Advisers may be concerned to know about the recent FSCS handling of personal data when claims are received, the adviser has retired and the firm in question was NOT in default of the scheme.
When a ‘consumer’ approaches the FSCS (looking to claim compensation) and the firm from whom advice was obtained is no longer trading (as the adviser has retired) they are, if requested by the ‘consumer’, releasing information as to the whereabouts of that now retired adviser, even if the firm is not in default.
In correspondence seen, the FSCS is implying that it has the right to release such data when requested; quoting guidance it says it has from the Information Commissioners office (ICO).
This they say states that “ Where the FSCS has rejected a claim for solvency reasons (firm not in default) and the consumer wishes to pursue a claim, disclosure is permitted under the Data Protection Act 1998.
They go on to refer to the fact that they have received guidance from the ICO to that effect- providing this summary.
Now here is the situation, and advisers should rightly be incensed as this could happen to anyone and illustrates only too well the need for a longstop to be reinstated:
The date of the advice (relating in this case to an endowment mortgage) was 1989, some 25 years ago
If the FSCS did accept the complaint, it would be dismissed as they do recognise the longstop.
The advisory firm- a partnership, closed in a correct way in 1998 with full PIA regulatory approval and it is not in FSCS default.
The adviser made it clear that he did not wish his address to be given and he gave some specific, valid reasons.
These reasons were dismissed by the FSCS.
The adviser told the FSCS that he would complain to the ICO as he felt it was unfair to release his details when the firm was not in default and that the complaint would have been dismissed under FIMBRA, PIA and FSA rules as well as the FSCS own rules by way of being out of time on so many levels, including their own application of a longstop.
The ICO investigated the complaint and remarked that the application of ICO guidance by the FCSC did not seem to be in accordance with what they deemed to be a reasonable interpretation of the Data Protection Act 1998 and the many updates applied since.
In addition they commented that a release of data such as requested would be “legitimate” only if the firm was still trading and that the business address was also the advisers home address.
The ICO case officer stated: “Thank you for raising your concern with us about the Financial Services Compensation Scheme Limited (FSCS) handling of your personal data. You are concerned that FSCS want to disclose your personal details to xxxxxxxx.
It is our view that information about a sole trader or partner is likely to be personal data relating to that sole trader or partner; however, we accept that personal data relating to someone acting in a business capacity is less private than information relating to an individual’s home life.
Where a sole trader’s personal data is released in the context of a business relationship the disclosure is unlikely to involve a breach of the first data protection principle.
In addition, there are exemptions within the DPA that will allow the disclosure of personal data, specifically section 35(2) which states: “Personal data are exempt from the non-disclosure provisions where the disclosure is necessary
- a. for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), or
- b. for the purpose of obtaining legal advice or is otherwise necessary for the purposes of establishing, exercising or defending legal rights.
It is important to note that an organisation (FSCS) does not have to disclose personal data in response to a request from a third party simply because this exemption applies, unless obliged to do so under a court order.
An organisation (FSCS) can choose whether or not to apply the exemption to make a disclosure, and it should do so only if it is satisfied that the disclosure would fall within the scope of the exemption.
When deciding whether to disclose an individual’s personal data an organisation (FSCS) should also consider the first data protection principle which requires an organisation to process personal data fairly and lawfully.
To assess whether or not personal data is processed fairly, an organisation should consider how it affects the interests of the people concerned.
Personal data may sometimes be used in a manner that causes some detriment to an individual without this necessarily being unfair. What matters is whether or not such detriment is justified.
If FSCS were to disclose your details to xxxxxxx it would, in my opinion, be unfair.
The ICO adjudication casts very severe doubts on the correctness of the statement made by the FSCS in justifying data release to a claimant.
Saying it can release data because “considerable weight has to be given to the legitimate interests of the customer” in this case was clearly wrong and unfair, the adviser has rights too!
We hope this decision by the ICO will put a stop to such bad practice and allow decent retired advisers with unblemished records to enjoy what is left of their lives free from worry or distress.
And going forward ensuring that those yet to retire enjoy the same protection that the Data Protection Act 1998 affords to all even if the Limitations Act does not.