Dear List members,
I'm getting increasingly concerned by the number of Subject Access Requests
we receive from third party's with our customer's consent/authority.
Not because of the admin involved or the reasons for the requests but for a
couple of simple facts:
1) They always supply two proofs of ID/Address for the customer, which often
contains significant amounts of personal data which we don't need such as
credit card numbers, passport and driving licence details etc.
2)When they send them, their own documentation states that these must be
less than 3 months old, but obviously, the above proofs particulalry a Driving
Licence or a Passport are always more than three months old.
What I interested in hearing from list members is, why are all these companies
sending through the same information, i.e. two proofs? I am not aware of any
requirement to provide these proofs. We don't need these and I am not happy
storing such proofs for no valid reason which such information attached.
Just in case anyone raises a concern, we do take steps to ensure that is is
actually our customer that has signed the authority requesting that we
release information to the third party but not via these proofs, which only add
to the "proof" merely by the third party being in posession of the documents.
I'd be interested if someone can explain to me why these are sent or provide
some regulatory section explaining this?
Clare
DPO, FCE Bank plc.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|