were temporary in nature (post its/ verbal messages) and were not available ...

Fortunately the customer was able to show that the call centre staff actually sent emails to relevant departments per recorded calls and did not use post-it’s!

Hi cmalone,

What happened next, did the Bank get sanctioned?
 
The process with ODPC and FSPO takes years. They are slow to act - possibly due this the large fees that pay their salaries from the banks. At each occasion when bank is proven to have intentionally misled the investigation, they simply claim that now the bank has corrected the error. Fortunately - one learns to be persistent
 
The process with ODPC and FSPO takes years. They are slow to act - possibly due this the large fees that pay their salaries from the banks. At each occasion when bank is proven to have intentionally misled the investigation, they simply claim that now the bank has corrected the error. Fortunately - one learns to be persistent

Hi CMalone,
are are kidding me; it could not take years for the FSPO to adjudicate on a complaint, could it?
 
Fortunately the customer was able to show that the call centre staff actually sent emails to relevant departments per recorded calls and did not use post-it’s!

Just playing devil's advocate, but an audio recording stating an email was sent does not mean that record of that email still exists. How long ago are you talking about? Most companies will delete emails after the mandatory retention period unless they are explicitly archived.
 
The requests for data were made in 2016 and follow up requests in 2017 , 2018 and 2019. The Data Protection Commissioner has been actively investigating case with bank since 2017 to present and can only obtain data on a piecemeal basis. The bank would have an internal communication system to communicate with staff regarding phone call follow up. This would typically be by internal system email etc.
 
The ODPC are very slow. Maybe they are busy. The get replies from bank and send to me for comment. I comment and they send to bank. I get ‘drip fed’ with additional data - which the bank originally denied existed and then was ‘found’. I think the commissioner’s office is reluctant to investigate as the bank pay a big registration fee. I complained to ODPC and the case starts ab initio.
 
The ODPC are very slow. Maybe they are busy. The get replies from bank and send to me for comment. I comment and they send to bank. I get ‘drip fed’ with additional data - which the bank originally denied existed and then was ‘found’. I think the commissioner’s office is reluctant to investigate as the bank pay a big registration fee. I complained to ODPC and the case starts ab initio.
Any more happening here?
 
No progress with ODPC. They appear to be very busy. The bank already advised me of this and expect they are happy ... the ODPC refuse to treat all the requests as linked - the only reason I submitted additional new requests was based on the original request not being complied with. If the bank wants to hide data - it appears they can as evidenced from this and similar complaints to the ODPC.
 
By the time the FSPO considers my complaint - the relevant data- withheld- will have been deleted in accordance with their retention policy. Handy
 
Wondering more about the release of information to third party received when making complaint to fpso?
 
Varies depending on financial product / service - typical 6 years. -

it will be published in their particular privacy statement / data retention policy - but they can intentionally not release some incriminating data as part of a gdpr / data protection request..,

when you pursue complaint via the ODPC of Fspo you might be waiting forever before any case gets determined .,, and data may be actually destroyed / deleted or amended by bank during the period .. essentially bank can deny the record actually ever existed and tie you up in noughts
 
Back
Top