Jump to content

Recommended Posts

3 minutes ago, manxman1980 said:

@Declan If you go back to 2bees original post she has dismissed the data breach as a "mistake" and that her Dad expected an apology from the retailer involved and as far as she is concerned that solved the problem.

 

Grow up.  I did  read her original  post and paraphrased it in mine. The reality from her perspective it is job done, it's not the customer's responsibility to micromanage the company's compliance processes.

  • Like 1
Link to post
Share on other sites
  • Replies 69
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

I thought the same but then I realised I had just got old...  

No because x-in-man doesn't want them to know what he bought from Love Honey.

Yes.

Posted Images

16 minutes ago, Declan said:

Grow up.  I did  read her original  post and paraphrased it in mine. The reality from her perspective it is job done, it's not the customer's responsibility to micromanage the company's compliance processes.

I am not saying it is.  I am saying that we should not just casually dismiss personal data breaches as accidents and just accept an apology. 

Link to post
Share on other sites
33 minutes ago, Declan said:

So what more is the customer supposed to do?

Report to the information commissioner, although they should be self reporting.

  • Like 2
Link to post
Share on other sites
1 minute ago, John Wright said:

Report to the information commissioner, although they should be self reporting.

Only an compo-faced psychopath would do that. If the issue was simply including two letter in the same envelope or similar admin issue. If you don't trust the firm to self-report why are you doing business with them?

  • Like 1
Link to post
Share on other sites
1 minute ago, Declan said:

Only an compo-faced psychopath would do that. If the issue was simply including two letter in the same envelope or similar admin issue. If you don't trust the firm to self-report why are you doing business with them?

I wasn’t thinking of compo. Does the info commissioner have power to award? Will the firm self report?

Complaing at Curry’s on Island, about a GDPR breach that probably happened at their off Island repair facility, won’t get near head office Data Officer.

Link to post
Share on other sites
15 minutes ago, Declan said:

Only an compo-faced psychopath would do that. If the issue was simply including two letter in the same envelope or similar admin issue. If you don't trust the firm to self-report why are you doing business with them?

The chances are the person who you reported the issue to isn't thinking about GDPR.  It would be interesting to know who 2bees Dad contacted.  Was it the local store? a call centre?

Checking Curry's website and their Privacy Policy they have a facility to contact them regarding personal data;

https://www.currys.co.uk/gbuk/help-and-services/privacy-and-cookies-41-commercial.html?tab=3

As John says if the matter is not reported directly via their formal processes or to the Information Commissioner then the chances are it will never get any further and the problem will not be rectified. 

  • Like 1
Link to post
Share on other sites

I would expect Curry's to have a complaints process that captures a complaint for root cause analysis / MI and staff in their call centres and branches to be able to capture complaints without putting customers through the extra-hassle of form filling or putting the matter in writing. And that complaint process would trigger the necessary actions,including the reporting.

Link to post
Share on other sites

You need to learn how big organisations work.

I know of at least one who will not treat a complaint as being such unless the word "complaint" is specifically mentioned in written correspondence to them.  Anything else is treated as feedback and no action taken.

Link to post
Share on other sites
11 minutes ago, manxman1980 said:

You need to learn how big organisations work.

I know of at least one who will not treat a complaint as being such unless the word "complaint" is specifically mentioned in written correspondence to them.  Anything else is treated as feedback and no action taken.

That's not my experience of big organisations, and pretty shoddy practice if true. I wouldn't do business with a firm that was happy to take  my money face to face or by phone but required a written formal complaint to act on an expression of dissatisfaction - especially where an error has obviously occurred.

But it comes back to the point that it's not thebees's Dad's responsibility to make the firm meet it's responsibilities. And to expect more of him than reporting this issue to the firm is a path to a morally degraded society where Anne Robinson clones run riot.

Link to post
Share on other sites

I won't name the company but it is true and it is a massive multinational that I can almost 100% guarantee you have had some form of transaction with during your life.

On the point about reporting personal data breaches we will just have to agree to disagree.  While there is no legal responsibility on the customer to report the breach I would argue that there is a moral responsibility in order to prevent further accidental releases of personal data.

Link to post
Share on other sites

All GDPR rules seem to have gone out the window this last year anyway, I dread to think how much personal information is probably sat on people’s desks/dining tables during these working from home lockdowns with the whole family potentially having access. That said, just because one person thinks this GDPR breach is something of a trivial matter, it doesn’t make it any less of a breach.

We’re lucky to live on an island where the risk of any theft is low, I wouldn’t be happy with 4 of my neighbours knowing I’ve just had my £3000 MacBook repaired if I lived in certain areas of the UK. I personally equate it to being overcharged in a shop, yes it’s a mistake, yes it’s annoying but if it happens continually then it suggests a problem exists due to poor management/leadership rather than a simple case of human error.

Link to post
Share on other sites
4 minutes ago, Annoymouse said:

 That said, just because one person thinks this GDPR breach is something of a trivial matter, it doesn’t make it any less of a breach.

 

I'm not saying it's trivial, I'm saying the customer's responsibility is to report it the firm. It shouldn't rely on the customer's tenaciousness for the matter to be reported. 

Link to post
Share on other sites
28 minutes ago, Annoymouse said:

All GDPR rules seem to have gone out the window this last year anyway, I dread to think how much personal information is probably sat on people’s desks/dining tables during these working from home lockdowns with the whole family potentially having access. That said, just because one person thinks this GDPR breach is something of a trivial matter, it doesn’t make it any less of a breach.

We’re lucky to live on an island where the risk of any theft is low, I wouldn’t be happy with 4 of my neighbours knowing I’ve just had my £3000 MacBook repaired if I lived in certain areas of the UK. I personally equate it to being overcharged in a shop, yes it’s a mistake, yes it’s annoying but if it happens continually then it suggests a problem exists due to poor management/leadership rather than a simple case of human error.

The biggest risk to data during the lockdown isn't so much physical files being sat on the dining table but more the use of unsecured networks for transmitting/receiving data and the use of personal laptops/PC's for working rather than company supplied equipment.

22 minutes ago, Declan said:

I'm not saying it's trivial, I'm saying the customer's responsibility is to report it the firm. It shouldn't rely on the customer's tenaciousness for the matter to be reported. 

I can understand where you are coming from but as Annoymouse has highlighted if you are over charged by a retailer then it is the customer who has to take action to get the problem rectified.  If you receive the wrong goods it is the customer who has to take action.

The difference as I see it is that with these "trivial" GDPR breaches you as the customer have not lost any money (as far as you know) and you won't pursue it any further than informing the company.  If you lost money because of a data breach - e.g. your bank "accidently" shares your account details or is hacked then I am pretty sure you would be straight in contact with the bank and the relevant authorities.  You certainly wouldn't shrug your shoulders and say "accidents happen".

Link to post
Share on other sites
5 hours ago, John Wright said:

Report to the information commissioner, although they should be self reporting.

It's this kind of British over-adherence to the letter or every little rule which ultimately results in rubbish like Brexit.

 

  • Like 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    No registered users viewing this page.


×
×
  • Create New...