Advise needed

LegacyUser

Hi Guys, going unreg for this one. Basically, I was out for a few drinks yesterday and while having a smoke I was approached by a person. Basically and to summarise, I made a complaint some time ago (few years actually) to a mobile phone company, the complaint was eventually resolved by ComReg. But, this person was part of the team that deals with calls from the customers about any problems they have.

I was told basically yesterday, and quite aggressively but was not threatened verbally or physically but it was quite borderline. I was there with my friend, when this person said 'you' and then started ranting on at me about how I made there life and his colleagues life 'a living hell' due to this complaint, when I ask how the person knew me they said 'I was so angry about your complaint I had to speak with my friends about it', the person then said they showed them my photos from Facebook, and then also mention how they could 'never forget my name'.

But I am wondering what should I do? I have contacted the company in question about it and to be honest they are quite shocked, and suggested that I contact ComReg and also the Gardaí, they gave me a reference number also. The strange thing is, I did not make anyone's life hell! Far from it, I had to ring numerous times over a technical problem with my phone and basically I was paying for something I was not getting and what I wanted the phone for in the first place! I had no problems with any staff and to be honest I couldn't say a bad word about them but the issue wasn't been resolved by the technically department and for them to get the finger out basically, my boyfriend logged a complaint with ComReg on my behalf.

Another thing is I found this person on Facebook and we have quite alot of friends in common but we have never met apart from this. So not to sure how to go about this one, but I can't have someone blasting my business in public and talking with there friends about my issues, let alone approaching me.

ja1986

That is a serious data protection breach and I would fully get this investigated. I have worked in a call centre and that is a big no. That person needs to be fired.

orthsquel

I can't agree more with the above, definitely you should take it further if you haven't already. It's not just a serious data protection breach or a breach of confidentiality laws, it's also disclosures that they sign with their employer (even if outsourced) for example, not discussing customers anywhere outside of the floor they work on, even with colleagues of the same department on their lunch/break time. They've also taken it a step further - they know who you are, they have personally identified you, and confronted you about the issue on the street, never mind disclosed your business to who knows. I would take that up with the Gardai tbh.

I'd be irate in your position, I'm far too aware from working in call centres what sensitive information someone working there can have access to and I would be worried about my personal information in your position. Data protection breaches as serious as you have described is an outright dismissal, and absolutely 100% rightly so and should correctly have Gardai involved for approaching you on the street.

Rekop dog

I'd be inclined to leave it. The person was likely drunk and probably otherwise wouldn't have ever approached you.The likelihood of them doing/saying anything else to you is very low. Wheras if he/she's reported they'll know it was you and probably be more inclined to approach you again.

Berserker

This is a serious breach of data protection. It would be wrong of you not to pursue this further. Approaching you in such a fashion was unacceptable. The person who approached you should and will, hopefully, be relieved of their duties as a result of this. Do not let this slide, please.

Atari Jaguar

Rekop dog wrote: »

I'd be inclined to leave it. The person was likely drunk and probably otherwise wouldn't have ever approached you.The likelihood of them doing/saying anything else to you is very low. Wheras if he/she's reported they'll know it was you and probably be more inclined to approach you again.

Doesn't matter. They were way out of line and should be punished severely for it.

Rekop dog

Atari Jaguar wrote: »

Doesn't matter. They were way out of line and should be punished severely for it.

Yeah but OP gains nothing from having this person punished imo, aside from small satisfaction that a person who bothered her for a moment in a pub is fired. But she stands to cause herself a lot more potential hassle if she does report it. Sometimes non action is the best action.

Berserker

Rekop dog wrote: »

Yeah but OP gains nothing from having this person punished imo, aside from small satisfaction that a person who bothered her for a moment in a pub is fired. But she stands to cause herself a lot more potential hassle if she does report it. Sometimes non action is the best action.

Reporting this person could and probably will prevent other peoples confidential or personal data from being misused. Would you like it if your medical or financial information was passed around willy-nilly? I honestly cannot believe that people are advising the OP to let this go. This is very serious.

Atari Jaguar

Rekop dog wrote: »

Yeah but OP gains nothing from having this person punished imo, aside from small satisfaction that a person who bothered her for a moment in a pub is fired. But she stands to cause herself a lot more potential hassle if she does report it. Sometimes non action is the best action.

That's irrelevant. This person sounds like an odd ball and they have access to very personal information in their work. A customer who annoys them in future could end up having their home address sprawled on the internet because they upset the chap. Anyone who comes and harrases someone outside a pub over something as stupid as a complaint is not fit for working in such an environment tbh.

Rekop dog

Atari Jaguar wrote: »

That's irrelevant. This person sounds like an odd ball and they have access to very personal information in their work. A customer who annoys them in future could end up having their home address sprawled on the internet because they upset the chap. Anyone who comes and harrases someone outside a pub over something as stupid as a complaint is not fit for working in such an environment tbh.

I'm the only one who seems to be considering the potential fallout if this person is fired due to OP's complaints. Like if they're unstable enough to harass op over a fairly run of the mill technical problem, then what would they be capable of doing when they believe OP got them the sack?

MissShihTzu

Unable to quote the above post. But two things:

1. Sorry, but I cannot agree this should be let go. What are the data protection laws for if people are allowed to track down whoever makes a complaint however minor about a work situation (not personal)? Breaching people's private data is a serious matter - Don't you get that? Drink was probably taken, but that is irrelevant. If that person gets fired? Oh well. They learn from the mistake and move on.

2. If this person is stupid enough to persist in harassing the OP, then what are the Gards for?

Atari Jaguar

Rekop dog wrote: »

I'm the only one who seems to be considering the potential fallout if this person is fired due to OP's complaints. Like if they're unstable enough to harass op over a fairly run of the mill technical problem, then what would they be capable of doing when they believe OP got them the sack?

Doesn't matter. This loser could've easily made contact with the OP before but he just did at the pub because he seen her. He could've just as easily added her FB and messaged. But OP reports he gets sack and even if he does come at them again I can't see him doing anything other than whinging. Why on earth should he get away with this? For the sake of sparing a minor inconvenience if he does run into the OP again? No way.

Meauldsegosha

Rekop dog wrote: »

if this person is fired due to OP's complaints.

The person won't be fired due to the OP's complaint, they will be fired due to thier own misconduct and stupidity. The OP is is not at fault here and should definitely take it up with the DPC.

orthsquel

Rekop dog wrote: »

I'm the only one who seems to be considering the potential fallout if this person is fired due to OP's complaints. Like if they're unstable enough to harass op over a fairly run of the mill technical problem, then what would they be capable of doing when they believe OP got them the sack?

What you're implying is that the OP will draw further hassle on themselves for making a fuss about it..... which is completely wrong IMO.

What the employee has done (outside of data breaches) is take a professional work issue personally. And they have taken steps to make it personal by approaching the OP. The person who is in the wrong and has an issue is the employee, not the OP. The employee has NO RIGHT to abuse confidential information and to harass, intimidate, engage or discuss their grievance on a professional with the actual customer. What you're also implying is that the OP is putting themselves in danger because of making a complaint. Again, the employee has made this personal, not the OP. The employee has abused confidential information and has used and abused that information to personally identify that customer by whatever means. The employee should be held responsible for their actions. And they are 100% traceable on systems as they will have left a digital signature for every file they have accessed, as well as computers and email being monitored, including any data on their computer that they saved, even if deleted is still on the backup servers and systems.

How the employee conducted themselves is NOT the responsibility of the OP. Implying that the OP will be drawing more of the same and should be kind hearted to the employee is BS - giving a statement to the Gardai and making a formal complaint will and should prevent the employee from ever contacting the OP again. If the employee is taking a relatively minor issue so personally, then that is the sort of individual who should not have any access to sensitive and confidential information if they are likely to make it personal in engaging a customer about a professional matter on a personal level and would be in the employee's benefit to be removed from that role and to learn from their issue - even if it is down to stress, over work, being burned out, whatever.

There are massive implications for the company though. If they are heavily regulated they can be fined and prosecuted. Accidental data breaches are one thing, deliberate data breaches such as noting confidential information of a customer, discussing their business, sharing that information or contacting a customer in a personal capacity is a massive no-no and can be subject to a criminal investigation.

Bottom line is that if the employee does get fired (which they should) and they assume that the OP is the reason... even more of a reason for the OP to take precautions now in going to the Gardai. It is not the OP's fault that the employee decided to make a professional issue a personal issue or decided to approach them as a total stranger and confront them about it. That is the employee's fault, it is their behaviour and they should be held accountable for that behaviour. Being drunk is no excuse. If they were drunk and dwelling on it, confronted the OP about it, then the OP has every right to make a complaint and take further action, regardless of the consequences for the employee.

yoppy

No one gives a fiddlers about data protection.

Berserker

yoppy wrote: »

No one gives a fiddlers about data protection.

You sure about that? Have you seen some of the fines that have been given out for breaches?

Colser

yoppy wrote:

No one gives a fiddlers about data protection.

Couldn't disagree with you more there tbh.It's hugely important nowadays and would be a firing offense in most jobs where it applies imo.

TallGlass

yoppy wrote: »

No one gives a fiddlers about data protection.

I think you will find it is actually quite serious and that a 'fiddlers' is given and that the office has a lot of power, to both current employees and past employees of companies and you can get summonsed to appear before an officer if needed.

Here are a few fines

Fined €7500
http://www.irishtimes.com/news/ireland/irish-news/private-investigator-fined-7-500-over-data-protection-breaches-1.2824210

Fined €15000
http://www.rte.ie/news/2011/0321/298891-telecommunication/

€7500, persons fined €1500 each
http://www.independent.ie/irish-news/courts/data-protection-commissioner-welcomes-court-fines-30642894.html

Garda Sacked and fined €200
http://www.independent.ie/irish-news/courts/ex-garda-charged-with-corruption-and-breach-of-data-protection-act-26843997.html

And just to add, https://www.dataprotection.ie/documents/legal/CompendiumAct.pdf

Section 21.2, a person is guilty of an offence if ;

21.(1)
Personal data processed by a data processor shall not be disclosed by him, or by an employee or agent of his, without the prior authority of the data controller on behalf of whom the data are processed. 

(2) A person who knowingly contravenes subsection (1) of this section shall be guilty of an offence.

So I think a fiddlers is given TBH.

yoppy

Berserker wrote: »

You sure about that? Have you seen some of the fines that have been given out for breaches?

Come on, it's been a joke the amount of breaches taking place the last decade.

EU has new regulations sitting their with the power to hand out proper fines but they can be arsed to use it till 2018.

According to a UK government 2015 information security breaches survey, 90% of large organisations and 74% of SMEs reported a security breach, leading to an estimated total of £1.4bn in regulatory fines.

Nearly not a day goes by without news of some company not bothering to secure peoples info and next to nothing is done.

The odd fine handed out is pennies compared to what they actually make. And they're only fines, do they actually pay up at all, I highly doubt it. I saw a headline the other day, Intel still never paid that 1.1 billion antitrust euro fine from back in 2007 (ish) and it's looking like they won't have to.

Ashley Madison got fined 17million, I looked again and it was 1million. 80million in revenue in 2016 with 50million for acquisitions.

Adobe, eBay, MySpace, PlayStation Network, LinkedIn = 50 million users data stolen and NOTHING!

Yahoo, ah they're gas altogether, 1 billiion users data stolen 3 years ago and they said nothing till it started appearing online! The only winner out of that one is Verizon as it looks like they'll buy them for alot less.

And all the while the NSA was scanning every email sent aswell.

The US and Europe are still sending everyones data across the atlantic.

I got new bank card 9 months ago, I only used it twice, both times with mega big online companies and just before xmas I was hit with fraudulent charges through that card. Neither of them companies have admitted a breach and it wasn't my end.

yoppy

TallGlass wrote: »

I think you will find it is actually quite serious and that a 'fiddlers' is given and that the office has a lot of power, to both current employees and past employees of companies and you can get summonsed to appear before an officer if needed.

Here are a few fines

Fined €7500
http://www.irishtimes.com/news/ireland/irish-news/private-investigator-fined-7-500-over-data-protection-breaches-1.2824210

Fined €15000
http://www.rte.ie/news/2011/0321/298891-telecommunication/

€7500, persons fined €1500 each
http://www.independent.ie/irish-news/courts/data-protection-commissioner-welcomes-court-fines-30642894.html

Garda Sacked and fined €200
http://www.independent.ie/irish-news/courts/ex-garda-charged-with-corruption-and-breach-of-data-protection-act-26843997.html

And just to add, https://www.dataprotection.ie/documents/legal/CompendiumAct.pdf

Section 21.2, a person is guilty of an offence if ;

21.(1)
Personal data processed by a data processor shall not be disclosed by him, or by an employee or agent of his, without the prior authority of the data controller on behalf of whom the data are processed. 

(2) A person who knowingly contravenes subsection (1) of this section shall be guilty of an offence.

So I think a fiddlers is given TBH.

The first 1 there,

The court heard there was no scope within the legislation in relation to the activity of the banks, the legal firm or the department official.

The investigators sister in law working in social welfare hands out private records of 61 people and not a thing is done!?

Second one, fines are tiny for companies involved.

Third one is social welfare again!