We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
DSAR data breach
Options

tg99
Posts: 1,248 Forumite

Have recently received DSAR back from BM Savings and there appears to be a mix up with another customer within the Contact Log records. The logs show various entries, discussions and personal details (name, address, monetary amounts etc) of this other customer and there is also a later entry relating to an 'incorrect file'.
I am going to make a formal complaint to BM Savings as clearly there has been some kind of error or failure to adhere to protocol in properly reviewing what has been sent to me - i.e. these entries should have been redacted - but there must also be a possibility that my data / file has been mixed up with this other customer and thus that some of my data could be accessed by him if he was to do a DSAR.
Anyhow, just wanted to see if anyone else here has had a similar type of situation before when doing a DSAR and if so how it was resolved?
Thanks.
I am going to make a formal complaint to BM Savings as clearly there has been some kind of error or failure to adhere to protocol in properly reviewing what has been sent to me - i.e. these entries should have been redacted - but there must also be a possibility that my data / file has been mixed up with this other customer and thus that some of my data could be accessed by him if he was to do a DSAR.
Anyhow, just wanted to see if anyone else here has had a similar type of situation before when doing a DSAR and if so how it was resolved?
Thanks.
0
Comments
-
Have recently received DSAR back from BM Savings and there appears to be a mix up with another customer within the Contact Log records. The logs show various entries, discussions and personal details (name, address, monetary amounts etc) of this other customer and there is also a later entry relating to an 'incorrect file'.
I am going to make a formal complaint to BM Savings as clearly there has been some kind of error or failure to adhere to protocol in properly reviewing what has been sent to me - i.e. these entries should have been redacted - but there must also be a possibility that my data / file has been mixed up with this other customer and thus that some of my data could be accessed by him if he was to do a DSAR.
Anyhow, just wanted to see if anyone else here has had a similar type of situation before when doing a DSAR and if so how it was resolved?
Thanks.
Threaten them with reporting to the ICO unless they give you a timely and satisfactory explanation. It may also prompt them to offer some compo, but don't accept a derisory amount. Data breaches are serious, so maybe think about £100 minimum.0 -
Personally I'd be more interested in them correcting the errors rather than explaining them! It's not unreasonable for you to demand that they remedy this and provide meaningful assurances and/or proof that they've done so and that there's no risk of your data being released to a third party. As above, some ex gratia payment may be forthcoming but I imagine (hope) that this is secondary to actual resolution....0
-
Thanks both, and for the tip re the ICO GingerBob. What I know for sure is that the other customer's data has been breached but I shall definitely be requesting that BM confirm in writing to me that there has (hopefully) not been any breach of my own as not aware of any other method I can get this confirmed.0
-
The explanation will almost certainly be an error by low paid personnel.
They won't be able to give a cast iron guarantee of perfection but should be able to fix the error.
They won't care about the ICO.
I'd specifically request "A thorough review of the cause of the error, appropriate and complete corrective action and consideration of an ex-gratia payment in excess of £250".0 -
Threaten them with reporting to the ICO unless they give you a timely and satisfactory explanation. It may also prompt them to offer some compo, but don't accept a derisory amount. Data breaches are serious, so maybe think about £100 minimum.
There's no evidence the OP has been the victim of a data breach.DEBT FREE!
Debt free by Xmas 2014: £3555.67/£4805.67 (73.99%)
Debt free by Xmas 2015: £1250/£1250 (100.00%)0 -
GingerFurball wrote: »There's no evidence the OP has been the victim of a data breach.Tall, dark & handsome. Well two out of three ain't bad.0
-
GingerFurball wrote: »There's no evidence the OP has been the victim of a data breach.
Agreed, it's the other customer whose data I know has been breached given I can see it. What I don't yet know is whether mine has been breached also e.g. if his and my files got mixed up at some point, which is what I will be seeking answers on in my complaint.0 -
EssexExile wrote: »That's what I couldn't understand - compensation for what?
That my data file is erroneous, the inconvenience of having to write in to them and complain in order to get it corrected for starters.0 -
So spoke to BM today having emailed in a complaint yesterday. Have carried out 'internal investigations' and have stated that my data has not been breached but acknowledge the other customer's has. £120 to compensate for the inconvenience and worry (would have been higher if my own data had been breached).0
This discussion has been closed.
Confirm your email address to Create Threads and Reply

Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards