The complainant attended the accident and emergency department of a public hospital. A few months later, she was contacted by an organisation carrying out research. The researchers knew when she had attended the hospital and why, and they asked her to answer some questions. The complainant objected to the fact that the hospital had told the researchers about her visit.
The complainant looked for a loan to buy a car, but he was refused. He then made an access request under section 4 of the Data Protection Act to a credit referencing agency. The record he received in response showed that he had been lent money by a financial institution some years before, and that that loan had not been repaid according to the agreed terms.
A company engaged consultants to evaluate some of its senior management posts. Knowing that the consultants' reports were kept in computerised form, the occupants of a number of these posts made a request to the consultants, under section 4 of the Act, for copies of the information relating to themselves. The consultants did not respond within the period of 40 days provided for in section 4(1)(a), and the employees concerned complained to me.
The size of the print used by data controllers to inform data subjects how their information might be used was the subject of two cases dealt with in 1997. One concerned a form being used by a financial institution to collect customer information for a new service.
In my Annual Reports for both 1995 and 1996 I referred to cases in which people had complained to me about uses of information about them which had been obtained from the Electoral Register. During 1997 there was again a significant number of complaints from people who had received direct mailings where the names and addresses had come from the Electoral Register.
Two people complained to me, separately, that a particular firm of insurance brokers had obtained their ex-directory telephone numbers and used these to contact them to try to sell insurance products. They were surprised to be contacted at home, since they had taken the trouble to opt for ex-directory numbers, and they were indignant at what they saw as an aggressive invasion of their privacy.
A father complained to me that his children had received direct mail from a company making a product used mainly by children. This complainant took the view that children were more vulnerable than adults to manipulation by marketing and should not be targeted in such a way.
A man who had difficulty in getting a mortgage made an access request under section 4 to a credit referencing agency. He found that there was a record relating to a hire-purchase agreement that he had entered into some years previously. This record showed that part of the loan had been written off. It also purported to show that before that had happened, litigation had been pending against him.
A major data controller is engaged, as part of its operations, in direct mailing to its customers and also in host-mailing (mailing details of offers and services on behalf of third parties). This data controller, correctly, had previously given all its customers an opportunity to decline to receive such mailings.
A financial services company proposed to carry out a customer satisfaction survey, and approached my Office for advice. The survey was to be done by telephone, and the company intended to write to customers beforehand telling them about it and inviting them to ring a freephone number if they did not want to be contacted in this way.
A man who bought a house found that direct mail, from several sources, arrived regularly for the former owner. My Office advised him to tell each sender that the former owner had moved, and when he did so all but one of them stopped the mailings. Post continued to arrive from a third-level educational institution, although it had made a number of promises that the matter would be rectified. This was a matter of some annoyance to the house-owner and he made a formal complaint to me.