“You may choose to look the other way, but you can never again say that you did not know”

– William Wilberforce

Data Protection Act 2018 – Criminal Offences | The Crown Prosecution Service (cps.gov.uk)

Section 173: Alteration etc of personal data to prevent disclosure to data subject

Section 173 relates to the processing of requests for data from individuals for their personal data. Section 173 (3) makes it a criminal offence for organisations (persons listed in Section 173 (4)) to alter, deface, block, erase, destroy or conceal information with the intention of preventing disclosure. It builds on an offence under the Freedom of Information Act 2000. Possible defences to an offence under section 173 (3) are set out in Section 173 (5).

---

CHA and Nicola Sturgeon’s government (enablers) are corrupt. They should never be trusted as they are operating under false pretences and collude with anyone useful to them and avoid accountability, which is against the public interest and the law. They do not want me to receive the services of an honourable law firm as they could not protect themselves in court, so instead try to interfere with/remove my website or anything else to their advantage. It is also the reason I have been banned from social media platforms.

Subject Access Requests (SAR)

Everyone is (but only if the law is applied!) entitled to see the data which organisations hold on them and can apply for a SAR.  Your right of access | ICO

In my 1^st SAR, I caught out Housing Officer Cheryl Connelly falsifying data, and she had written about sensitive topics which were none of CHA’s business and she had altered the facts, to defame my character on file. When I objected about this to Garry Savage, typically his response was to antagonise me further, by making up more falsified claims of what I said or did and covered for his lying housing officer. Then CHA used influence to avoid accountability. The CHA Executive Management Team did not like how the ICO originally went against them, so they made sure it did not happen again and with the ICO, they got two puppets for the price of one.

---

update: May 2022  After reading this page, you will be completely aware of the fact, the *ICO are part of the problem, and not the solution. By giving companies and authorities the power to harvest your information under false pretences, they all must be using it for nefarious schemes.

However, the problem with allowing data to be falsified/fraudulent(misinformation/disinformation, ha! ha!)it cannot possibly be of any value to the government or their equally corrupt friends, as their untrustworthy, *law -breaking data collecting companies and authorities, have rendered the data null and void!

Information is the new currency to be used by the fake leaders, however…why would techy, data collecting companies want to buy inaccurate data?

* Fraud – Crime.Scot

---

Lawful basis for processing | ICO … Most lawful bases require that processing is ‘necessary’ for a specific purpose. If you can reasonably achieve the same purpose without the processing, you won’t have a lawful basis”. CHA did not have a lawful basis for processing data they held.

Included in what I sent Willow, were the documents below which CHA had sent me in my 1^st SAR. I have never made corporate complaints about the contractors. CHA made it up, which is clearly fraud, but probably came in handy when trying to prejudice others against me e.g., when using contractors to harass us out of our home. Take note further down in Willows responses, of how she deflects from ** accusing CHA of fraud.

‘Here’s one I made earlier ’by CHA

If this had been a genuine complaint made by me; it predates my first SAR cover letter below; dated 28/11/16, and would have been in the staffs reports, as communication between myself and CHA and they would have written to me about the outcome, but there is no record. The liars regularly drop themselves in it because they make everything up as they go along. 

Below is one of the  (backtracking), typed, made up after the fact file notes by Business Services Director Garry Savage, which were added to my **bulked up 73 pages of 2^nd SAR, for the purpose of covering for their wrongdoing. **This breached The Equality Act 2010 on reasonable adjustment   Equality Act 2010 (legislation.gov.uk)

The corporate complaint disappears in the one below, which came from a PDF document and dated 25.11.16. (Look at the date on SAR request above).

The garden ornament described above to trivialise the complaint is a huge structure, they wanted me to remove to appease the anti -social tenant CHA named below, who makes vexatious complaints, see evidence in Ch.3.

Below was taken from the original Group Data Protection policy, relevant at time I first made a complaint to the ICO. CHA cared so little about Data Protection, they did not even have a Data Protection Policy for tenants just a leaflet, on their website (see below). More fraudulent claims for show purposes, pretending they follow policy/laws etc, to get service users to sign contracts with them.

The Rights of the Individual/Data Subject

6.1 Individuals/Data Subjects have the following rights in relation to the processing of their personal data.

– the right of access to a copy of the information comprised in their personal data;

– the right to object to processing of data that is likely to cause or is causing damage or distress;

– the right to prevent processing for the purpose of direct marketing;

– the right to object to decisions being taken by automated means;

– the right to claim compensation for damages caused by a breach of the Act; and

– the right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed.

7. Consent

7.1 Wherever possible, personal data or sensitive data should not be obtained, held, used or disclosed unless the individual has given consent.  With this in mind, the Group’s members will always obtain consent from the individual/data subject prior to processing any personal or sensitive data.

The Group’s members understand “consent” to mean that the data subject has been fully informed of the intended processing and has signified their agreement, whilst being in a fit state of mind to do so and without pressure being exerted upon them.

7.2 Consent obtained under duress or on the basis of misleading information will not be a valid basis for processing. There must be some active communication between the parties such as signing a form and the individual must sign the form freely of their own accord. Consent cannot be inferred from non-response to a communication. For sensitive data, explicit written consent of data subjects must be obtained unless an alternative legitimate basis for processing

1.3 Failure to comply with the Data Protection Act 1998 could result in the prosecution not only of a Group member but also of the individual responsible for the breach in data security.

Data subjects (that is persons about whom such data is held) may also sue for compensation for damage and any associated distress suffered as a result of:

– loss or unauthorised destruction of data;

– unauthorised disclosure of, or access obtained to, data; and

– inaccurate data – i.e. data which is incorrect or misleading.

Financial penalties can be imposed on Group members by the Information Commissioner for any serious breaches of the Data Protection Act 1998. The maximum financial penalty that the Information Commissioner can impose on a member of the Group is a fine of £500,000.

1.4 Given the financial consequences of any serious breach of the Data Protection Act 1998, it is imperative that Group members’ staff, Governing Body Members or contractors concerned with, or having access to, such data ensure that data is processed according to the principles of data protection and the rights of data subjects.

Group members’ staff, Governing Body members and contractors must treat all data carefully and must not disclose any personal data to unauthorised persons (this includes parents or relatives of tenants or other data subjects (… but named the anti-social tenant in my reports, as seen in first image in Ch.3).   

Below is the leaflet given when we signed up for a house. More fraudulent claims which CHA had no intention of honouring. Then look at the lame excuse, when I caught them out with the lie about claiming to get us to sign a Data Protection Notice prior to processing.

Below in the second paragraph, is evidence from Garry Savages cover letter to 2^nd SAR which clearly indicates, CHA did not obtain thousands of tenants’ permission to process data before they signed the tenancy agreement.  It is rubbish about Garry claiming forms not being kept, as they never sought permission in the first place. They also claim they make separate arrangements to collect sensitive data which they never did and kept data they do not have a legal right to process in first place, which they altered to defame me, (to prejudice the opinions of others) and have refused to remove since 2016.

Below is Willow Warder ‘s original instructions to Garry Savage

From: casework@ico.org.uk

To: Garry Savage

Subject: Data Protection Concern [Ref. RFA0669181]

Date: 11 April 2017 11:38:16

11 April 2017

Case Reference Number RFA0669181

Dear Mr Savage,

Re:- Subject Access Request –

Ms— has contacted us with a concern in relation to the way that her subject access request (SAR) has been dealt with by Caledonia Housing Association.

Ms–has raised concerns that third party information in relation to a neighbour who made a complaint relating to Ms — have been disclosed to her.

She has also noted that information in relation to this concern has not been disclosed.

The data subject has also advised us that she did not receive your organisation’s Customer Data Protection Notice or sign the relevant paperwork.

Finally Ms –has noted that she has concerns in relation to a Contact Report of the 15 September 2016 as she states that the information recorded is inaccurate and excessive.

The ICO’s role

Our role is to ensure that organisations follow the Data Protection Act (DPA) properly. If things go wrong we will provide advice and ask organisations to try to put things right. Our overall aim is to improve the way organisations handle personal information.

What happens next?

From the information provided, it seems likely that Caledonia are in breach of Principle 6 of the DPA which relates to an individual’s rights. This is because in the file notes provided to Ms — of 14 December 2016, it states that the information on permission requests had not originally been provided to her as part of her first SAR response. However it does seem that this information was provided to Ms — at a later date.

(But they still withheld original records of 2 unannounced visits and later made up backtracking notes to cover for this, by predating them and placing them in the next SAR! Then their solicitor claimed they did not know what I was talking about in her letter see Ch 6 ).

In relation to the fact that it was disclosed to Ms– who the complainant was regarding a neighbour complaint, please can you provide the ICO with further information. Please can you provide a summary of the reasons why this information was disclosed to the data subject?

Furthermore please can you outline in relation to the DPA, the reasons why the information regarding this complaint has been withheld from Ms — under the DPA. Please find our guidance on disclosing information in relation to complaints  s40 Access to information held in complaints files v3.0 (ico.org.uk)

The concern regarding the fact that Ms — was not provided with the organisations Customer Data Protection Notice relates to principle 1 of the DPA which states that data must be processed fairly and lawfully and in a way that data subjects would reasonably expect. Furthermore fair processing information should be provided regarding how information will be processed in order for organisations to be transparent.

In light of the concern raised by Ms — I would now advise that your organisation should adhere to your data protection policies and that measures should be put in place as remedial action in regards to this.

In relation to Ms –query regarding the accuracy of the Contact Report, please be advised that for the purposes of Data Protection, accuracy relates to the accuracy of a matter of fact. The content of the Contact Report consists of the opinions of a professional and an account of her recollections. Furthermore from the information provided by Ms –, your organisation will accommodate Ms –request to have excessive information removed. In light of this it does not appear that further involvement from the ICO in relation to this aspect of this concern is necessary at present.

Please can you provide me with the requested information requested above by 25 April 2017. Thank you in advance for your assistance in this matter, If you would like to discuss this case further please do get in touch.

ICO Statement

We are often asked for copies of the correspondence we exchange with third parties. We are subject to all of the laws we deal with, including the Data Protection Act 1998 and the Freedom of Information Act 2000. You can read about these on our website

(www.ico.org.uk). Please say whether you consider any of the information you send us is confidential. You should also say why. We will only withhold information where there is good reason to do so.

Yours sincerely,

Willow Manuel

Case Officer (later promoted to Lead case officer)

Information Commissioner’s Office

01625 545 655

The ICO’s mission is to uphold information rights in the public interest…….LIARS!  see below

The last emails I sent to the ICO after being to court. 

After having ‘talkies’ with CHA, Willow decided to do a U-turn on what she originally stated ignoring the Data Protection Act (DPA) and Equality Act. Willows new responses are filled with lame excuses to deflect from the breaches of the DPA. CHA has spoon fed her what to say and was a willing participant in CHAs dishonourable practices.

Information Commissioner’s Office Reviews | Read Customer Service Reviews of ico.org.uk (trustpilot.com)      95% negative from 235 dated 17/01/22

One of the many areas of the Data Protection Act, the ICO and CHA are ignoring is this:

1.Personal data shall be:

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)”

There are clear links here to the Right to rectification | ICO which gives individuals the right to have inaccurate personal data corrected.

When is personal data “accurate or inaccurate”

In practice, this means that you must:

– take reasonable steps to ensure the accuracy of any personal data

– ensure that the source and status of personal data is clear;

– carefully consider any challenges to the accuracy of information; and

– consider whether it is necessary to periodically update the information.

The GDPR does not define the word ‘accurate’. However, the Data Protection Act 2018 does say that ‘inaccurate’ means “incorrect or misleading as to any matter of fact”.

But only applies when the ICO ignores the facts/evidence/legislation to collude with those they are assisting, so they can avoid accountability!

on Thursday, 8 November 2018, 14:22:51 GMT, <casework@ico.org.uk> wrote:

Case Reference Number RFA0669181

Dear,

Thank you for your further correspondence in relation Caledonia Housing Association and the way that they process personal information. I have considered the information available but am of the opinion that there is no further action which we can take in light of your subsequent complaints.

In our correspondence to you I tried to explain that in terms of data protection, ‘accuracy’ means factual accuracy, it does not relate to opinions or an individuals recollection of events. In cases where personal data takes the form of descriptions of what people believe to have been said or occurred on a particular occasion, it is not possible to conclude that there has been a contravention of the data protection accuracy principle.

Where the information records an opinion or a recollection of events, as in this instance, we cannot challenge the accuracy of that opinion as it is not factual accuracy. In these circumstances, an individual can request that an organisation attaches a note to the relevant file stating that they dispute the accuracy of some of the information held. This needs to be submitted to the organisation directly, the ICO cannot act on behalf of individuals as we must remain independent.

The organisation confirmed to you that they would be “agreeable to amending sections of your files”, this was clarified to you again by Ms Lorna Miller on 3 January 2018.  In this correspondence from Ms Lorna Miller she clarifies that: “no information in the Contact Report has been amended or removed, this is due to Caledonia waiting on Ms– providing us with what information she feels should be amended or removed.

It therefore appears that you have not corresponded with the organisation directly in relation to the information which you would like to have a note of dispute appended to. Aside from advising you to do this again, there is no further action which we can take in relation to this.

Having considered the other matters that you have raised, they do not appear to relate to data protection issues and are not matters which fall within our remit. You have raised concerns about Harassment, Housing Repairs and Discrimination amongst other things and these are not issues which I can advise on. In relation to your concerns that Caledonia Housing Association gave false information in court and did not follow the procedure rules, these are not matters which we can address as they are not within our remit. I appreciate this may not be the outcome that you were hoping for, but I hope that this information is useful to you.

Yours sincerely,  Willow Warder Lead Case Officer

Information Commissioners Office 0330 414 6655

08.11.18

Dear Willow

Thank you for your email.

I would like you to reconsider my case as I have not been able to put my case across to you in a way that you seem to understand. I will be therefore forwarding your response to a friend who is more articulate than myself and who is very knowledgeable about Data Protection past and current, as is necessary in his job.

I do not understand why you have altered your previous advice to CHA which you sent to them and the fact they have withheld more data in 2 subsequent SARs and falsified more records which they then passed on to other parties with the sole intention of deceiving. These are just 2 principles that relates to this. The rest of the points will be raised by my friend in due course.

– You must use personal data in a way that is fair. This means you must not process the data in a way that is unduly detrimental, unexpected or misleading to the individuals concerned.

– You must be clear, open and honest with people from the start about how you will use their personal data

this also applies; taken from ICO website 16.06.19 same section as above what the ICO ignored

– ( You must identify valid grounds under the GDPR (known as a ‘lawful basis’) for collecting and using personal data.

– You must ensure that you do not do anything with the data in breach of any other laws.…. (including altering and withholding the facts from a sheriffs court! or anywhere else..)

9 November 2018

Case Reference Number RFA0669181

Dear Ms,

Thank you for your further correspondence, I understand that you wish for me to reconsider your complaint. Having reviewing the subsequent correspondence provided by you, I have not identified any further data protection issues which we would pursue with the organisation in addition to the assessment which we provided to you on 11 April 2017.

My opinion remains that much of the subsequent issues which you have raised are service issues which fall outside of the remit of data protection. If a third party will be submitting information on your behalf, please can you provide us with a letter of authority to confirm that can act on your behalf with the ICO in relation to your data protection concerns.

I would also like to explain that our service standards state that we are unlikely to look into a matter where over three months have lapsed since the final correspondence with the organisation. Therefore if no new issues are identified it is unlikely that we would revisit your previous concerns.

I do not consider that my advice has altered since we last corresponded in 2017, however if any of my correspondence was unclear I apologise for this. In my letter to you dated 11 April 2017 I did agree that the organisation had failed to provide you with all of the information to which you were entitled as part of your Subject Access Request (SAR) within the relevant time frame. We also provided the organisation with advice in relation to providing individuals with their Customer Data Protection Notice.

(see original above) she is missing out where she told CHA to remove the excessive inaccurate data and has watered down her original decision to appease CHA who must have their own way.)

We asked that they mitigate similar situations occurring in future, however aside from providing this advice there is no further action which we would take in light of this.

With regards to the inaccuracies which you had identified, we did not believe that these matters related to accuracy as a matter of fact and advised both you and the organisation that we would be unable to pursue this. (changing her story from the original, above)We did however outline that the organisation had been amenable to appending your notes of dispute onto the record and reviewing the document, despite it accurately reflecting the opinions of the professional and an account of their recollections. My understanding from your subsequent correspondence dated 3 January 2018 is that they are still willing to review this document.

We outlined in our correspondence of 11 April 2017 that there was no further action which we could take in light of the contact report and this advice remains. Should you wish for Caledonia Housing Association to review the document you would need to contact the organisation directly.

**Your reference to falsifying records and ‘lying’ are not matters which fall within our remit, they relate to allegation of fraud and this is not an issue which we can address.

Yours sincerely,

Willow Warder

Lead Case Officer

Information Commissioners Office

0330 414 6655

To:Casework

12 Nov 2018 at 05:22

Dear Willow

Thank you for your email dated 08.11.18 I have been advised and therefore wish to draw your attention to the following:

If I could be absolutely clear, the issue is in regard to consent and ‘the right to erasure’ as per the guidance shown on your website. As you know the Legislation regarding the keeping of personal data has changed under the GDPR; this sets out the current requirements for the keeping of information and supersedes the previous Regulation.

In your original response dated 11.04.17 you stated In relation to my query regarding the accuracy of the Contact Report, “please be advised that for the purposes of Data Protection, accuracy relates to the accuracy of a matter of fact. The content of the Contact Report consists of the opinions of a professional and an account of her recollections.  **Furthermore, from the information provided by M–s , your organisation will accommodate Ms– ’s request to have excessive information removed. In light of this it does not appear that further involvement from the ICO in relation to this aspect of this concern is necessary at present.”

**and you have subsequently retracted that statement by your recent email. My concern is, and was, the keeping of prejudicial, inaccurate, and my personal and sometimes sensitive information against my wishes.

If I could draw your attention to your guidance on consent (available on your website) ‘at a glance’ 2^nd bullet point: “Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, build trust and engagement, and enhance your reputation.” In the 5^th Bullet point it states “Explicit consent requires a very clear and specific statement of consent.” And the 10^th Bullet point: “Make it easy for people to withdraw consent and tell them how.”

It seems very clear that consent must be given before data can be kept. There is also the question of ‘the right to erasure’ this allows an individual to make a request for erasure verbally or in writing (I refer to my previous correspondence).

That said, it is my understanding that under the terms of GDPR that CHA should have sent me a letter or email asking if I still wished for my data to be kept by them; this did not happen, and no correspondence was received by me within the timespan of the new Regulation, i.e. 25^th May 2018.

I am still at a loss whether my personal data has been kept or erased and that is why I asked for guidance from the ICO.

Article 4(11) of the GDPR defines consent as: “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.”

3. Elements of valid consent

Article 4(11) of the GDPR stipulates that consent of the data subject means any:

   – freely given,

   – specific,

   – informed and

   – unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

The points I am trying to raise are these. Fact; CHA have breached their tenancy agreement multiple times and engaged in very dishonourable practices which have forced me out of my home and caused me financial, emotional, and physical harm. They have proven they are not trustworthy, and they will never honour my data; or anything else and as a result of these facts I find their customer service standards and data protection practices, morally abhorrent. I wanted them to stop processing my data but now they have ruined my court case by misleading the court and prejudicing the opinions of the first sheriff. I proved CHA and their solicitor engaged in acts of deception to second sheriff. It is a matter of record.

“The ICO launched its long-term public information campaign ‘Your Data Matters’ to coincide with the new Data Protection Act in May 2018.”

Well clearly mine doesn’t matter to CHA or now to the ICO. CHA still haven’t complied with GDPR; that fact cannot be ignored.

I was informed by yourself in my first complaint “…However, under Principle 1 of the Data Protection Act (DPA), organisations need to be open and transparent about how they process data. For this reason, the organisation have devised a Customer Data Protection Notice and request that data subjects sign the organisations form in relation to this which they store on record. You have raised concerns that this information was not provided to you and also that you and other residents have not signed the form.

The fact that these forms were not signed does not directly mean that the organisation have breach Principle 1 of the DPA. Their procedure of having forms signed is more of a company policy than a specific requirement under the DPA.”

However, for CHA to claim they will do something and then for them to ignore is another act of deception as it is misleading especially as when signing a tenancy agreement which is a legally and binding contract, both parties are expected to comply. Prospective tenants would expect CHA to honour all they claim including abiding by data protection, and not just pretend to get people to sign, otherwise CHA are signing under false pretences. This again proves CHA do not have credibility. How can anyone be expected to trust people who have no credibility? Would you?

A quote from the link you sent me on responsible authorities “we believe that the organisation responsible should deal with it. We expect them to take your concern seriously and work with you to try to resolve it.”

I couldn’t agree more with the above statement, but the points about CHA you are avoiding, is that they are not a responsible authority and for over 2 years have engaged in multiple acts of deception including falsifying reports, and unprofessional behaviour to prove they are not even honest or willing to abide by any policy, legislation or authority. They have worked against me and bullied and intimidated me to the point being detrimental to my health and welfare, (and other tenants) and are actually committing a criminal offence. (I am not the only tenant who has been driven out of  their home.) All things considered; it is totally unreasonable to expect me to communicate with them all over again to get them to comply with what everyone naturally expects from data protection.

Had CHA complied with what you instructed and with the Data Protection Act past or current, I would not have had to take them to court or be having to ask you again to get them to comply. Had CHA not misled the court over the facts, (not just Data Protection) and making sure my case was not heard by prejudicing the opinion of the court, I had overwhelming evidence to support the reasons CHA should not process my data or indeed anyone else’s. This is a provable fact. People with total disregard to laws and the Human right Act etc, and who alter (falsify) data at will, should never be allowed to process anyone’s information, surely you must see this. Fact: nobody would trust them with theirs if they knew how CHA process it behind their backs. The 2^nd sheriff understood this, why can’t you?

Guidance for social housing providers | Equality and Human Rights Commission (equalityhumanrights.com)    Article 8: Right to respect for private life, family life and the home

Everyone has the right to respect for their private and family life and also the right to respect for their home and correspondence. ‘Private life’ has a very wide meaning. People should be able to live in privacy and be able to live their life in the way that they choose. Their personal information should be kept private and confidential. The right to respect for a person’s home is not a right to housing, but is a person’s right to access and live in their home without intrusion or interference…. You should take positive steps to prevent other people seriously undermining a person’s home or private life, for example, through serious pollution or anti-social behaviour. Article 8 is a qualified right. This means that you cannot interfere with the right, for example by forcing people to leave their homes, unless you are acting in the interests of national security, public safety or the economic wellbeing of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others. You must be acting in accordance with the law and there must be no less intrusive way of achieving your objective.

You have ignored the multiple violations of privacy I have brought to your attention. Can you identify the legitimate reason why CHA can nosey around my home unattended accessing my personal belongings and without permission and take photos of the inside of my home from outside, to upset me. I have already given you evidence to support my more believable responses to CHAs lame excuses made up after the fact. These incidents were withheld from relevant SARS, another attempt of dishonesty to prevent accountability.

Article 6: Right to a fair trial

Article 6 is an absolute right. Everyone has the right to a fair and public hearing, before an independent and impartial tribunal, within a reasonable time.

I gave you supporting evidence of dishonourable practices to show why I cant trust them, but you respond by deflecting and focusing on what is not in your remit rather than what is, and the fact CHA are acting like they are above (and have no respect for) the law. Everyone, with no exception, is expected to comply with the laws and not alter it to suit their own agendas. Wouldn’t you agree?

What kind of a company encourages a solicitor to break her code of ethics to mislead the sheriffs on the facts? They will use anyone to avoid taking responsibility. They then blame them to deflect from their wrong doing. They do not care who they get into trouble as long as it is not them.

Your data matters | ICO    “It belongs to you so it’s important your data is used only in ways you would reasonably expect, and that it stays safe. ” This is in your remit?

They have no integrity whatsoever. Yet, you want me to forget all this and go round in circles again to get CHA to refuse to amend or remove unless on their terms eg good will gesture and no admission of wrongdoing. Absolutely not. The references to opinions of the professionals is irrelevant when dishonesty, intimidation are not recognised as a personality trait of a professional. Opinions of dishonest people do not matter. Opinions are subjective and biased, but facts are objective. In my case, provable.

Subjective – Definition, Meaning & Synonyms | Vocabulary.com

It might interest you to know how a legal person described CHA’s reports etc… as being a “twisted perspective”.

Garry Savage from CHA claimed in my first SAR, I made 2 corporate complaints about repairs without any evidence to support as they made it up, they are making reports up as they go along or after the fact. Falsifying information is indisputably dishonest. The 2^nd sheriff agreed as did every other decent human being who knows the facts, yet you are ignoring the fact. Facts matter. Evidence matters. Opinions of dishonest people do not.

“We did however outline that the organisation had been amenable to appending your notes of dispute onto the record and reviewing the document, despite it accurately reflecting the opinions of the professional and an account of their recollections.”

Using the word accurately is inappropriate here, as you forget I have a recording and recollections are not to be relied on when she made copious amounts of notes. Same applies to Garry Savage yet you are placing more importance on the rights of people who have engaged in multiple actions of deception, than my rights to protect my own data.

– The processing must be necessary. If you can reasonably comply without processing the personal data, this basis does not apply.

– You should document your decision to rely on this lawful basis and ensure that you can justify your reasoning.

– You should be able to either identify the specific legal provision or an appropriate source of advice or guidance that clearly sets out your obligation.

Please advise me of the legitimate reasons CHA have past and present for processing any of my data and especially the data I have objected to for 2 years+,   includes sensitive data which is not relevant to the contract I have with them. They did not honour their own claims in their group Data Protection Policy which I have already highlighted to you and you told them to follow policy.

7.1 …”will always obtain consent from the individual/data subject prior to processing

any personal or sensitive data.

7.2..Consent obtained under duress or on the basis of misleading information will not be a

valid basis for processing. There must be some active communication between the

parties such as signing a form and the individual must sign the form freely of their own

accord. Consent cannot be inferred from non-response to a communication. For

sensitive data, explicit written consent of data subjects must be obtained unless an

alternative legitimate basis for processing exists.”

Fact; I have made repeated requests to Cha to remove inaccurate and misleading, prejudicial and excessive data and that which is not pertinent to the contract I have with them, and they refused and responded by adding more of the same and now you want me to play their mind games all over again. That is why I contacted you the first time and you told them to remove “ Furthermore from the information provided by Ms —, your organisation will accommodate Ms —’s request to have excessive information removed.”  Noncompliance is in your remit

Pages 14-15 , 19, 21, of 73 pages of SAR 2  show I have repeatedly requested removal of inaccurate excessive data. I have given them multiple opportunities to reply but they are just a having a laugh at the authorities expense as well as mine.

Page 20 shows Garry willing to amend all inaccurate data but later changes this to “as a good will gesture”. I think we need to stop pretending I haven’t asked them to remove this or made clear what I object to. That which I strongly believe, CHA do not have a legitimate reason to process in the first place unless you can prove why my rights are being disregarded.

CHA state in a few pages in 3^rd Sar ‘to legal advisors acting on my behalf  “ Where appropriate, we have included the full document or a screenshot image, as this often makes the information easier to understand when extracted from our systems. This does include some codes and abbreviations which have been explained in the attached Document List. No information requested has been withheld under any exception.”

Compare this format to the ones I received and tell me how 73 pages of bulked up unnecessary data I did not ask for, in a virtually unreadable format, with multiple copies of same pages already received in previous SAR; pages with anti -virus information and nothing else etc. This was deliberate to put obstacles in my way because they do not want to comply with my right to access my data. You cannot deny this, it is blatantly obvious. CHA wants the right to conceal their dishonest practices and ignore my rights of access. What happened to page 23 of reasonable adjustment.  This applies to the ICO too, (along with Human Rights Act  etc) and yet I am being made to quote you your own information on data subjects rights.

CHA withheld from SAR3 the violation of my privacy incident with the clerk of works who I caught taking photos inside my windows. Police Scotland (twice confirmed to me and advised me to put up CCTV cameras to avoid it happening again, that this alone is a complete violation of my privacy and unacceptable. I am aware you have data on cameras and personal privacy rights. After asking for an apology for CHA violated my privacy twice, their response is to then send later someone around taking photos of inside my home including personal messages on blackboards in my kitchen. I could have been in bed, or my grandchildren could have been. How can you expect people to trust this company? How is that acceptable. This is not an exhaustive list of breaches of contract. I have very good reasons for wanting CHA to remove the data, and I am not even living in their house anymore. I was forced to moved out because of their dishonourable business practices. CHA withheld this evidence in 3rd SAR and they have withheld all repair requests in all 3 SARS. CHA Pages 41-43

With reference to your comments on fraud, I am glad you acknowledge that lying and falsifying data is indeed fraud, but as far as you claiming it is not in your remit, the investigation of this is not, but protecting my data is. People who lie a lot have no credibility, people who falsify data have no credibility, people who engage in malicious action to avoid anyone making complaints against them, also have no credibility.  I am not being unreasonable expecting you to respect my wishes and the instructions you originally gave to CHA and apply the new GDPR rules including my right to erasure, which are within your remit as is my right to ensure my data is safe, which it currently is not.

 “ It belongs to you so it’s important your data is used only in ways you would reasonably expect, and that it stays safe. Data protection law makes sure everyone’s data is used properly and legally.”

Fact: my data has not been used in ways which anyone would reasonably expect and is not safe. It is not being used properly and legally. Therefore, I understandably expect the ICO to comply with its legal obligations and do what it is meant to do to protect my interests. My rights to erasure should be respected. Otherwise I would like you to give me legitimate, valid reasons (and not attempts to deflect) why you are refusing to protect my data from this company and anyone they are free to pass to, and therefore disregarding all of my rights as required in legislation.

“…processing is necessary for compliance with a legal obligation to which the controller is subject.”

…The point is that your overall purpose must be to comply with a legal obligation which has a sufficiently clear basis in either common law or statute.”

I am not the bad guy here, I have done nothing wrong. I am an old woman, I should not have to have all this unnecessary stress impacting on my health for so long, making me ill. People should just comply with what is expected of them and what they claim to do in their jobs and abide by legislation. I will be happy to highlight what I expect to be removed.

‘I look forward to your response and comments regarding the failure by CHA in following the current guidance as contained in GDPR’.

Yours sincerely

20 November 2018

Case Reference Number RFA0669181

Dear

Thank you for your further correspondence in relation to Caledonia Housing Association and the way that they process personal data. Your comments have been noted and will be recorded on the case.  I have considered the further correspondence provided by you, however my position on the matter has not changed and there is no further action which we would be able to take in light of your complaints.

You have referred to the new GDPR legislation which was enforceable since 25 May 2018 and to the requirement for consent to process personal data. Under the GDPR there are six available lawful bases for processing personal data and consent is just one of these lawful basis. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on the purpose and relationship with the individual. In this instance it is unlikely that Caledonia Housing Association would have been relying on consent for processing all of your data.

The GDPR does give individuals the right to request that their data be deleted under the right to erasure. The right is not absolute and only applies in certain circumstances. Should you wish for Caledonia Housing Association to consider your deletion request under GDPR we would suggest that you contact them directly.

I have considered the correspondence in relation to the painters who were photographing your home but there is no further action which we could take in light of this aspect of your complaint as it does not constitute a data protection concern. You raised your concern about the contractors and received a response to clarify that they were the work clerks. I understand that you have also contacted the police because you believe that they were taking pictures of the inside of your home, this matter relates to the conduct of the contractors.

Yours sincerely,

Willow Warder Lead Case Officer

Information Commissioners Office 0330 414 6655 For information about what we do with personal data see our privacy notice

Sent: Tuesday, 20 November 2018, 10:42:34 GMT

Subject: Your Data Protection Complaint [Ref. RFA0669181]

To:Casework

20 Nov 2018 at 15:18

Dear Willow,

Thank you for your email, refusing to protect my data from an unscrupulous company. I acknowledge how you have totally disregarded and ignored the unnecessary stress that Caledonia Housing Association have maliciously caused me, and that they have your approval to process falsified records, to avoid accountability. I am not the only recipient of their harmful and dishonourable actions, it is how CHA conduct their business. But you deem their actions acceptable.

You have completely ignored ICO information; including the GDPR 7 Data Protection Principles and decided to focus on deflecting all of my concerns elsewhere as a means to refuse to protect my data. You have also redacted the instructions you previously gave CHA, and the fact I pointed this out.

You ignored the fact they have withheld data from me multiple times, bulked up SAR no 2 and sent in format I could not process due to my disabilities therefore putting obstacles in my way, which is against Disability Discrimination act and against what you advise on your web page on SAR.

I sent you the email from the contractors over the camera violation of my privacy, they said it was Caledonia Housing clerk of works and a contractor, as I am sure you read. I saw them taking photos in my house and only mine as already explained to you. But you chose to accept their reply which is implausible evidence especially as  it changed for the purpose of the court. CHA directors like to use other people to do their dirty work. Those who are gullible enough or dishonourable enough to comply, do not realise that CHA then turn on them and blame them, to deflect away from themselves.

The ICO has conducted surveys on how data subjects have distrust in companies, and yet you turn a blind eye to all CHA does; still allow them to continue processing their lies, which any decent human being with a moral compass would find (and many have done so) morally abhorrent.

I wonder how many people would trust the ICO if they knew you prioritised CHA’s dishonourable practices including data protection, above the rights of the data subject!

Tenants find out to their peril CHA don’t abide by rules or the law, but they do expect other authorities who are supposed to enforce the law to do their job. Clearly not the case when CHA are involved as they are obviously above the law and encourage others to do so on their behalf. Service users are being misled by them and other authorities, so it would appear, when they sign a contract with them. But you don’t care.

By doing nothing to protect my data, you have stamped your approval on all of this. Don’t bother to reply, you probably had made your mind made up before I even contacted you. I will be keeping all your correspondence for future reference; when ‘the can of worms’ that is CHA; is finally exposed.

Attached are the GDPR principles which you chose to ignore to protect CHA’s dishonourable interests.

Just one last note:

“All that is necessary for evil to thrive, is for good men (and women) to do nothing”   Edmund Burke

Yours sincerely

Take note Willow Warder is implying that the clerk of works was from the contractors, and they were to blame for taking photos of the inside of my home, yet it was CHA’s clerk of works  taking the photos, as evidenced in communication from Bell Group, See chapter 6. I made a complaint about her handling of my data concerns. Her manager’s response is below.

casework@ico.org.uk <casework@ico.org.uk>

To:

11 Dec 2018 at 17:35

Case Reference Number RCC0804345

Dear Ms,

I am writing further to your case review request email dated 21 November 2018. This relates to the data protection concern that you reported to the Information Commissioner’s Office (the ICO) about Caledonia Housing Association.   Please find attached a leaflet which explains how we handle requests for a case review.

Your complaint I have considered the points you have raised and have also reviewed the relevant information that we hold about your data protection concern. I am satisfied that Mrs Willow Warder dealt with this matter appropriately and in line with our case handling procedures. In this case Mrs Warder explained the reasons for her decision in her letter of 11 April 2017 and more recently regarding your further concerns on 8 November 2018, 9 November 2018 and on 20 November 2018. Having reviewed the matter, I agree with the explanations provided.

Although I appreciate you may still have concerns about the handling of your personal data by Caledonia Housing Association, Mrs Wader has responded to your further points and provided additional explanation beyond our assessment regarding conditions for processing. She has also outlined that should you remain concerned about the accuracy of information you should return to the organisation to provide them with further information for them to address. Finally the advice she has provided regarding the application of the General Data Protection Legislation in this matter also further seeks to clarify these points.

Should you remain dissatisfied, although I have noted you have already attempted to raise your concerns through the courts, they would be best suited to possibly address some of these outstanding issues. However, you should seek independent legal advice before doing so.

Taking your complaint further   A case review is the final stage of the ICO’s case handling process. However, I appreciate that you may disagree with our decision and our case review. If you remain dissatisfied the attached leaflet outlines the options available to you.

Yours sincerely,

Douglas Burton Team Manager Information Commissioner’s Office

Attached: case review information leaflet

And my final response to the ICO:

To:casework@ico.org.uk

12 Dec 2018 at 11:42

Dear Mr Burton

You are right, I do not agree with your decision, which I believe is as a result of Caledonia Housing contacting you when they found out you had come down on my side originally. You are not the only authority who has bowed to pressure or been happy to cover the wrongdoing by this manipulative, dishonest company.

It is ludicrous to expect me to contact the company over a matter they refused to acknowledge originally, and for which your case officer gave them instructions, which they ignored, and you have now retracted. I do not suck up to criminal types. I gave them every opportunity to do the right thing and they broke the law and used their influence and resources to drive me out of my home.  I know what they have done to others too.

As this company fights dirty, and with your approval, I will deal with it my own way and add your refusal to protect my data (and others) from those who falsify data and engage in malicious action against its tenants. You can continue protecting them and I will continue protecting their victims. CHA are conducting their business as a law unto themselves and you have assisted them.