Universal Credit Review - data protection breach!

TG0601

Hi everyone,

I know a lot of individuals are having or have had UC reviews where the DWP demand 4 months bank statements. Current laws state that the DWP can only look into financial accounts, bank statements, if there is a reasonable suspicion of fraud. When asked if you are being investigated for fraud, you are told no. As I was.

If the DWP have not sent you the Personal Information Charter, (right to be informed) which informs you of your rights & rights to refuse. This is a clear breach of GDPR laws under Transparency & fairness. They didn’t send me the Personal Information Charter!

The legislation that the DWP state they are using is 38(2) to carry out these “reviews” is :-
Part 3 of The Universal Credit, Personal Independence Payment, Jobseeker's Allowance and Employment and Support Allowance (Claims and Payments) Regulations 2013 https://legislation.gov.uk (opens in new tab) (Reg 38(2)), allows the Secretary of State, to ask for information or evidence in relation to an ongoing award of benefit. These are the statutory powers which allow claim reviews to be carried out. The legislation can be read in full at the following address: https://www.legislation.gov.uk/uksi/2013/380/regulation/38 (opens in new tab) These powers require customers to supply information or evidence in connection with the claim, or any question arising out of it, as the Secretary of State considers appropriate. Agents act on behalf of the Secretary of State when requesting evidence in relation to claims for existing Universal Credit”

However, 38(2) is a PIP legislation & is for medical information NOT for bank statements as shown here :-

38. (2) Subject to regulation 8 of the Personal Independence Payment Regulations, a person to whom this regulation applies must supply in such manner as the Secretary of State may determine and within the period applicable under regulation 45(4)(a) of the Universal Credit, Personal Independence Payment, Jobseeker's Allowance and Employment and Support Allowance (Decisions and Appeals) Regulations 2013 M1 such information or evidence as the Secretary of State may require for determining whether a decision on the award of benefit should be revised under section 9 of the Social Security Act 1998 M2 or superseded under section 10 of that Act”Regulation 8 of the Personal Independence Payments states ;-

8.—(1) The Secretary of State may require C to provide any information or evidence required to determine whether C has limited ability or severely limited ability to carry out daily living activities or mobility activities.(2) Where information or evidence is requested under paragraph (1), C must provide the information or evidence to the Secretary of State within one month from the date of the request being made or within such longer period as the Secretary of State may consider reasonable in the circumstances of the particular case.(3) Where C fails without good reason to comply with the request referred to in paragraph (1), a negative determination in relation to the component to which the failure related must be made.

The DWP are in my opinion, as is quite clear above, misusing PIP legislation to get access to individuals personal data, personal spending, bank statements. PIP is a none means tested benefit which requires NO financial evidence.

Also, the UCR review is a TCR review, Targeted Case Review, which is an anti fraud plan. Look it up. When I stated this to the DWP in my complaint they said it is not a fraud investigation, yet then admitted TCRs are “managed” by UCR who conduct the reviews. Very contradictory!

I raised a complaint to the data protection officer at the DWP after my review as I knew they’d breached my privacy & GDPR laws. I also raised a complaint with the ICO who conducted an investigation. In conclusion of my complaint to the ICO, the DWP stated to the ICO that they will make sure that individuals are made aware of their rights to be informed, via the Personal Information Charter, hence admitting they’d breached GDPR Transparency & Fairness! A data controller Must provide Privacy Information & rights to be informed (Personal information charter in the DWP case) to the data subject at the point of collecting personal data. They admitted their messaging could have been clearer, (they didn’t tell me why they needed my data apart from to see if payments are correct, they didn’t say I would be questioned about personal spending in my review. I was blindsided & was led to believe it was a health review. The ICO also asked the DWP to consider if redactions to bank statements could be considered, the DWP agreed to look at it, balancing the need for transparency in reviewing a claim & PRIVACY of any irrelevant financial information.

Today I was asked for more bank statements (after supplying 4 months last year). When I stated what the ICO had recommended to the DWP, I was told they had not received any recommendations from the ICO, which is an outright lie as they have the ICO response letter. I have now put in a further complaint to the data protection officer at the DWP & the ICO. My physical & mental health has been hugely impacted by all of this, disabled individuals are not treated fairly nor their vulnerability taken into account.

The ICO will only act against the DWP if enough people make complaints about GDPR breaches & privacy breaches.

I am now seeking legal advice.