Telephone Records and Privacy Protection Act of 2006

Transcription

To record a new voice message, please speak after the tone. Hi. Erm, you've reached the voice-mail service for Peter Hedley. Sorry I can't take your call now, but I shall be away from the office for the next couple of days on business. Well, I say on business, but actually it's not really actually, you know, per se an actual business trip, more a training thing - you know, one of those company initiatives at some probably ghastly out-of-town hotel. You know, pokey little rooms with over-eager central heating and a tiny telly with a picture like a snowman in a snowstorm, and one of those ridiculous trouser press things, which are fantastic at toasting sandwiches. Anyway, our masters, in their wisdom, feel it's time for us to get a proper grip on the challenges of the Data Protection Act, and... Well, you can imagine how excited we are about that. So that's what I'll be up to, and a positively riveting time will be had by all. Anyway, the thing is, of course, if you need to get hold of me, I shall be on my mobile. The number for that is... O7736... 07736... Time up in five seconds. O7736... 973... 87... 47... Time up. Thank you. ...8. Bugger. <i>(phone rings)</i> Peter, the credit and personal contact details of the investors. I need them yesterday. Lauren, hi. You know this stuff's really sensitive. I need time to really... I've got to go on this training thing and... Yeah, I know what I promised. All right. Look, I'll take the files with me, and I'll get the information emailed to you this evening, OK? All right. Yep. Bye. Are you sure it's all right to dump these like this? It might have personal stuff on it, like staff salary and bank details. Shouldn't we destroy it - smash it up or something? You want employee of the month or something? Nobody's gonna do anything with this piece of garbage. It doesn't matter. - Sir? - I'd like to check in. Are you with the Cornchurch group? - That's right. - If I could have your name, please, sir. - Peter Hedley. Very good. And just for security, could I have your date of birth? Oh. Right. Erm, the 4th of the 7th, '69. Thank you, Mr Hedley. Would you prefer a smoking or non-smoking room? - Non-smoking, please. - Very good. And which newspaper, Independent or Times? - Don't worry, I won't have time for that. - I see. And if I might have your shoe size. My what? My shoe size? Is that strictly necessary? Oh. Well, erm, it's 9 normally. 9 and a half sometimes, depending on whether it's brogues or trainers... Thank you. 9 will be sufficient. We can't input half sizes onto the system. Oh, right. - So, If I could have the key... - Absolutely, sir. As soon as we complete the guest information form. - Not much more to cover. - Oh, right. - Full English or Continental? - Er... Continental, I suppose. - Thank you. And early-morning call? - Oh, yes. Thanks. Erm... - Tam, please. - Very good. And sexual orientation? - Sorry, did you just ask me...? - Your sexual orientation, Mr Hedley. But I... There are other people waiting to register, sir. - You can't be serious. - If you're uncomfortable with it... It's not that. It's just... it's a bit personal, isn't it? Perhaps we'd better leave that part of the form blank. What are you looking at me like that for? I've got nothing to hide. Not that I'm all hung up by who's what and all that. I mean, there was a time, obviously a very long time ago, when I had what I suppose you might call a bit of a crush on Marc Bolan - you know, T-Rex posters on the wall and all. It was more of a teenage hero-worship, I suppose, but, er... - Could I have my room key now, please? - Certainly, sir. Room 85. Thank you. <i>(mobile phone rings)</i> - Peter Hedley. - Hello, Mr Hedley. - Fiona Coombes, Revenue & Customs. - Oh. Hello, Ms Coombes. - Please, call me Fiona. - Hello, Fiona. - Is now a good time to talk? - Yeah. I've got a few minutes before... Oh, good. I'm calling about a Mr George Lambert. - I understand he's a client of yours. - Yes, that's right. How did you...? I've just spoken to one of your colleagues, a Ms Lauren... - Fisher. Lauren Fisher. - That's right, And she's rather concerned. You see, we are monitoring Mr Lambert's financial activity. Could you just confirm the bank details you hold for Mr Lambert to me? Oh. Yeah. Erm... Here somewhere... Erm... Ah. It's the National MidWestern, account number 00987633768. - That tallies. - That's good. Now, if you could fax the latest set of audited accounts you are holding to me. My fax number is 0012377864578. And if I could have those as soon as possible. Thank you very much. Bye. Bye. Well, everything works. Oh. Ow. Hello, reception? It's room 85. Erm... No, I'm completely in the dark. Well, it is a little inconvenient, actually. Sorry. - You all right, Peter? - Well, yeah, I was, erm... - Just fell over in the shower and, er... - Oh. Oh, look. There's, erm... I must just go and... - Glen. Hi there. - Hi. - You all right? - Yeah, fine. Just a bit, you know... Listen, what are Lynn and her crew doing here? Can we really afford to give call centre operatives jollies at expensive hotels? It's not really a jolly, is it? People like Lynn, the call centre team, are in the front line when it comes to being on the ball, dealing with requests for information, and treating people with respect. You know as well as I do, good data protection practice is essential to excellent customer service, isn't it ? <i>(mobile phone rings)</i> Grab that. Hello? How many times? No, I am not interested in a timeshare villa in the Costa Del anywhere. No. No, no, no. A holiday complex with its own pool and Irish theme pub is not my idea of heaven. Did you... did you just call me mad? Look, where did you get my number from, anyway? I told one of your colleagues who called me yesterday not to call me again, and I said the same thing to another one of your colleagues who called me this morning at 6am. Well, it's nice that your passion is to make me happy. I tell you what. Make me happy. Leave me alone. Sorry, mate. Where were we? Right. Can we take our seats, please, so we can get started? Cheers. - Thank you. Hi, everyone. - Hello. And welcome. We're here today to learn about the Data Protection Act and how it impacts on us in the jobs we do. Information is not just about facts and figures. Information, it represents people. And it's how we handle and protect people's information that affects their wellbeing, and their confidence in us. Soto illustrate the point, I'd like to introduce you to Julia. Little round of applause for Julia, please. Yeah, erm... I know some of you have already met Julia, our "undercover" hotel receptionist. I mean, it really amazes me how much we feel compelled to reveal to someone simply because we perceive them to have authority in our transactions. Now, I can tell you that Julia knows the shoe sizes of 50% of people in this room. 48% preferred the full English as opposed to the humble Continental. And without embarrassing anyone here, Julia also uncovered a very interesting romantic story involving Marc Bolan... Look, it was just a bit of teenage hero-worship. There was nothing... Ah. - Mr Hedley, your secret was safe with us. - Right. Right. OK. Right, OK. Moving on. Erm, so, right. So the first point arising from this exercise is that it isn't right to collect information just because you're in a position to collect it. No hotel needs to know your shoe size before they offer you a room, do they? And as an organisation, you should never collect more information than you need to fulfil your stated purpose or deliver your stated service. Keeping information which is not relevant to your specific requirements is just simply not on, it's not acceptable. And it can lead to complications. People have had their mortgages turned down, people have had wrong medical treatment, because the information stored about them has been inaccurate. So we'll start today with an insight into the techniques used by "specialists", or "blaggers", to extract information from people like you. So can I ask Lynn Marcos to join me up here, please? Lynn? Little round of applause. Here we go. Right. Now, what we're gonna do is some role-playing, OK, but, unlike other role-playing exercises, Lynn, I'd like you to play yourself. It's OK. Just relax.You are going to be a call centre operative, and what I want you to do is to take a phone call from a member of the public. What we've got, we've got you a headset. Just put them on, and, er... You're used to them, so that'll make it easier. Got some background information. Let's see what happens. - Hello, is that Cornchurch? - Yes, it is. Good morning. Lynn Marcos speaking. How may I help you? Hello. My name is Sylvia Castle. My husband and I have an account with you. Oh. Erm... Right. We just wanted to let you know that we've moved recently, and I'm not sure that you have the correct home address for us. Well, if you'd like to give me your account number, Mrs Castle. It's 0097754378. I'm just looking on the computer screen now, and the address we have on record is 47 Acacia Way, Standborough. Your husband changed the address we have on record last week. Great, he's done it already. That's good. Thank you. Is there anything else I can help you with? No, I don't... Actually, while I'm on, can I just check that you've got the correct bank account details for us? We changed branch when we moved, and I'm sure he's told you already, - but I just want to be sure. - Oh. OK. Your account is with the Standborough branch of Barking Bank. That's it. And can I check the account number he's given you, 'cos he's always getting the business account mixed up with the personal. Certainly. It's, erm, 9987445367001. Wonders will never cease - he's done it all without any bullying from me! Can I assume that the debits for his pension plan are now going to be going through this new account? - Yes, they are. - Great. Well, everything's in order. - Sorry to have troubled you. - Oh, no. No trouble at all. OK, that's great. Thanks, Julia. OK, Lynn. So, how do you think the call went? Fine. Just another unremarkable call from a typical customer? Well, what if I was to tell you that the person you've just given detailed personal information to wasn't actually the current Mrs Castle but someone working on behalf of Mr Castle's first wife? No, that's not possible. She knew the account number. She knew an account number, that's right. Yeah. But that's not necessarily enough, is it? Huh? - I mean, what else did she tell you? - Well, I... What I've got to explain is, you see, Mr Castle's finances are being vigorously pursued by his first wife. She wants to know whether he's got any hidden money, like a pension plan. She also wants to know where he's moved to - and for whatever reasons, Mr Castle wants to keep that information private. And you've just given that caller his address. But, erm... Yeah... No, no, no. I'm not having a go. I mean, whatever the rights and wrongs of any given situation, it is not acceptable for organisations like yours to get entangled, by supplying information inappropriately. Not only are you likely to lose Mr Castle as a customer, and the more serious thing is you could have legal proceedings against you. - Legal proceedings? - Yeah. Against your company, that is a distinct possibility. Whilst no individual can be held responsible for unwittingly divulging information they shouldn't, companies can be brought to account for not having the correct safeguards and procedures in place to prevent inappropriate release of information. - Sorry. - No, it was just a role-play, Lynn, It's designed to make a point, don't be too hard on yourself. I think Lynn's been great. Round of applause for being such a good sport. Silly cow. "Blaggers", or "trace agents" as they prefer to be known, can be really unscrupulous in obtaining the information they want. And seeing as the rewards are as high as they can be, it's not surprising. They'll impersonate anyone from friends, colleagues, local authority officials - the list is endless. And believe me, they can be convincing. And they often get the information they want without arousing any suspicion. And their job's made easier when they call us in the middle of the day... ls now a good time to talk? We're juggling 101 different priorities and unable to fully concentrate on the call and the sensitivity of the information we're providing. We need to look at strategies to help us guard against the intrusion of "blaggers". And we also need to look at other key aspects of data protection policy. Then we can ensure the information we hold is properly managed and protected. OK, look. Why don't we have a five-minute break and reflect on what we've learnt so far? You were right. Our call centre people really do need training. - Fancy falling for that. - And you don't think you would? Course not. <i>(mobile phone message alert)</i> 'Scuse us a moment. I've got this urgent text. Something I need to do. - We start back in a couple of minutes. - Yes. OK, I'd like to try role-playing around the problems associated with receiving unsolicited phone calls. Who'd like to start us off? - Er... Do I start? - Yes, please. Hello. I'm Mr Francis. I've been receiving frequent calls from your sales teams. I'd like to know what information you hold on me, and I'd like the calls to stop. OK. I see, Mr Francis. Well, firstly, I'm very sorry that you have been receiving an annoying level of calls. And, of course, I'll be happy to inform you of the data we have on record for you. But firstly, may I ask you a few questions, please, for security purposes? - Could I have your postcode? - Yes. It's RP133PP. - Fantastic. And your house number? - 22. And also confirm your telephone number. 022277455545. Brilliant. I can confirm that the contact information I was never in any doubt about that. I receive at least three calls from your sales teams every day. What I want to know is how you got hold of my information, and why you keep calling me. Well, according to my records, you took out a subscription for Lawnmower and Leaf-blower Monthly, and when you took out the subscription, you ticked the box that allowed the publishers to pass on any information to associate companies, such as us ourselves at Hack and Wrecker Power Tools. Ah. Well, could I ask you to remove my details from your database - and stop calling me, please? - OK. Well, if that is your preference. And there'll be no passing on of my information to other organisations, cos I really, really don't want any more calls at home. I'll make sure that your information is no longer available for marketing purposes. - Well, thanks for being so helpful. - Thank you. So, of course, observing our obligations under the Data Protection Act isn't just about what we do and don't disclose. It's about how we manage the information we hold. As holders of information, it's our responsibility to ensure that the data we hold is up-to-date and accurate, and then we're neve guilty of misrepresentation. And secure handling of information is a vital part of data protection, which also means that if the information is no longer required, then it must be destroyed appropriately. Shouldn't we destroy it? So let's review the eight data protection principles. Personal information must be legally processed. When you request information from someone, it really does pay to be open. Tell them what you want the information for. Tell them what you are going to do with it, if someone else might have access to it. People tend to complain when they discover that information held about them has been used for something they haven't been previously told about. Now, that isn't either fair or open. Information must also be processed for a specified purpose. Information collected and collated must be adequate, relevant and not excessive. And sexual orientation. Information must be accurate and kept up to date. Information must not be kept longer than necessary, so, when it's no longer required, it must be disposed of promptly and professionally, yeah? Information must be processed in line with the rights of the individual, so any person you hold information about has the right to see that information, if they ask in writing, and have it corrected if it is wrong. Information must be kept secure and not transferred to any countries outside the European Economic Area, unless adequately protected. You know, there are a lot of things to manage the use of information held about us. For example, we can register with the Telephone Preference Service and choose not to have our details used by telephone sales organisations. See... A lot of this is common sense, isn't it? But you'd be amazed how common sense abandons us when it comes to handling and protecting data. Excuse me. Hi. Sorry to interrupt. Someone left this in the fax machine. I thought it might be important. Does this document belong to anyone here? Er... Yeah, it's, erm... Could I have it back, please? Silly oversight. Still, no harm done, eh? That looks like it's from the key investor files. Tell me you haven't taken it out of the office. Gosh, come on. That would be stupid, wouldn't it? - Yes. Very. - Yes. Very, very stupid. The files are here, aren't they? And you've been faxing confidential client information to a third party. Well, not just any third party. - Who? - Someone at Revenue & Customs - Who exactly? - Well, erm... Fiona... something, I think. And you verified that she is who she says she is, and that she's entitled to this information. Well, the thing is... Bloody hell, Peter. Have you learned nothing? I have now. <i>(phone rings)</i> Hello, Mr Hedley. Reception here. I just wanted to make sure that the lights in your room are now functioning. Oh, yeah. Great. The lights are on. Thank you. Ow. Visiontext Subtitles: Paul Murray