Calls by the Information Commissioner for organisations to stop hiding behind the Data Protection Act (DPA) fell on deaf ears this week as Marks and Spencers insisted on a seven-year-old giving official permission before an operator could talk to his mum. The Information Commissioner’s initiative was timed to coincide with the …
"because of 'data protection laws'."
Jesus H Christ, what is wrong with these morons. Are these the same data protection laws that prevented the examiner giving reasons as to why my work colleague's son failed his driving test? Yup, they wouldn't tell him or his driving instructor why he failed his driving test because of 'data protection laws'.
Idiots in control
WTF does that operator think - the boy bought the suit as a secret surpise for himself?
Please, please, please stop using the DPA as a cudgel to beat people senseless with idiotic suggestions that people cannot talk about stuff cos of DPA. If you come across this, please throw the person out of the window (if on first floor, take stairs to achieve useful height)
"a gold mine for lawyers "
Sums it all up, really!
I remember this...
When I was involved in a car accident and was in a coma. My Mum was sorting things out so my bills continued to be paid (I always take out cover for this sort of thing).
The credit card company was a pain. My mum was on the phone to them for 4-5 hours until they finally sorted it out.
The reason? We need to talk to your son before we can do anything. They would not accept the fact that I was in a coma meant I could not come to the phone but that my bills still needed paying.
In contrast the car insurance were no problem at all and helped my Mum to sort out everything and I had money for a new car waiting when I got out of hospital.
good old daily mail.
I find it quite funny in a bizarre sort of uncomfortable ironic way.
The mail story made me laugh though,
the M&S operative even admitted "he had even had to speak to a four-year-old before."
yet M&S say "It was a one-off human error" ... sounds more like at least a two-off to me.
Perhaps they need fire this idiot and employ some people who have at least one brain cell? At least we know what gordon clown's next job won't be.
The kid is 7
By law he s too young to give consent!
One must be 16 to give consent to anything
I wish I could get a free Hulk outfit every time a call centre pisses me off.
What's good for the goose...
Why is OK for the police to use laws for purposes they were never intened for, such as using terrorist laws to spy on dog owners and give teenages criminal records for having a fake ID so they can by a bottle of cheap cider. Yet it's wrong when companies use the DPA for purposes it was never intended for?
I don't agree with the misuse of the DPA, but laws are being misused all over the place
Paris, because if she used the DPA, there'd be nothing worth watching on the Web!
Better not buy any nappies from M&S or you could be waiting till your kid learns to talk before you get any customer service.
Lack of civil rights
This wouldn't happen in the US; because the little lad's mum would reach for the nearest lawyer who would promptly bill M&S a fortune for violating the boy's constitutional rights. But in this country, only the rich and pressure groups have any access to the law. Consequently it doesn't matter what legal rights we might or might not have; none of us have any means to enforce them. We must plead with some petty official to protect us, and they mostly can't be bothered.
We need a way to enforce our rights. Empower us, not officialdom.
Call centers as useless
I am not surprised this sort of things happens, I am only surprised it is not reported as often. I opened a savings account for my new baby daughter and proved her date of birth etc as you usually do. About a week later the phone rings from the bank asking to speak to my daugter. Eventually I found out she was calling to offer my girl car insurance!
Paris as even she can read date of birthday!
Par for the course
My wife received her first statement for a HSBC credit card last week but hadn't received the card. A simple matter of calling up and telling them it hadn't arrived.
Unfortunately not. It took 4 people over 20 minutes to sort out something this simple. First of all they wanted to card number, something she couldn't give as she has never had the card. Then they wanted they last couple of transactions, of which there weren't any as she has never had the card. And so it went on. And on and on.
She's never called them before so has no telephone banking password set up, not accessed her account via the internet, so has no internet password set up.
How can major organisations get things so wrong?
Not just overpriced stupidity
But M&S overpriced stupidity
Paris .. even she gave up on M&S and its dumb ads
Vodafone are just as bad
I rang Voda as I needed a phone number retrieving from a past bill - as I had deleted it but knew I had rang it at a certain date and time.
When I got through, I authenticated myself with the usual PIN number, account details etc. I was then told I couldn't have the number off my own bill, as it was against Data Protection. When I tried to explain that I obviously was who I said I was because I authenticated myself, the call center monkey just said "sorry, I'm not willing to break the law for you".
I'm outraged that M&S could use such an obviously insecure method of confirming identity. The caller could have asked any 7-year-old to answer the questions! They should have asked him to do an RSA signing operation (in his head) using his secret key!
<remove tongue from cheek>
As long as a package arrived, they didn't need the identity, or to confirm the identity. They only needed two questions:
"What's the tracking number on the label?"
"We're sending it now, have a nice day."
You linked to a picture of a 7-year-old in his birthday suit!
Some examples of such idiocy...
This reminds me of some stuff that I have come across...
Worked for a charity for Deaf People, and some of the interpreters would help when a Deaf client gets a nasty letter from their bank.
The number of times that the bank asked to talk to the Deaf client was mad - but we only need to ask their permission...
Orange and my 14 year old
I had a case when my son changed his phone. The operator wanted to check his details, so I put him on. Of the 5 questions he was asked, 4 of them he turned to me to ask the answer.
He also had problems understanding her as she had a strong French accent. (I thoought she sounded lovely!)
Better safe than sacked?
Look at it from the view of the call centre workers for a second here - obviously this was a case of taking it way too far, but generally you'll get chewed out or stuck in a disciplinary if any call you're monitored on shows any deviation at all from standard DPA policy.
As you've probably guess I am one of these workers (tech support), and I've usually been able to work around the restriction by giving out general advice (i.e. nothing involving any account access etc) but the whole DPA thing is drilled into us because the companies are so scared of ending up in court (or worse in the press) about a breach.
Ultimately it's one of those tricky balances, but in todays legal climate who isn't going to err on the side of caution?
Why are people afraid of data protection laws anyway ?
The Information Commision Office has the job of shielding big business from public complaints. Look at how it is covering up for BT over Phorm,
One might as well complain to a company's PR department as the ICO
Reminds me of my loan at Harvey Norman..
Sitting in my office, niece day outside, getting through the day's work.. and a phone call on my mobile comes in (unregistered number of course).
"Hello, this is Tom, can you confirm your address please?"
"Yes, this is tom from HFC; I need your address to confirm your identity."
Yeah, right I'm going to give you my personal details just because you say so. Riiight.
Fast forward a bit, and I get a vaguely threatening letter from HFC with Harvey Norman's invoice. Ok, now it's clear: Harvey Norman's banking facility is HFC.
Go to call them, and I think.. two can play that game.
"Hello, HFC how can I help you"
"Hi, this is your customer can you confirm your address?"
"No, I don't give out personal details over the phone."
Funny thing is, the above is exactly as it happened.
Got my own back!
A few years ago now I had a letter addressed to my Dad who had never lived at the address I was at, at that time, it had his full name and middle initial which I thought wierd. I phoned him and he said I could open the letter, it was from a debt collection agency for a water bill for an address that again he had never lived at.
So I phoned the debt agency asking why I had received this letter and the call centre monkey said "We send out collection letters to everyone of this surname" I asked how they got his name as he had never lived at this address and asked if they could confirm the middle name as it is a rather unusual middle name. They said they couldn't due to the data protection act, (which is a bad thing to say to me) but if I could tell them my Dad's middle name they would be able to confirm if it was meant for him. I replied I cant give you his middle name its against the data protection act, the monkey was rather stumped and after a few seconds of hearing the clockworks working away as they thought of a response I said good bye and hung up.
I urge other people to do the same, its a great feeling of satisfaction.
Re: Vodafone are just as bad.
Maybe you should have said that you weren't you but were working for Hewlett-Packard...........
Many of our laws are so badly written that the general public (to whom they apply, strangely) don't have a clue what they mean. The "laws" that we actually obey are therefore arrived at by a public consensus which attempts to interpret a mixture of hearsay, rumour.and more-or-less uninformed articles in the press about what the actual legal text means for our daily lives.
This mix is, of course, spiced up by self-interested statements from commercial bodies, trade organisations and pressure groups which seek to take advantage of any ambiguity in the law as written - and there is usually plenty of scope - to influence public behaviour to their advantage, or to persuade the public to tolerate some aspect of their own behaviour.
In an ideal world, we'd be able to ask the police or the courts to clarify the law. But the police don't know any more than the public and the courts are too expensive and risky (why would you go to court to clarify whether what you're doing is legal if there's a 50% chance you'll end up in jail?). So we just accept the "consensus" about what's legal and what isn't and get on with it.
Regrettably, the government has little interest in passing clearer laws as they are one of the worst offenders when it comes to imparting spin.
Welcome to "Cover Your Arse" Britain...
Unfortunately all the stories above are just classic examples of CYA which we are seeing more and more in this country :-(
Because we now have the sort of "No Win, No Fee" ambulance chasing litigation which has blighted the USA, laws and safeguards that have been put in place supposedly to protect *us*, the public, are, instead, being abused and exploited by businesses and even Councils and elected officials simply in attempts to excuse themselves from any liability should something go wrong.
In other words, instead of these people and groups actually trying to *help* us, they're going out of their way to *hinder* us and protect themselves.
Imagine the problems you get when a "child" is 16, something we in further education deal with all the time. You get irate parents ringing up asking is their "child" at college. Whats their attendance.
How about you get the estranged father of a child asking for their "child's" address. Whats their attendance, do they still attend.
Its a murky area not helped by the prat at M&S.
Re: Lack of civil rights
"This wouldn't happen in the US; because the little lad's mum would reach for the nearest lawyer who would promptly bill M&S a fortune for violating the boy's constitutional rights. But in this country, only the rich and pressure groups have any access to the law."
Er, you must have been asleep when the compensation culture arrived in the UK. Your remedy here is the same as in the US. Get a no-win no-fee lawyer, and if you can't persuade *any* lawyer that you are likely to win, maybe you aren't.
Civil rights are just a right to take the other guy to court. Always have been.
Why is a 7 year old confirming details?
Why did they already have his identity on their systems? Isn't this where the DPA comes in protection of data held, not on data gathering. They do need his consent to send him marketing but not to talk to him or his representative.
This seems a little bit odd.
@AC "Better safe than sacked?"
"Ultimately it's one of those tricky balances, but in todays legal climate who isn't going to err on the side of caution?"
Today's legal climate is nearly no different from the climate at other times; if anything has changed it's the reporting. So we see big stories about a man suing a supermarket because they delivered a leaflet that caused his dog to try to jump too high and hurt its spine, we never see the follow-up story a few weeks later when a judge laughs the stupid man out of court and saddles him with costs.
Next time you read a newspaper story about data protection or human rights laws, don't forget to pay attention to whether the case has yet been subject to a court hearing related to its facts.
I can see this coming ....
"Jobsworth Day Nursery, how can I help?"
"Hi there, I would like to sign my 9 month old son up to your nursery on Wednesdays and Fridays please"
"I'm sorry madam, due to data protection laws, I am only allowed to speak to your son in connection with his daycare, could you please put him on the phone"
"urrrble awawawh awhhhhh weebleuegghghhg awababbbbaa"
"ok thankyou for confirming your postcode, you can now put your mother back on the phone"
@Reminds me of my loan at Harvey Norman..
I had something a few years ago. A caller (who turned out to be legit) asked for my mother's maiden name. I couldn't get him to understand that there was no way I'd give that sort of info to an unidentified caller.
Mine's the blue one with the red "S" on the back.
Stupid, but needed
Unfortunately, many people only see the, granted in some cases stupid, security checks from their point of view. i.e they are the account holder, and thus why ask me the questions.
However, companies use the strict policies so that you don't end up calling on a regular basis to report misuse of the account. Add to that the number of 'research' companies that call to try and obtain details.
Sometimes it's easier just to impersonate the other person
I knew someone who was the attorney (not a lawyer) of an elderly relative with Alzheimer's. So she was legally empowered to run all her affairs, and in fact she was the only person entitled to sign her cheques for her - that aspect of things worked fine. However, dealing with banks on the phone was always hard work as the call centres didn't seem to be set up to cope with the situation of person X being the only person entitled to operate the account belonging to person Y. So, to save time, sometimes she just pretended to be the person she was representing, and on one occasion she allowed the call centre operator to continue in her belief that this was her own account, and her name was "Ms Attorney".
Children can give consent
That's not true, a child under 16 can give consent, provided it is to a contract of a type normally entered into by a child in his or her circumstances. For example a ten year old living on a remote Scottish island could enter a contract of carriage to the main land, although a child living in London probably could not. They simply do not have full contractual capacity as an adult would.
If children couldn't give consent they wouldn't be allowed to ride buses, buy Mars bars or go to the cinema on their own. All of these are contracts, and all require some form of offer and acceptance.
Sexy voice required
This is not just a call centre idiot, this is an M&S call centre idiot.
You pay more for quality.
If he was a *proper* superman
He wouldn't have given away his true identity!
Surely under Parental Responsibility the mother had full right to speak and act on hehalf of her SEVEN YEAR OLD son anyway??
This is the problem with call centres. It's nothing directly to do with the DPA. It's call centre workers forced to read out a script and only say the words on their screen. Probably the script says "Tell them you can't do it because of the DPA". And these days you even get speech recognition software that ensures all your workers stick to the script. It's a wonderful way to run a business.
As an aside, what on earth is that "The Story of Stupid Aid" website about? Utterly incomprehensible. "He had earlier literally created a vehicle for his creativity consultancy work, ‘the world’s smallest conference centre’, a two-seater car to cater for 1:1 consultations at conferences and special events." "In his study and teaching of creativity he believes flexible thinking is at the heart of creative thinking." "He was also developing his expertise in word of mouth communications and was sensitive to the need to brand and make any message sticky. He knew from experience that you may need a legitimizer to help sanction an idea which might be regarded as outrageous." NOW THAT'S STUPID!
They tried that with my young kids they would have a lot of fun. They hate using the phone and just about manage "Hello Grandma!", then off to get on with more important stuff like chasing the cat up the garden or leaving the lights on all over the house!
Typical officious num-nuts in charge decides that all the low level people, who have to take the flack from customers, are not allowed to exercise any common sense or discretion of their own so we end up with this kind of stupidity. The stupid leading the blind.
@Reminds me of my loan at Harvey Norman
I had the same thing with Halifax bank when they rang me.
"Can I speak to Mr Tanner please"
"Can you confirm your mothers maiden name please"
"Once you confirm my account number to me"
"I can't give out that information until I've confirmed who you are sir..."
"I won't confirm any personal details until I know you're who you say you are..."
Round and round it went until they hung up on me.
2 months later they rang back, and have obviously changed their policies... I had
"Hello Mr Tanner, can you confirm your identity please? Your postcode is W1B 5 - can you tell me the last 2 digits please?"
Similar situation continued for 3 or 4 questions - a nice solution all round I thought.
Common sense win - for once.
RE: Idiots in control
Who else saw that program on the telly last night about benefit fraud? The people receiving and checking the forms are equally as moronic as the people fiddling the system. So yes, the idiots ARE in control. Common Sense - no - it's not allowed. Stick to the protocol, never make decisions yourself or stick your neck out and guess what.... you'll be fine in your little jobs. Oh and funny how all this benefit fraud has been going on all this time while nuLabour are in control? Anyway I'm off now to read the nuBOFH.
You wrote "Yup, they wouldn't tell him or his driving instructor why he failed his driving test because of 'data protection laws'."
I find this a little hard to believe as everyone who fails or passes is given a performance sheet which indicates what major and minor mistakes you made during the driving test. I would suggest a visit to a solicitor if this is the case. The court can order the test be resat at the DSA's expense.
Data Protection Act is now officially a sham
Let us be clear. the DPA has nothing to do with protecting the individual's privacy, despite its name.
The DPA is designed to permit the government and private sector (i.e. everything that is beyond the individual worker drone) to horde vast amounts of information but never to confirm or release any of it. All it does is legalise the storage and non-disclosure of your data and protect these groups from being accountable for holding any of the data.
Those in favour of repeal say aye.
It's quite obvious that M&S are employing paedophiles. They are obviously using the customer service phone system to get access to youngsters in order to groom them. Do M&S carry out checks to ensure sex offenders aren't operating for them and taking advantage of youngsters?
If people want to be awkward/stupid......then you fight fire with fire...
"the call handler insisted he could only speak to Jacob because of 'data protection laws'."
WTF? did the kid use his credit card to pay for it?
HSBC do this also
HSBC asked to speak to my girlfriends 6 year old son to get his agreement that they could allow his mum to operate his account on his behalf. She put him on the phone, and predictably, he did not understand the question. The result was that they would not allow his mum to operate the account until she went in person to the account branch with various forms of id and completed a paper form filling exercise.
But of course the law doesn't protect you...
...when an organisation or the goverment want to abuse it. I've had a great deal of personal information about me spread to whoever was listening by a DWP worker. You write and complain and invoke the Data Protection Act and they either laugh at you, insult you or ignore you, or in my case, all three. The Electoral Roll willingly give out your info to anyone who wants it, in spite of your current girlfriend having been repeatedly threatened and stalked by her ex. If you contact those in charge of enforcing the DPA they too ignore you or fob you off, and if you read their website carefully you see that really they have no power whatsoever. They can't shut someone down, they can't impose fines, they can only suggest and advise that the offending company or government organisation take a look at their internal procedures...yeah right.
I had a car accident where I was a named driver and after weeks of reporting the accident, dealing with the assessor and many many phone calls, it turned sour, as it always does, as the insurance company in question started breaking the law with regards transfer of ownership. So I had a go at them and low and behold, all of a sudden, because of the DPA they couldn't talk to me and had to talk to the policy holder only. Even though they'd told me everything there was to know repeatedly, already.
The DPA is a joke and only stands as another layer of bureaucracy that companies and the government can use to obstruct when it suits them, to get out of facing up to their responsibilites or putting something right, but when the shoe is on the other foot it's an empty, meaningless, unenforceable load of insulting garbage.
56 comments and not one person has mentioned...
...that the contract is between M&S and the mother - since she paid for the clothing. The fact that the clothing is for the child is irrelevant.
Thumbs down 'cos the readership is losing its touch
@ 56 comments and not one person has mentioned...
Actually to be uber pedantic the article says the boys Aunt bought the costume and gifted it to the boy - so the mother isn't technically involved at all. But thats still no excuse for the call centre employee to do what they did!
@Why is a 7 year old confirming details? (and others)
The DPA covers both gathering and managing personal data. The Act works on 8 principles and the 3rd is that data should be "adequate and accurate". That relates directly to collection - if you buy tickets to the theatre, they can ask for name and address. Unless it's an age restricted event i.e. 18+ movie, then they don't need your DOB nor do they need to know how you like your sex. Why a 7yr old needs to confirm details is stupid especially as their parent is their legal guardian.
@SynicNZ - anyone at any age can give consent provided they understand the consequences of their decision. That it is what is known as the Gillick Test. Under the law, parents have responsibility for their children until 18 though most give that up at 16. The test came about from a terminally ill child who told his doctors that he did not want to be resuscitated. His parents, naturally, refused to accept that and consequently it went to court. It was determined that if, after a pyschiatric review, the child fully understood the consequences of their decision, then the child was capable of making an informed decision. This was, of course, a complicated and emotive scenario and we are not likely to see that situation occur often.
The test is used though when prescribing contraception to girls as if, in is opinion, the doctor is satisfied the patient understands the realities of sex and possible consequences, the doc CANNOT break the doctor-patient confidentiality principle. What doctors obviously try to do is involve the parents but their first concern is their patient's health and will therefore prescribe the contraception if the doc believes that consent is unlikely to come from the parents.
I'm a DPO in a public sector body (hence the AC) and the line that I, and many of my colleagues, take is that if your actions breach the act but you believed you were doing the right thing then it is highly unlikely that any disciplinary action is taken. Instead, I would look to put some training in place to avoid it happening again. It's very easy to break the DPA so we look at the ways in which we can prevent it happening on a grand scale. I'll bet that M&S's own DPA team weren't aware of the procedures in the call centre. I they had then it's unlikely it would have happened. In this case, it's more than likelu that its poor training and an a culture of ignorance about the act at a managerial level.
- Product Round-up Smartwatch face off: Pebble, MetaWatch and new hi-tech timepieces
- Geek's Guide to Britain BT Tower is just a relic? Wrong: It relays 18,000hrs of telly daily
- Geek's Guide to Britain The bunker at the end of the world - in Essex
- Review: Sony Xperia SP
- Dell's PC-on-a-stick landing in July: report