Data Protection Act – It is getting hotter!

[Rob Freeman]

I wanted to warn all business owners of the perils of ignoring their responsibilities with regard to the Data Protection Act (DPA). I frequently attend and present at meetings attended by the directors of small businesses and many still think that the DPA does not apply to them. This is usually not the case and with a very few exceptions, if you store and process information on your staff, partners and customers; your company must comply with the DPA!

It is true that DPA has been around for a long time and very few have been prosecuted but this has all changed. From last April, the powers of the Information Commissioner's Office (ICO) who is the regulator for the DPA have been strengthened to include fines of up to £500k for organisations that are in breach of the legislation. Only last week, the Deputy Information Commissioner, David Smith confirmed that the ICO will be fining two UK companies in the next few weeks.

Rob Freeman

 

[Kernowman]

I wish they would fine the idiots up who ring YOU on YOUR telephone number, tell you YOUR name to which you reply "yes", then demand all sorts of "security questions" from you before they even tell you who they are and what they are calling for

My answer now is for them to PROVE who they are before I give out any sensitive personal information out over the telephone. Not one has succeeded yet.

I would love to meet the idiot that devised this scheme

 

[Alex C.]

I wish they would fine the idiots up who ring YOU on YOUR telephone number, tell you YOUR name to which you reply "yes", then demand all sorts of "security questions" from you before they even tell you who they are and what they are calling for

My answer now is for them to PROVE who they are before I give out any sensitive personal information out over the telephone. Not one has succeeded yet.

I would love to meet the idiot that devised this scheme

Having worked for a major telecommunications call centre (Sky), I was amazed how many people give this information out. I'd say in probably a few thousand outbound calls (relating to internet orders), two or three people queried me about proving who I am - two of those relented when I said I wasn't allowed to discuss anything until they had confirmed the first line of the address and their password, the other rang us back.

With companies calling me on my mobile - I'll challenge them to provide me with something basic first, like 'what subscription package am I on' - something which is not easily publicly available (like a date of birth).

There was a fantastic program on TV about 3 years ago where someone called up random people in the phonebook to obtain their date of birth (with a very simple pretext of being from a credit card company and having received an application in their name). They then opened catalogue accounts easily at an unused address.

Unfortunately, identity theft is still given a very low profile in this country, and the police rarely bother to investigate it, so it will continue!

But that's a massive tangent from the original post

 

I'm always getting people ringing me asking to confirm my business details with them. Soon as you ask who they are they hang up

 

[Kernowman]

So where does the DPA law fit in with the people that are selling your details on to other companies without your consent?

 

So where does the DPA law fit in with the people that are selling your details on to other companies without your consent?

I seen a program on the BBC a while ago about Facebook and how they sell your details for 1p at time. Its big money

Alot of loan brokers do the same you go to them for a loan and they sell your details onto around 10 other companies.

 

[Kernowman]

So the next time I find an instance of my details being sold off without my consent I should lodge a formal complaint with the ICO?

I had a company ring me up a while ago for a "survey" and to each and every one of the questions asking if they could pass my information on to "selected companies" I replied no I did not want my details passing on. Within days I had a stream of energy, insurance and PPI recovery businesses calling me

 

[Asholay]

Nice to see a topic on Data Protection.

I noticed they ICO are hotting up on this recently as I deal with DP for many companies. The OFT are also really pushing the need for having a correct Consumer Credit Licence as well - another area which companies can fall short on without realising, but suffer big fines.

 

Its all well and good having DP certificate in place, But their is no checks to see if you comply with it nor is the application process any good. Bit of a joke

 

[Asholay]

Its all well and good having DP certificate in place, But their is no checks to see if you comply with it nor is the application process any good. Bit of a joke

That's what this thread is addressing?

Your post is also a great example of why they're taking a new approach, because the general attitude is exactly that.

 

[Rob Freeman]

So the next time I find an instance of my details being sold off without my consent I should lodge a formal complaint with the ICO?

I had a company ring me up a while ago for a "survey" and to each and every one of the questions asking if they could pass my information on to "selected companies" I replied no I did not want my details passing on. Within days I had a stream of energy, insurance and PPI recovery businesses calling me

If you belive your information is being used unfairly and that includes them transfering it to other companies, you should should contact the company in writing and ask them to resolve the issue ASAP. If they do not resolve the issue or do not reply, then report them to the ICO. Always reference the Data Protection Act and check out the ICO website which even gives you the words to put in your email or letter.

Rob Freeman
IT Governance

 

[Rob Freeman]

Its all well and good having DP certificate in place, But their is no checks to see if you comply with it nor is the application process any good. Bit of a joke

This may have been the case in the past but things have changed. If individuals first contact the company and ask for the issue to be resolved (remove the data or confirm no transfer) but get no response - make sure you report the company to the ICO.

The ICO now has teeth.. As well as fines, the negative publicity is very bad for business.

Rob Freeman
IT Governance

 

[Doug]

In terms of storing information a lot of businesses are now trying to add extra security to their documents, and there are a few ways of doing this.

A lot of businesses find using these methods not only adds security but also makes it much easier for them to demonstrate compliance with the DPA or other regulations. Documents are securely encrypted and all documents have a full audit trail stating who did what and when.

 

This may have been the case in the past but things have changed. If individuals first contact the company and ask for the issue to be resolved (remove the data or confirm no transfer) but get no response - make sure you report the company to the ICO.

The ICO now has teeth.. As well as fines, the negative publicity is very bad for business.

Rob Freeman
IT Governance

The ICO has no teeth, I know three companies round my area that got found discarding personal info about people in the trash the local council reported them to the ICO and they never done a thing. Its the same with all these data leeks when people leave stuff on a train or bus nothing ever gets done. Its just a pointless company that I have to pay to get a piece of paper from and other companies get away with murder.