Data Protection Issue - An Post

dilallio

I recently moved house, and paid An Post to redirect the mail from my previous address.

I just received today, a letter from the TV Licence dept (operated by An Post) asking me to purchase a licence.

My partner already has a tv licence, and as I have been away from my new address with work, I haven't yet updated the new address on the electoral register / work / my bank, or anything else. The only way that the TV Licence Records Office could have got my address is through the mail redirection form.

Now, I do not have any issue with the TV Licence (we already have one and will need to transfer it over to the new address).

I have checked the mail redirection application form, and nowhere does it mention that this info may be used for other purposes, nor does it give you an option to opt in or out of your information being shared with anyone else.

I have also checked the Data Protection Commisioner's site and saw the following:

If you obtain peronal information for a particular purpose, you may not use the data for any other purpose, and you may not divulge the personal data to a third party, except in ways that are "compatible" with the specified purpose. A key test of compatibility is whether you use and disclose the data in a way in which those who supplied the information would expect it to be used and disclosed.

Does anyone know if I have a case to make a complaint to the Data Protection Commisioner, or if An Post have any exemptions to the act?

Thanks

aidan_walsh

Was the letter addressed to you or your partner directly, or to "the occupant" or some such similar?

dilallio

Thanks Aidan.

It was addressed to myself specifically.

The only other mail I have received to the new address, is all redirected mail from my old address.

Also, above my name on this letter, is the An Post redirection reference no, which confirms that they have got my new address from the redirection service.

The letter was not sent to my previous address and redirected - there is no mention of my previous address on this letter.

dilallio

I just checked An Post's policy on Data Protection and found the following:

Data Protection Principles


We shall perform our responsibilities under the Data Protection Acts in accordance with the following eight Data Protection principles:

1. Obtain and process information fairly
   We shall obtain and process your personal data fairly and in accordance with statutory and other legal obligations.
2. Keep it only for one or more specified, explicit and lawful purposes
   We shall keep your personal data for purposes that are specific, lawful and clearly stated. Your personal data will only be processed in a manner compatible with these purposes.
3. Use and disclose only in ways compatible with these purposes
   We shall use and disclose your personal data only in circumstances that are necessary for the purposes for which we collected the data.
4. Keep it safe and secure
   We shall take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of your personal data and against its accidental loss or destruction.
5. Keep it accurate, complete and up-to-date
   We adopt procedures that ensure high levels of data accuracy, completeness and that your data is up-to-date.
6. Ensure it is adequate, relevant and not excessive
   We shall only hold your personal data to the extent that it is adequate, relevant and not excessive.
7. Retain for no longer than is necessary
   We have a retention policy for your personal data.
8. Give a copy of his/ her personal data to that individual, on request
   We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data.

BrianD

An Post have the contract to administer the TV licence scheme. They issue the licences and collect the money.

It seems that they complile a National Address Database for the purposes of collecting the licence fee from a number of sources including the re-direct forms.

See here:

http://www.audgen.gov.ie/documents/vfmreports/47_TVLicence.pdf

Specifically p22. Section 2.26 (second bulletpoint).

Don't know if there is any law underpinning An Post's ability to create a national database of names and addresses. One assumes that they do need to create one one as a post office and that this list can be used for legal purposes.

tricky D

It's the postmen who do a lot of the compiling of TV licence targets. Your local could easily have spotted the redirected letter, noted your new details and added to the list.

If they used the form data, they're just transferring the information internally and that doesn't imply a data protection breach iirc.

BrianD

Does it say anywhere on the redirect form that An Post can use it to compile the national address database? Maybe this is something that they have to do anyway.

dilallio

Thanks Brian & Tricky - much appreciated!

I've checked the application form on the An Post website here and it doesn't say anywhere that the info will be used anywhere else. Nor does it ask you to opt in or out of information sharing.

In terms of An Post being allow to share information internally, their own Data Protection Policy states:

Data Protection Principles


We shall perform our responsibilities under the Data Protection Acts in accordance with the following eight Data Protection principles:

1. Obtain and process information fairly
   We shall obtain and process your personal data fairly and in accordance with statutory and other legal obligations.
2. Keep it only for one or more specified, explicit and lawful purposes
   We shall keep your personal data for purposes that are specific, lawful and clearly stated. Your personal data will only be processed in a manner compatible with these purposes.
3. Use and disclose only in ways compatible with these purposes
   We shall use and disclose your personal data only in circumstances that are necessary for the purposes for which we collected the data.
4. Keep it safe and secure
   We shall take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of your personal data and against its accidental loss or destruction.
5. Keep it accurate, complete and up-to-date
   We adopt procedures that ensure high levels of data accuracy, completeness and that your data is up-to-date.
6. Ensure it is adequate, relevant and not excessive
   We shall only hold your personal data to the extent that it is adequate, relevant and not excessive.
7. Retain for no longer than is necessary
   We have a retention policy for your personal data.
8. Give a copy of his/ her personal data to that individual, on request
   We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data.

This policy is their intrepretation of the Act, but looking at paragraphs 2 & 3, by using my information for something than the purpose for which they collected the data - this (imo) is in breach of their own policy. If one of the purposes of storing the info (other than using it for its intended purpose for mail redirection) is to use the information for TV Licence collection, then this purpose should be "clearly stated" (par 2).

I don't want to appear to be over the top here or making a mountain out of a mole-hill. I have a pet hate for junk mail, and my privacy is very important to me. I don't want anybody who has a computer in An Post to access the info I filled-in on the redirection form, such as my name, address, date of birth, and credit-card details.

Jev/N

I can't cite exactly now but they could argue the exit provision/clause regarding enforcement of the law but it'd be a weak argument I'd imagine

Jimmyboss

tricky D wrote: »

It's the postmen who do a lot of the compiling of TV licence targets. Your local could easily have spotted the redirected letter, noted your new details and added to the list.

If they used the form data, they're just transferring the information internally and that doesn't imply a data protection breach iirc.

Dunno where you got that from, postmen have absolutely nothing to do with collating data for the TV licence section of An Post