Data protection and identity theft

The Data Protection Act controls how your personal information is used by corporations or government. It requires everyone who collects data to follow strict rules, and to keep your information safe. This page explains how it works.

Protecting your information

The Data Protection Act's rules are quite complex, but at the heart of it are eight common sense rules known as the 'data protection principles'.

These principles require any organisation, corporation or governmental body that collects personal information to handle it safely. Anyone collecting personal information must:

• fairly and lawfully process it
• process it only for limited, specifically stated purposes
• use the information in a way that is adequate, relevant and not excessive
• use the information accurately
• keep the information on file no longer than absolutely necessary
• process the information in accordance with your legal rights
• keep the information secure
• never transfer the information outside the UK without adequate protection

All organisations collecting and using personal information are legally required to comply with these principles.

The law provides stronger protection for more sensitive information - such as your ethnic background, political opinions, religious beliefs, health, sexual life or any criminal history.

It is enforced by an independent information commissioner, who can take action against any company or governmental body that fails to protect your information, or that abuses its right to collect and hold that information.

• Appealing against a decision made by the Information Commissioner
• Information Commissioner's Office (contacts section)

Finding out who knows what about you

The Data Protection Act gives you the right to find out what information about you the government and other organisations store. This is known as the 'right of subject access'. If you submit your request in writing, they are legally required to provide you with a copy of all the information they hold about you.

Some agencies or corporations may charge a fee for providing the information, but they are only allowed to charge up to £10 for digital information, or £50 for printed (non-electronic) medical records. Finding out what information about you credit reference agencies hold costs £2.

• Callcredit
• Equifax
• Experian

Stopping direct marketing

Some people resent the way companies and government agencies contact them directly by phone, post or even fax. You have the right to stop these direct marketing campaigns from using your personal information to contact you.

All you have to do is register your details with one of the 'preference services', which allow you to opt out of direct marketing altogether.

The links below offer more information about how you can opt out.

• Mailing Preference Service
• Telephone Preference Service
• Fax Preference Service

How to protect yourself

A common way of getting your personal details is by stealing discarded documents, letters and receipts from your rubbish. You may also be contacted by telephone or email by someone pretending to be from a legitimate organisation, asking for personal information from you.

To protect yourself:

• shred all personal information before throwing it away in your rubbish - this includes anything referring to bank accounts, National Insurance details, salary information, and old bank cards
• delete any suspicious emails from organisations requesting personal information from you (banks will never ask for personal details by email)
• be extra vigilant when giving out personal information - it's easy for criminals to fake email addresses, websites, headed paper and other methods of communication
• if you move house, make sure you tell your bank and other organisations in advance, and arrange for the Royal Mail to redirect your mail
• tell the Royal Mail if you suspect your mail is going missing
• Royal Mail - report late or lost mail

Possible signs that you have become a victim of identity theft include:

• mail going missing - this may include regular bank statements and credit card bills that suddenly stop arriving
• rubbish bags being tampered with or disappearing
• getting bills or letters about things that you haven’t bought or signed up for
• unusual payments or direct debits appearing on your bank statements
• More about protecting yourself - Identity theft website

Notify your local police station

Even if you have no firm reason to believe you have become a victim of identity theft, you should always tell the police if your rubbish has been tampered with, or if you have any other related concerns.

• Police Service of Northern Ireland website

More useful links

• Complain about a trader or business