If you’ve ever called a finance company to discuss an account or an application for an account, the chances are you’ll be asked a series of questions for data protection.
This may include confirming your full name, address and postcode, account number or phone number. Some companies may even request that you set up a memorable password and ask you for certain characters in the password.
When you use the term data protection, we are really referring to The Data Protection Act (DPA) of 1998. This is a piece of legislation that controls how businesses and organisations use customer’s personal data.
The data protection principles
The Data Protection Act is made up of several principles, which everyone with access to personal data must abide by. This includes ensuring that the data is:
- fully accurate and up-to-date
- used fairly and lawfully
- kept safe and secure
- used for limited purposes
- used in a way that is not excessive
- never kept for longer than necessary
- processed in accordance with people’s data protection rights
- not transferred to other countries without adequate protection
Upon receiving personal data from you (often via an application), it is the organisation’s responsibility to ensure it is controlled in line with the Data Protection Act.
So, when companies ask you to confirm a series of personal details they, are not trying to trip you up. Instead, they are simply trying to ascertain that you are who you say you are to safeguard your personal information.
Data protection and marketing
For marketing purposes, some companies may ask to share your information with selected third-parties. Any companies wishing to do this must first gain consent from the individual prior to doing this. This will often be done as part of the application page in the form of a tick box. As a customer, you should be given the option to opt-out of marketing at any point.
What should I do if I feel that my data has been misused?
If you think that your data has been misused or compromised, you should contact the organisation in question and explain this.
If the organisation fails to provide an adequate or timely response, you can seek advice from the Information Commissioner’s Office (ICO). The ICO will be able to investigate your claim and act against any parties found to be breaching data protection.