Paul
I don't know details of names, etc, but I think the case you are referring
to went something like this:
An employee of a financial institution phoned a customer's home about
mortgage arrears. The employee asked the person who answered "Are you Mrs
Smith (say)?". On receiving the answer "yes", the employee then started to
go into details about the mortgage, until Mrs Smith said "Hold on, I think
the person you want is my sister-in-law." The sister-in-law was
understandably upset that her personal details had been revealed to the
other Mrs Smith and complained to the DP Registrar, who investigated and (I
believe) a prosecution followed. The employee was subsequently dismissed for
breaching the company's security code.
This was reported to me by one of our fraud investigation people, who heard
it at an IRRV conference, and was concerned that his staff could find
themselves in a similar situation. My colleague is trying to find out
chapter and verse on the case - I will let you know if I can find out any
more.
Regards
Stuart
-----Original Message-----
From: Paul Simpkins [mailto:[log in to unmask]]
Sent: 07/02/2001 12:19
To: [log in to unmask]
Subject: phone messages
I am writing to ask if you have any details about a fairly recent case,
believed to be last summer, in which action under the DPA was taken against
a woman for revealing confidential information to the relatives of her
firm's clients when answering and dealing with telephone calls. One of our
section managers, who deals with rent arrears, saw this case and has since
instructed her staff that they should only give their name and direct
telephone number when leaving a telephone message for a client on the
grounds that giving the name of the organisation and section could indicate
that the client was being contacted about rent arrears, which is
confidential information. This is not in line with our customer care policy
and the problem needs to be addressed. Our manager does not have any further
details of the case so any information that you could let me have about it
would be very helpful.
Paul Simpkins
Data Protection Compliance Officer
City of Bradford MDC
01274-753500
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|