Data Protection

Published on Tuesday, 13 March 2012. Posted in Case Studies


A year after selling his property, Mr H alleged that the Agent had provided the address of his new property to an unauthorised third party, which then resulted in that third party threatening him outside of his house later that day.


Mr H explained that, due to personal events, the police had advised him to move house in order to protect his and his children’s safety and that he had gained the Agent’s assurance that they would not release such information to any unauthorised third parties. The Agent denied that they had divulged the address of his new property to a man who had attended their office earlier in the day that the incident occurred. However, it was also the case that
the Agent acknowledged that they had failed to satisfy themselves as to the identity of the man in question and that they proceeded to discuss the sale of the property and Mr H to the extent that they did confirm that he had intended to buy his new property from an agent whose offices were situated two doors away.


As this information was not in the public domain, I considered that it was personal to Mr H, therefore, by releasing this information to the man in question, I determined that the Agent had assisted him in his enquiries. Whilst, I was unable to reach a decision on whether the Agent did divulge Mr H’s new address to the unauthorised third party, I was persuaded that the information they did provide had assisted the man in his objective of obtaining Mr H’s new address. Furthermore, I was extremely critical of the Agent for failing to satisfy themselves of the identity of the man before entering into the discussion. I made an award of £100 to reflect distress caused by the Agent’s actions.


Agents should exercise caution when dealing with any personal information and should only release it if it is fair and lawful to do so. Agents should be able to explain their decisions to withhold or disclose personal information by reference to the appropriate parts of the relevant legislation. All agents should also ensure that they are familiar with the eight Data Protection Principles which underpin the Data Protection Act 1998 and understand how these apply to their business.