Everything Everywhere/Orange/Talk Mobile and the Data Protection Act

redpete

andy_k wrote: »

according to several experienced call handlers/call centre supervisors I have sopken to the moment the call handler confirms that the answer to a security question is either correct or incorrect they are in breach of the DPA to disclose this information to a third party (no matter who they are) is in most companies a sackable offence as it is 100% against the law

I stand corrected, although by default successfully getting through the security questions is confirming that the answers were correct.

I still think the more serious problem is that the operator used the questions to confirm that someone other than the account holder knew the answers rather than (as is surely the point of the questions) confirming that they were talking to the account holder. I would concentrate on this rather than bringing in the DPA as the major problem.

andy_k

redpete wrote: »

I stand corrected, although by default successfully getting through the security questions is confirming that the answers were correct.

I still think the more serious problem is that the operator used the questions to confirm that someone other than the account holder knew the answers rather than (as is surely the point of the questions) confirming that they were talking to the account holder. I would concentrate on this rather than bringing in the DPA as the major problem.

I see what you are saying but from what we have been told (again from very experienced call handlers) that the only thing that will get any action whatsoever from the ICO is a clear breach of the DPA. Once that has been established they will then deal with the consequences. It's a bit of a minefield really and no doubt Orange will fight it all the way but so far we have enough information to make their live's a little less comfortable