We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

DSAR data breach

Options
Have recently received DSAR back from BM Savings and there appears to be a mix up with another customer within the Contact Log records. The logs show various entries, discussions and personal details (name, address, monetary amounts etc) of this other customer and there is also a later entry relating to an 'incorrect file'.

I am going to make a formal complaint to BM Savings as clearly there has been some kind of error or failure to adhere to protocol in properly reviewing what has been sent to me - i.e. these entries should have been redacted - but there must also be a possibility that my data / file has been mixed up with this other customer and thus that some of my data could be accessed by him if he was to do a DSAR.

Anyhow, just wanted to see if anyone else here has had a similar type of situation before when doing a DSAR and if so how it was resolved?

Thanks.

Comments

  • tg99 wrote: »
    Have recently received DSAR back from BM Savings and there appears to be a mix up with another customer within the Contact Log records. The logs show various entries, discussions and personal details (name, address, monetary amounts etc) of this other customer and there is also a later entry relating to an 'incorrect file'.

    I am going to make a formal complaint to BM Savings as clearly there has been some kind of error or failure to adhere to protocol in properly reviewing what has been sent to me - i.e. these entries should have been redacted - but there must also be a possibility that my data / file has been mixed up with this other customer and thus that some of my data could be accessed by him if he was to do a DSAR.

    Anyhow, just wanted to see if anyone else here has had a similar type of situation before when doing a DSAR and if so how it was resolved?

    Thanks.


    Threaten them with reporting to the ICO unless they give you a timely and satisfactory explanation. It may also prompt them to offer some compo, but don't accept a derisory amount. Data breaches are serious, so maybe think about £100 minimum.
  • eskbanker
    eskbanker Posts: 37,126 Forumite
    Part of the Furniture 10,000 Posts Name Dropper Photogenic
    Personally I'd be more interested in them correcting the errors rather than explaining them! It's not unreasonable for you to demand that they remedy this and provide meaningful assurances and/or proof that they've done so and that there's no risk of your data being released to a third party. As above, some ex gratia payment may be forthcoming but I imagine (hope) that this is secondary to actual resolution....
  • tg99
    tg99 Posts: 1,248 Forumite
    Tenth Anniversary 1,000 Posts Name Dropper
    Thanks both, and for the tip re the ICO GingerBob. What I know for sure is that the other customer's data has been breached but I shall definitely be requesting that BM confirm in writing to me that there has (hopefully) not been any breach of my own as not aware of any other method I can get this confirmed.
  • The explanation will almost certainly be an error by low paid personnel.

    They won't be able to give a cast iron guarantee of perfection but should be able to fix the error.

    They won't care about the ICO.

    I'd specifically request "A thorough review of the cause of the error, appropriate and complete corrective action and consideration of an ex-gratia payment in excess of £250".
  • GingerBob wrote: »
    Threaten them with reporting to the ICO unless they give you a timely and satisfactory explanation. It may also prompt them to offer some compo, but don't accept a derisory amount. Data breaches are serious, so maybe think about £100 minimum.

    There's no evidence the OP has been the victim of a data breach.
    DEBT FREE!

    Debt free by Xmas 2014: £3555.67/£4805.67 (73.99%)
    Debt free by Xmas 2015: £1250/£1250 (100.00%)
  • EssexExile
    EssexExile Posts: 6,458 Forumite
    Tenth Anniversary 1,000 Posts Name Dropper Photogenic
    There's no evidence the OP has been the victim of a data breach.
    That's what I couldn't understand - compensation for what?
    Tall, dark & handsome. Well two out of three ain't bad.
  • tg99
    tg99 Posts: 1,248 Forumite
    Tenth Anniversary 1,000 Posts Name Dropper
    There's no evidence the OP has been the victim of a data breach.

    Agreed, it's the other customer whose data I know has been breached given I can see it. What I don't yet know is whether mine has been breached also e.g. if his and my files got mixed up at some point, which is what I will be seeking answers on in my complaint.
  • tg99
    tg99 Posts: 1,248 Forumite
    Tenth Anniversary 1,000 Posts Name Dropper
    EssexExile wrote: »
    That's what I couldn't understand - compensation for what?

    That my data file is erroneous, the inconvenience of having to write in to them and complain in order to get it corrected for starters.
  • tg99
    tg99 Posts: 1,248 Forumite
    Tenth Anniversary 1,000 Posts Name Dropper
    So spoke to BM today having emailed in a complaint yesterday. Have carried out 'internal investigations' and have stated that my data has not been breached but acknowledge the other customer's has. £120 to compensate for the inconvenience and worry (would have been higher if my own data had been breached).
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 351K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.6K Spending & Discounts
  • 244K Work, Benefits & Business
  • 598.9K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.3K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.