GDPR fun

Posted on
of 4
First Prev
/ 4
  • Got this email through this morning from a company I haven't used since 2015, and even then it was a one off - I hadn't heard anything from them at all since then. They weren't even hacked, they seemingly just gave away my data to a journalist.

    I feel cross. Should I be cross? Is there an easy way I can check which companies still hold my data and could be spaffing it out randomly?

    Dear pizzarat,

    This morning we became aware that some of your personal data was accessed by a third party.

    The personal data in question includes your name, postcode, telephone number and email address that you provided in relation to your account. No credit card, payment data or your password was accessed as part of the breach.

    We wanted to first reassure you that as soon as we became aware of the breach, we took steps to fix it and can confirm that the data is protected.

    At the moment it appears that the data was accessed by a security researcher who passed it on to a journalist. If this is the case, the risk of phishing emails or use of your data is substantially lower, however we wanted to alert you as soon as possible and will continue to investigate.

    We have posted an FAQ on the implications and guidance around what to do now (read here), however we recommend that you are vigilant for potential phishing emails, particularly any that appear to come from DaftpotsRus or DaftpotInc. We will never contact you to request personal or confidential information including card or payment details.

    We take the security of our users' personal data very seriously and we offer you our sincere apologies that this has happened.

    If you have any questions, please do not hesitate to contact us

  • I'm reading that as: the security researcher is not an employee of the org and has penetrated their records passing info to journalist to report on breach.

    So they have been caught out storing personal data in an unsafe way- I'd be cross.

    Edit- they were hacked, but by a 'researcher'.

  • I got the same email. I know your secrets.

  • Maybe they only kept the details of the sex pests?

  • Has anyone here filed a complaint regarding GDPR non compliance? I just had an animated to and fro with Virgin media. I wanted a copy of my previous phone call recordings to dispute a charge they had placed on my account. The call center worker flat out said "no we can't do that for data privacy reasons". I then asked to stop being recorded to which I was told they don't have the option to not record my phone call. I get that Virgin probably outsources their call center work to an external company in India, but they're effectively acting as a proxy for Virgin and I expect such a large company to be better equipped to handle the new GDPR laws.

  • No-one is set up for it. The best most companies have done is work out what the data retention should be, they'll figure out the provision of data question only when law suits arise.

    Besides, you can't just ask verbally (which is what you make it sound like), you need to do so in writing with proof that you are the subject in question.

  • I actually managed to get a manager at the call centre to log my request for the recordings and will have them emailed to me in 30 days. I was fully prepared to have to submit something in writing to their complaints department. I guess the thing that irked me was the blatant refusal to cease the call recording and the total lack of understanding by the manager I spoke to about the data protection laws that Virgin must adhere to. It definitely seems that Virgin haven't bothered to update their call centres on the new laws and will only improve processes once complaints/lawsuits are raised.

  • Raise a complaint with the ICO - that's what they're there for.

  • I guess the thing that irked me was the blatant refusal to cease the call recording

    I'm not sure you have the right to ask that.

    It could be considered part of the provision of service and protections for their staff from potentially abusive customers. As well as putting them at increased legal liability when a customer then claims "But your rep said X" and there is no recording to prove that.

  • My understanding is that you must now provide consent to a data processing act which a call recording would constitute. Most telcos' audio recordings state the recording is for "training and quality purposes" (i.e. there is no legal mandate for them to record the call). If this is the stated purpose of the data processing act they must allow you to opt out.

    It's clear as mud I suppose. If Virgin had handled my initial complaint a bit better I'd have cut them more slack but they've been dicks so I'm holding them accountable.

  • I don't think you can necessarily ask them to just stop doing stuff (that is required for them to provide the service) because you don't agree with it. They just need to store, utilise and release it correctly

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview

GDPR fun

Posted by Avatar for Velocio @Velocio