-
I'm reading that as: the security researcher is not an employee of the org and has penetrated their records passing info to journalist to report on breach.
So they have been caught out storing personal data in an unsafe way- I'd be cross.
Edit- they were hacked, but by a 'researcher'.
-
Has anyone here filed a complaint regarding GDPR non compliance? I just had an animated to and fro with Virgin media. I wanted a copy of my previous phone call recordings to dispute a charge they had placed on my account. The call center worker flat out said "no we can't do that for data privacy reasons". I then asked to stop being recorded to which I was told they don't have the option to not record my phone call. I get that Virgin probably outsources their call center work to an external company in India, but they're effectively acting as a proxy for Virgin and I expect such a large company to be better equipped to handle the new GDPR laws.
-
No-one is set up for it. The best most companies have done is work out what the data retention should be, they'll figure out the provision of data question only when law suits arise.
Besides, you can't just ask verbally (which is what you make it sound like), you need to do so in writing with proof that you are the subject in question.
-
I actually managed to get a manager at the call centre to log my request for the recordings and will have them emailed to me in 30 days. I was fully prepared to have to submit something in writing to their complaints department. I guess the thing that irked me was the blatant refusal to cease the call recording and the total lack of understanding by the manager I spoke to about the data protection laws that Virgin must adhere to. It definitely seems that Virgin haven't bothered to update their call centres on the new laws and will only improve processes once complaints/lawsuits are raised.
-
Raise a complaint with the ICO - that's what they're there for.
https://ico.org.uk/make-a-complaint/ -
I guess the thing that irked me was the blatant refusal to cease the call recording
I'm not sure you have the right to ask that.
It could be considered part of the provision of service and protections for their staff from potentially abusive customers. As well as putting them at increased legal liability when a customer then claims "But your rep said X" and there is no recording to prove that.
-
My understanding is that you must now provide consent to a data processing act which a call recording would constitute. Most telcos' audio recordings state the recording is for "training and quality purposes" (i.e. there is no legal mandate for them to record the call). If this is the stated purpose of the data processing act they must allow you to opt out.
It's clear as mud I suppose. If Virgin had handled my initial complaint a bit better I'd have cut them more slack but they've been dicks so I'm holding them accountable.
salmonchild
pizzarat
Sumo
Pifko
Scrabble
amac090
chez_jay
aggi-
Post a reply
About
GDPR fun
Posted by
@Velocio
Got this email through this morning from a company I haven't used since 2015, and even then it was a one off - I hadn't heard anything from them at all since then. They weren't even hacked, they seemingly just gave away my data to a journalist.
I feel cross. Should I be cross? Is there an easy way I can check which companies still hold my data and could be spaffing it out randomly?