Data protection – my arse!

Home Forum Chat Forum Data protection – my arse!

Viewing 32 posts - 1 through 32 (of 32 total)
  • Data protection – my arse!
  • 136stu
    Member

    This really grinds my gears too. It has spread everywhere, since now there are very few face to face dealings. Some wont even answer the most basic questions that clearly do not expose any “data” – so it often appears to be an excuse to do nothing.

    butcher
    Member

    No expert on the laws, but if your wife bought the car, they may have a point. Why should they give you any information regarding someone else’s property, or their customers?

    It might be pretty stupid in this case. But you could be anyone. And this might not be just a car. Where I work, they will not give you any information unless you are the customer, and it is pertinent, because occasionally those requesting information, and requesting changes to their product, are trying to fleece the actual customer, who may be their ex, etc…

    Maybe your wife can contact them and name you as trusted contact?

    fanatic278
    Member

    Some wont even answer the most basic questions that clearly do not expose any “data” – so it often appears to be an excuse to do nothing.

    Glad it’s not just me then. In my case, I share the same address and surname as my wife. I provided the details of the car and where it was bought and serviced in my letter. I’m not exactly sure what data they think they are exposing by dealing with me.

    fanatic278
    Member

    Maybe your wife can contact them and name you as trusted contact?

    Indeed. This is why my whinge is probably a little OTT. But I just hate poor excuses. When you add on top all the hassle Arnold Clark has put us through, it doesn’t take much to wind me up.

    Premier Icon frankconway
    Subscriber

    Share your frustration.
    When asked multiple ‘security’ questions I now ask why; the response is always ‘data protection’; I then ask which specific section and clause of the DPA requires the verification of this information.

    Response is, invariably, ‘…..well, we need to confirm your identity’; fair enough but your multiple questions are unnecessary and you have been unable to refer me to the specific section of the DPA.

    Have you ever tried making a payment to a utility company by phone and they trot out the security nonsense; I’m calling to make a payment and have given you the account number – do you want my money or not?

    fanatic278
    Member

    Can anyone explain to me the ins and outs of data protection laws? It rates up there with ‘elf and safety on my list of annoying excuses to not do something.

    My current example is not a good one to use, to be honest. Just the straw that broke the camel’s back. I bought a nearly new car from Arnold Clark 3 years ago and have had untold issues with both the car and how Arnold Clark have handled it. Every time I take it in to get something fixed under warranty they try and fleece me for diagnostic charges. The worst occasion being when it just turned off whilst my wife was driving at 60mph with the kids in the back. Arnold Clark firstly refused to collect the car, then plugged it up to their computer that recorded no fault, then tried handing me back the keys and charge me £60.

    Anyway, cut to the chase. I sent a long letter with my complaints. And the first response back was that they can’t deal with me due to data protection laws. They need to talk to my wife. I know this is a poor reason to get pissed off, but it really has wound me up.

    <wrong forum>

    try buying foreign currency from the post office using a debit card. They need photo ID. I asked why, she said “money laundering”. I pointed out that criminals laundering money tend to use cash not debit cards what with them leaving a massive bloody great paper trail for law enforcement and everything and just got a blank stare.

    If you walk in with cash they don’t ask for any ID 🙄

    I also agree with the OP that “data protection” is very much a phrase like “health and safety” that’s quoted by people to justify bureaucracy without any thought. Like when your bank or credit card company cancel your card and tell you it’s due to “suspicious activity”, but won’t reveal what that activity is “due to data protection”. You’d think knowing would be quite important to prevent it happening again, I reckon the real reason is fear of being sued for defamation if it turned out to be a legit transaction.

    Premier Icon mikewsmith
    Subscriber

    try getting foreign currency from the post office using a debit card. They need photo ID. I asked why, she said “money laundering”. I pointed out that criminals laundering money tend not to use cash not debit cards what with it leaving a massive bloody great paper trail for law enforcement and everything and just got a blank stare.

    I quite like idea that somebody wants to check that the debit card I’m using to get a heap of clean cash foreign currency actually belongs to the person using it. I’d start that one with common sense

    I quite like idea that somebody wants to check that the debit card I’m using to get a heap of clean cash foreign currency actually belongs to the person using it. I’d start that one with common sense

    which is exactly my point – they’re claiming it’s “money laundering” which it’s not. I could walk in there with a wodge of cash gained from dealing drugs and turn it into euros and they’d have no idea who I was. If they’d said “to prevent fraudulent use of potentially stolen cards” I’d have agreed with them. Except given I have to put a PIN number in to use the debit card, I could thwart that whole process by using the card in an ATM, drawing out cash, and then getting the cash exchanged.

    As a police detective I investigate money laundering and fraud offences, which is why I was curious to their rationale when I’ve previously exchanged currency with no questions (and for example tried to investigate burglaries where the offenders have changed stolen foreign currency). I also get daily quotes of “data protection” from people/businesses who don’t know what it means or why they’re saying it.

    km79
    Member

    Your first mistake was dealing with Arnold Clark. Your second mistake was thinking they will give a shit about your complaint.

    Premier Icon jamj1974
    Subscriber

    As a police detective I investigate money laundering and fraud offences, which is why I was curious to their rationale when I’ve previously exchanged currency with no questions (and for example tried to investigate burglaries where the offenders have changed stolen foreign currency). I also get daily quotes of “data protection” from people/businesses who don’t know what it means or why they’re saying it.

    Rookie mistake. You are not meant to state an opinion – when it is based on firm knowledge and depth of experience…

    P-Jay
    Member

    Whilst they’re probably using at as an excuse, they are at least partly right that they’re not able to discuss your wife’s business with you. With most decent places they know need to speak to your wife once to confirm they can talk to you about it and your sorted, but they don’t have to. The legislation doesn’t have any allowances for “car dealer being a dick about my Wife’s car” in fact spouses dealing with each other’s affairs was a bit of a hot topic, after all the one time normal decent human beings are at their most bitter, most reckless and most divious is when a relationship breaks down – would you want your seperated by not yet divorced ex-partner having total access to any and all of your business? To avoid loopholes the legislation is far reaching and simple – of it’s not your data, you can’t access it.

    As for the Post Office and money laundering – “daft rules” are often in direct response to a threat or former loophole. No one a customer will actually speak to will have a clue why that particular rule is in place, because when “I know all about money laundering” coming in arguing they’ll say why, once the info is in the public domain it becomes another tool for the fraudsters to try to over-come the defences. I suspect it’s actually there to stop thieves who might have learned the PIN buy a huge pile of cash (more than ATM limits) and then change it back – but the poor counter worker won’t have a clue.

    Premier Icon grumpysculler
    Subscriber

    Anyway, cut to the chase. I sent a long letter with my complaints. And the first response back was that they can’t deal with me due to data protection laws. They need to talk to my wife. I know this is a poor reason to get pissed off, but it really has wound me up.

    You have no contract with Arnold Clark. Without her permission, you aren’t entitled to her personal data. They are probably just being knobs because they are Arnold Clark, but they do have a (small) point here.

    When asked multiple ‘security’ questions I now ask why; the response is always ‘data protection’; I then ask which specific section and clause of the DPA requires the verification of this information.

    Response is, invariably, ‘…..well, we need to confirm your identity’; fair enough but your multiple questions are unnecessary and you have been unable to refer me to the specific section of the DPA.

    Principle 7 is what you are looking for. The process you went through will be their interpretation of what is required to adhere to that principle.

    Data protection, as with H&S, is often used as a scapegoat by those that don’t actually know what they are talking about. They are both actually very good and important bits of law though!

    fanatic278
    Member

    To be clear: I wasn’t asking Arnold Clark to reveal any of my wife’s data. In fact, the only personal data they have of my wife is her name, address and car registration number. This is data I revealed to them in my complaint letter.

    It is possibly fair enough that for their own internal policy reasons they prefer to deal with the person named on the sale invoice. But please don’t hide behind data protection laws. I’ve spent a few minutes on the gov.uk website and there appears to be nothing in there in relation to dealing with spouses during consumer complaints.

    As it happens, as requested in their response, I sent them an email from my wife’s email address giving authority to deal with me. Of course, this was a pointless step as 1) I wrote the email for her, 2) my wife’s email address doesn’t confirm her identity (it’s her maiden name in the address).

    Premier Icon genesiscore502011
    Subscriber

    The post office situation transactions above could be a form of layering.

    Premier Icon molgrips
    Subscriber

    Like when your bank or credit card company cancel your card and tell you it’s due to “suspicious activity”, but won’t reveal what that activity is “due to data protection”. You’d think knowing would be quite important to prevent it happening again,

    Also quite important for criminals not to know, otherwise they would know how to work around it.

    As for the money laundering, the authorities and the criminals probably know more about how it works than we do. I suspect they would not introduce an extra step for their employees without a reason.

    oldmanmtb
    Member

    Very Daily Mail, us data Nazis keep you safe…..

    project
    Member

    This week made a complaint to tesco a product had risen by a quarter or 25 %of its price increase, they wanted a clubcard number, phone number name and address, thye couldnt just use a first name or email which is all i had form them.
    Then a few weeks ago a utility company wanted my date of birth to authenticate my account, it didnt matter i head never told them it, and the one i gave them this time was not on record,they soon found that out, so they just asked a lot of other silly security questions all to tell them id paid the damm bill yesterday.

    Premier Icon john
    Subscriber

    I’ve spent a few minutes on the gov.uk website and there appears to be nothing in there in relation to dealing with spouses during consumer complaints.

    No, but there wouldn’t be. They can’t share personal data, or use it themselves, without consent of the subject. There aren’t really any exceptions, for good reasons. Also bear in mind that even not obviously personal data can be useful if it links up other data or allows re-identification of anonymized data from a different source.

    wilburt
    Member

    Was it click and collect at the Post Office?
    It may be a policy to stop them giving out cash to wrong person? Just a thought. I use Tesco and have never been asked for ID.

    Regards DPA I’m OK with geniune application of the rules. There needed for good reason and there is new stronger legislation due in 2019.

    It increases the responsibility on anyone who holds your data to keep it even more secure. Its an EU directive and due after we leave but we have already agreed to follow the same rules.

    fanatic278
    Member

    Also bear in mind that even not obviously personal data can be useful if it links up other data or allows re-identification of anonymized data from a different source.

    What personal data do they have on my wife that they have to release to me to deal with a car servicing complaint? I think this sort of stretching of the interpretation of the law is what has made life so hard for couples to deal with day to day matters. Also bear in mind, even if we could think up of some legitimate piece of personal data, the fact remains they have failed to protect it since their procedure easily allows me to pretend to be my wife.

    Premier Icon iainc
    Subscriber

    If you google customer care for the retailer in question you’ll realise that you are just receiving one of many of their fob offs.

    Premier Icon jimdubleyou
    Subscriber

    Next time they say that, ask them who their data controller is, then send him / her a complaint letter.

    They are probably in breach of one of the principles somewhere…

    Premier Icon prettygreenparrot
    Subscriber

    Next time they say that, ask them who their data controller is, then send him / her a complaint letter.

    They are probably in breach of one of the principles somewhere…

    It’d be a bonus point for them if they can name their data controller. All companies handling personally identifiable information need a data controller and yet they seem invisible in many organisations.

    Sorry OP, their officious style is in keeping with data protection legislation as a few have said. The company can only deal with the data subject. However, provided you tell them you are the subject and can pass their tests there is no reason that they cannot deal with you. Your voice might be gruff and your beard brush against the phone but you might well be ‘Wendy fanatic278’. However, if you were not the data subject then you have committed a crime.

    Having dealt with data privacy, sharing, governance, and integrity for a number of years, it still surprised me when folks had a poor grasp of the needs and implications of UK legislation alone, ignoring that of other territories. Just wait until the GDPR applies. While for companies with a clue it makes little difference for those others it will be…tricky.

    iffoverload
    Member

    OP sorry that you have to deal with that crap non-service.

    re data protection, don’t think any data held about you for your “protection” or anything else is anything less that a risk to your personal informaation getting into the wrong hands.

    http://thehackernews.com/2017/09/equifax-data-breach.html

    this will never stop and the victim is allways the customer

    fanatic278
    Member

    As a conclusion to this.

    Arnold Clark phoned my wife today (not me) to explain the outcome of their ‘investigation’. Thankfully I was nearby, so she passed the phone over.

    In two words: fobbed off.

    Just spoke to some young call handler who repeated a script she had in front of her. No apology even. I didn’t want to go too harsh on her as underneath it all I somehow sensed she really didn’t enjoy going through this. Must be the worst job having to pretend to be an Arnold Clark customer services rep.

    doris5000
    Member

    You are a large company, which keeps costs down by employing customer services staff in call centres on minimum wage.

    You wish to avoid getting a big fine for any DPA breach. Do you

    a) tell them never to discuss anything with anyone other than the account holder, just to be on the safe side?

    b) train them all up on the DPA 1998 and subsequent amendments, allowing them to use their discretion as to what may or may not constitute a data protection breach in any given situation? Bear in mind that if they get it wrong and someone scams them, you’ll be the one paying the bill and going on the Today Programme to explain how you let this happen

    😉

    drlex
    Member

    there is new stronger legislation due in 2019.

    Actually takes effect in May 2018- GDPR.
    As a DPO, I’m thrilled, I tells ya, thrilled.

    tinybits
    Member

    On a total side issue, I used to park my car in Bath in the car park next to the police station that has an underground part. This was right next to the parking for bath police station (logic being that the CCTV trained over the police car park and therefore my car made it one of the safer parking places overnight in Bath) so i used to park up against that side of the car park, hop over the thigh height dividing wall and walk up the ramp that the police employees used to get to my house on North Parade.
    I dropped my wallet as I did this one night, found by kind Mr Plod on the way out from night shift. Apparently both the Bank and the AA (both cards in my wallet) had refused to give my mobile number over to enable them to give me a call to let me know! Lucky, the local video rental place was kind enough to do so. Even the Police get fobbed off “with Data protection, init”!

    fanatic278
    Member

    fanatic278 – Member
    As a conclusion to this.

    Arnold Clark phoned my wife today (not me) to explain the outcome of their ‘investigation’. Thankfully I was nearby, so she passed the phone over.

    In two words: fobbed off.

    Just spoke to some young call handler who repeated a script she had in front of her. No apology even. I didn’t want to go too harsh on her as underneath it all I somehow sensed she really didn’t enjoy going through this. Must be the worst job having to pretend to be an Arnold Clark customer services rep.

    Just to clarify my above post. My complaint regarding Arnold Clark’s shoddy services over the last 3 years was fobbed off. I never mentioned anything about data protection.

    DO NOT BUY A CAR FROM ARNOLD CLARK – PARTICULARLY ABERDEEN

    Premier Icon Cougar
    Subscriber

    I’ve only just seen this thread but would’ve said exactly what Doris just said. The customer services types will have been told “only deal with the account holder because of the DPA” end of, they’re not empowered to decide where and when it applies as if they get it wrong they could be in hot water.

    Apparently both the Bank and the AA (both cards in my wallet) had refused to give my mobile number over to enable them to give me a call to let me know!

    And rightly so. What they should’ve done ideally is contacted you to pass the message on rather than give out personal details to “Inspector Smith of Bath Police, honest guv.” The video store have just breached the Data Protection act by giving your details out to a complete stranger.

    Premier Icon grumpysculler
    Subscriber

    While for companies with a clue it makes little difference for those others it will be…tricky.

    Even for some who were behaving, it will cause headaches.

    I’ve heard of a couple of charities (including at least one large national one) who have purged their donors database because the original consents, as acceptable as they were at the time, were not GDPR compliant.

    Every so often, I see a web form and think “that isn’t GDPR compliant” and wonder what will happen. pre-ticked boxes, grouped or mandatory consents, that sort of stuff. Not sorted yet and less than a year away…

Viewing 32 posts - 1 through 32 (of 32 total)

You must be logged in to reply to this topic.