What to do if a debt recovery company has leaked my private information

What to do if a debt recovery company has leaked my private information

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

As a hard-and-fast rule, companies have a responsibility under the Data Protection Act (DPA) to use and store sensitive information correctly. Although the law is there, not all organisations successfully uphold the regulations they’re supposed to.

So, in this example, what can you do if a debt recover company has leaked your private information? Do you have a valid claim for Data Leak Compensation?

The DPA contains eight primary principles that companies should adhere to:

  • Personal data should be processed fairly and lawfully;
  • Personal data should be obtained only for one or more specified and lawful purposes;
  • Personal data shall be adequate, relevant and not excessive;
  • Personal data should be accurate and where necessary kept up to date;
  • Personal data should not be kept for longer than necessary;
  • Personal data should be processed in accordance with the individual rights under the Act;
  • Personal data should be kept secure;
  • Personal data should not be transferred outside the European Economic Areas unless the country offers adequate data protection.

Debt recovery companies’ responsibilities

When it comes to debt recovery companies, the responsibilities don’t vary too much. As data controllers, a debt recovery company still owes the same responsibilities to individuals listed above. If they fail to do so, they can be subject to severe scrutiny from the Information Commissioner’s Office (ICO) – the U.K.’s data privacy watchdog.

What constitutes as a data breach?

As defined by the ICO, a personal data breach is:

“…a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service.”

As the ICO explains, this may be intentional or unintentional. Either way it still amounts to a data breach.

Is debt sensitive information?

A data leak by a debt recovery company will almost certainly be considered as a leak of sensitive information, as many people who are in debt wouldn’t usually want people to know.

ICO powers

If the ICO sufficiently finds there to be an infringement of your privacy rights and that the company has breached their DPA responsibilities, they can impose a monetary penalty on the company. These penalty notices are designed for serious contraventions of the DPA, and mustn’t exceed £500,000. Recently, TalkTalk was fined £400,000 for their massive data breach.


Debt is something that I’m sure many individuals would like to keep quiet. If the debt recovery company has leaked personal data of the said individuals, this could have many consequences for them. As a result, a person may have good grounds to make a claim.

Data breaches by debt recovery companies

Following a Freedom of Information request by Gladys Evening, the ICO confirmed that, from 2011-12, there were 13 and 88 occasions where the ICO observed breaches of the DPA by debt collection agencies.

The Financial Ombudsman are also equipped to deal with complaints of a financial nature. This also ties in with data protection privacy. One case study details where a consumer complained after a debt collector left debt details on his front door. As Mr M arrived home from work, he was told by a neighbour that a debt collector had been asking after him. There was a note on his front door, explaining they’d visited about arrears on his loan.

This is most certainly a data privacy breach, as Mr M’s personal details and financial circumstances were on full display, and anyone could’ve seen it. The Financial Ombudsman told the debt collector to offer Mr M £400 for the worry and embarrassment for their actions. There are many of these occasions that would constitute as a data protection breach and warrant action under the DPA.

Your financial circumstance is highly sensitive data. If you believe it’s been wrongfully used or leaked, please don’t hesitate to contact us. Our dedicated and experienced team of lawyers may be able to proceed with your claim.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon