Here is my reply email to Credit fix Names took out... is this a reasonable reply ?
Hi ......
I would like to point out firstly that I was two months behind on my payments and rang Credit fix to sort this out on the 11/06/2020 at 16:46 in the afternoon. Then the call was made to me about the late payments on...
13/06/2020 at 11:59
15/06/2020
txt 19/06/2020
Email to the same effect on the 19/06/2020
Aside from this my girlfriend who is also in the IVA had calls made to her on the
12/06/2020 at 14:11
Voice mail from Credit fix saying they urgently need to talk to her about the late payments on the 12/06/2020 at 17:19
A voice mail saying you need to discuss late payments on the 18/06/2020
A voice mail with the same content on the 19/06/2020
All of these are after the date I had rung and sorted it out with Credit fix.
If your system was correct at the point of phoning me on the Saturday this situation would never have occurred and there would not have been a complaint put in by myself and girlfreind.
May I suggest you review the way your system is set up so this could not happen again to anyone else.
I have reviewed the call recording and asked my friend how he knew what I was paying on the IVA and he replied...
" I heard her while she was talking to you on the phone. Then told uncle ........ as I was drunk that night and he come round I did not think of what the consequences would be for you at work. Sorry mate"
Point 0... Like yourself and I can clearly hear a change of voice so the caller should have ether asked the securaty questions or stopped the call NOT carry on with sensitive account information.
Point 1... Saying you are some one over a phone is not an appropriate security check.
Point 1.1... The point you made of the IVA being on a public web site is correct and this point makes the whole situation even worse for me now as I have made out to every one at work and friends that it was just a scam call, but they can go on there and see clearly that I am lieing. This will devastate my whole reputation at work and with friends.
Point 2.... Before disclosing to any one the details of the account I should have been asked for the first line of my address.
Point 3... T his would have given me the opportunity to break the momentum of the call and call back at a convenient time.
Point 4... I should have been asked for for my post code before disclosing any information on the account.
Point 5... I should have been asked for my date of birth before disclosing any information of the account
Point 6...The exact questions asked by call centres during security checks vary across industries and organisations. However, there is common ground on the best basic questions. A three-question check comprehensively tests a caller’s identity. Most call centres ask for an account or reference number, then the customer’s name, and then their address, postcode or date of birth. The question asked as the third part of such a check may vary depending on the business of the contact centre. The options for each question are shown in the table below.
Point 7...Under the Data Protection Act, companies and organisations are obliged to take reasonable steps to confirm the identity of a telephone caller before proceeding with a call relating to a personal account or information. They must have safeguards in place to prevent people calling in under a false pretence of acting on behalf of the customer. Companies also have an obligation to their customers to make sure their personal information is handled properly. Security questions build trust, as customers are reassured that suitable precautions are being taken.
Point 8... I believe you should send the caller on a refresher training course asap due to the seriousness of the breach, this would ensure it would not happen again.
May I just point out...
The GDPR (General Data Protection Regulation) sets a maximum fine of €20 million (about £17.8 million) or 4% of annual global turnover – whichever is greater – for infringements.
However, not all GDPR infringements lead to data protection fines. Supervisory authorities such as the UK’s ICO (Information Commissioner’s Office) can take a range of other actions, including:
Issuing warnings and reprimands;
Imposing a temporary or permanent ban on data processing;
Ordering the rectification, restriction or erasure of data; and
Suspending data transfers to third countries.
Here are the consequences for me that you are aware of already....
1. I suffer with depression and am on medication for this.
2. I suffer with anxiety and am also on medication for this
3. I am part of the senior managment team at work and my work colleagues now know I am in debt due to this call.
4. This will potentially stop me from going any further in my career with in the company.
5. I have been hugely embarrassed at work by your company due to this breach.
6. I have been hugely embarrassed with in my circle of freinds due to the breach made by your company.
7. I am struggling to face my work colleagues due to the embarrassment and this could lead to me leaving my job.
Now your investigations are complete I would expect this to come to a suitable and fast conclusion.
I will wait until Monday 17:00 for your out come of this and if I find it to be unsatisfactory for us I will then pass on the communications between us and the recording to the ICO for investigation.
The only thing that jumps out is the deadline you have set, bearing in mind the weekend. The ICO may think this to be insufficient for a full response.
My opinions are merely that .. opinions based on experience. Always seek professional advice.
IVA Completed 23rd July 2013 .... C.C. 10th January 2014
Having thought about it you might be right, maybe I could give some more time but they have had 6 full working days for this. But i should maybe have left them with a two week time line, this is anger coming out and I tried to stay impartial on the matter as best I could.
Having thought about it you might be right, maybe I could give some more time but they have had 6 full working days for this. But i should maybe have left them with a two week time line, this is anger coming out and I tried to stay impartial on the matter as best I could.
Thank you for the response.
I completely understand the anger .... when in similar situations I often write a really scathing ( and rather rude) email first --- delete that and then write a calmer version, just to get it out of my system. But do take great care not to send the first version accidentally !!
My opinions are merely that .. opinions based on experience. Always seek professional advice.
IVA Completed 23rd July 2013 .... C.C. 10th January 2014
I am having to wait up to 8 weeks for the out come, and no Steve I feel the same. I will keep updated on out come unless it is very good and i have a discliamer to sign but i will not hold my breath for that.
Insist on having the name of their Data Protection Officer and their email address - this should be on their website but always worthwhile asking directly.
If perceived as a data protection breach, the initial assessment period is 72 hours.
Whilst I note some of the arguments used by them, including your name being in the public domain, by the same logic, you cannot have any expectations linked to the security of the app they are also asking people to use.
Data minimisation is a key concept, and their approach seems to suggest that shame is one way to get compliance with any agreement with them.
IVA started March 2011, Completed March 2016 and certificate issued 11 days after final payment. It was not always easy but then some of the best decisions aren't.