Data protection

[Worriedman]

A friend of mine has a loan with a registered loan company. An agent she deals with weekly collects the repayments. However a while ago the agent was away and somebody else who she knows called for the payment in which she was upset about and didn't want them to know her business. My question is this a data protection issue from the company? Thanks

 

[TLO]

No. The loan company is within it's rights to appoint an alternative agent to collect the weekly payment. It is unfortunate that the alternative agent is known to your friend but nobody has done anything wrong. Maybe your friend should approach another lender, such as a credit union, with a view to obtaining a new loan for the purpose of paying off the "registered loan company" in full, thus removing the need for an agent to call weekly. An added bonus is that the loan interest would probably be a lot less.

 

[Slim]

I think that, if the person who called was correctly employed by the loan company, they can assign any collections to them without data protection worries. After all, we all have to go into local banks and credit unions which have staff we know. It's just a part of life.

 

[Worriedman]

Thanks for replies. Also agents or temporary agents would be obliged to keep people's business affairs with company totally classified would this be correct?

 

[TLO]

Yes, it would. Disclosing your friend's business affairs to an unconnected third party (in other words, gossiping in the neighbourhood) would constitute a data protection breach.

 

[aristotle]

Yes, it would. Disclosing your friend's business affairs to an unconnected third party (in other words, gossiping in the neighbourhood) would constitute a data protection breach.

Surely depends on what the contract says? If T&C's which the person signed up to allows this scenario then there is no issue?

 

[qwerty5]

Surely depends on what the contract says? If T&C's which the person signed up to allows this scenario then there is no issue?

The question was to unconnected third party.
They can't just send your data to random third parties. If it's for a valid reason they can send it to a third party for processing (as long as it's complying with laws). http://www.privacy-regulation.eu/en/28.htm
That's article 28 of 99 of the new GDPR. It's in force now but it's in it's implementation period. Until May next year. Then companies can be penalised.
I didn't bother looking for the current act as it's similar in this respect anyway.

Ts&Cs can't have conditions that don't comply with the laws.

 

[aristotle]

The question was to unconnected third party..

It doesn't actually say it was an unconnected third party. But yeah it could be.