The High Court in Southern Pacific Personal Loans(SPPL) Ltd [2013] EWHC 2485 (Ch) (8 August 2013).) last week held that liquidators of a company in creditors’ voluntary liquidation are not data controllers for the purposes of the Data Protection Act 1998 (DPA 1998).

Although SPPL was in liquidation it retained a mass of personal data concerning its previous business history. This data resulted in many subject access requests (DSAR) from claims handling companies re PPI policies.

As a result the liquidators sought clarification from the High Court as to whether or not and in accordance with the Data Protection Act 1988 they were data controllers, if not, of course they were free to refuse the DSARs.

It was held that the liquidators were SPPL’S agents and not data controllers. The 5th principle under the DPA states that ‘Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes’.

In order for the liquidator to comply with the fifth data protection principle of the DPA 1998 they should dispose of the redeemed loans data asap. This was because they no longer needed the data to administer those loans.

London Borough of Southwark v IBM UK Limited [2011] EWHC 549.

share this Article

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Share on email

Recent Articles

How are NFT’s regulated in the UK?

The Financial Conduct Authority (FCA) has not yet provided guidance on NFT’s specifically with regards to regulation in the United Kingdom (UK). However, the FCA

What is an NFT and why create one?

NFT stands for non-fungible token. Non-fungible essentially means the token is unique and cannot be replaced with another. For example, a Bitcoin is fungible, so,