Who's the data subject?

Making unsolicited marketing calls to TPS numbers is unlawful.

Continuing to hold and process personal data when requested not to, and having no reason to, is unlawful.

So either way, unwanted "junk" calls should be possible to handle somehow.

Sadly someone has given my number with her name on a loan application. I am now being constantly hassled (asking for her).

These are not marking calls (as such) as far as I know.
These are not unsolicited - in that someone asked them to call.
And the contact details they have do not have my name.

Am I even the data subject? My number on its own is not really personal information as it does not allow me to be identified (as reverse phone lookups are meant not to be allowed). The name is not me. So even if together they are personal information, I am not the data subject?

I'm not the intended recipient of the calls.

Are they breaking an regulation or law by constantly calling for this person? Even harassment, they are intending to harass this other person, and not me!



  1. If you've made them aware you are not the person they're looking for, then surely that becomes harassment if they continue to keep calling you?

    Also are they not breaching the DPA or confidentiality or something like that by continuing to call you about this other person's loan application when you've made them aware you're not that person?

    Final thing you could do is try the FCA - given how regulated financial things are they might be able to help...

  2. I hate this kind of hassle so much that in the past I've had two email addresses (same would work with phone numbers). One is super, super secret and only given out to close and clued-up friends. The other is given out to potential scumbags who might pass it on. This second one is discsrdable. I simply bin it should it bcomes the target of abuse. Three classes would probably be better than two. VoIP now I feel makes it easy to make this kind of agile change with phone numbers.

    1. I use disposable email addresses all the time, I have a whole domain set up, and just yesterday it seems one leaked. I also have at my disposal literally millions of phone numbers - if they had asked then I would have allocated one.

  3. I would think that you would be able to tell them:
    1. The person they are trying to contact is not reachable on that number.
    2. The number is your personal number, so you are the only person who would be reachable through it.
    3. You would consider any further calls from them to that number to be harassment and would involve the police and take appropriate legal action against them.
    4. The DPA requires that they keep information accurate, they have been informed that the information is inaccurate so must take action to correct it.

    You might also be able to suggest that, since the loan applicant gave your contact details rather than their own, the application should probably be very suspect WRT identity theft.

    I'm not convinced by an argument that phone numbers aren't personal data because you can't do reverse lookups - by that argument you would be able to say that a date of birth isn't personal data because you can't identify a single person from it, or even that your name isn't personal data since many people share the same name. The phone number _can_ be used to identify you when combined with other data (e.g. someone who is expecting a phone call from you would be able to identify that it is you calling, just from the CLID).

    I have used the "harrassment" angle against the Student Loans Company many years ago and it seemed to work - they kept on sending regular letters to my address, addressed to someone who doesn't live here, so I thought I would do the nice thing and tell them their information was out of date. Their response was "we know they don't live at that address any more, but we haven't got a more up to date address and we're required to contact people through the last known address". I told them that I would consider any further letters to be harrassment and that I was formally telling them to stop sending them - and they have indeed stopped.

    1. Maybe SLC are harassing the person who doesn't live there but it's hard to see they are harassing you. All you need to is return the unopened letters to the sender.

    2. Are they going to pay for my time to take them to the post box and return them (which I believe you're legally required to do with mail that is not addressed to you)?

  4. Try a TrueCall box for banishing unwanted calls forever (I've gone from daily spam calls to none ever!) or make your own in your VOIP system.

  5. I think you could make a good case that, in respect of this one particular number, it is the personal data of you, RevK, and that the rules under the DPA should apply, although, before you make that argument, take a look at the exceptions in the DPA, and how they might argue that their activities are exempted from certain principles, so you can combat them up front.

    From the perspective of harassment, the law does not require "intention to harass someone" as such (http://www.legislation.gov.uk/ukpga/1997/40/section/1), and, if you have made it clear that calling that number will never connect them with their target — that they have the wrong number — I wouldn't see a reason in principle why PfHA could not apply. (Also bear in mind that, unlike the data protection / ePrivacy regime, "anxiety" is a base of damage in a civil claim in itself, under s3.)


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.


There are lots of ways to debug stuff, but at the end of the day it is all a bit of a detective story. Looking for clues, testing an hypothe...