Do ISPs violate data protection rules?

[adam]

It is reported that ISPs freely vilolate data protection rules resulting in thousands of complaints and enquiries made by customers during last year.

The breachers also include some major ISPs like Orange. Other sectors that indulge in breaching data protection rules include banks, marketing agencies and telecom companies. However, it is internet companies that do more violation with respect to data protection rules.

Do you really feel your personal information is safe and secure with your ISP as you wish?

[JenniP]

I work for an ISP (amoungst other things) and I know we take data protection seriously, we are ISO 9001 certified for our quality processes and ISO 27001 certified for our data security.

Saying that I'm a senior member of staff its my job to understand these things, I know people in our service desk who dont understand as much however knowing our company as I do I would be happy for my personal data to be held there.

Once you start trying to improve data security you find how easy it is to mess up, before we started ISO 27001 we had credit card recipts with full credit card numbers laying around our accounts department, we didnt shread all sensitive stuff and I imagine we frequently leaked information. Now we have frequent checks around our building we do dustbin dives to check nothings being thrown out etc.

Jen

[saubryn]

Do you have any examples of things ISPs do to breach the data protection act? I've always found that when I call ISPs on behalf of other people I end up needing to put the account holder on to get them to give permission for the person at the call center to talk to me.

When I worked in customer service I did have people calling up to ask about other peoples accounts, but no place I worked would ever give that info out.

[JenniP]

There are a lot of ways to violate the DPA, and most of them dont involve talking to the customer. I would say a very common way is just to throw out say an order form with the customer details on it. Some of ours used to have name, address, card number etc. Otherways are have insecure security on your systems, so a hacker can obtain personal details etc.

All are breaches of the data protection act.

Jen

[saubryn]

Thanks for your response.

I hadn't thought about that. The last place I worked had stringent rules about not writing down details when taking payments, and they had strict procedures for dealing with correspondance too - pretty much everything got kept for several years so I don't think there was much risk of anything being found in the trash. At least I hope... I'm still a customer!

[net.pro]

Thanks for the great information and we have to trust these people and we also trust mobile operators and elctricity providers who have all our personal information including credit card numbers.

[ceprateek]

I think they all should be sued as I get about 10 calls from different sales representatives for promoting their products and I am really fed up from them.

[JenniP]

Then tell them add you to their "No Call" list. As well as that sign up to the Telephone Preference Service (TPS). UK Marketers have to screen their call lists against this master "No Call" list.

However TPS doesnt help if you are already a customer, then as I said earlier asking to go on their "No Call" list should do the trick.

The TPS also doesnt help from foreign call centres although most UK companies will screen them before sending them to a foreign call centre.

Jen

[ceprateek]

I have done all that but still they are giving such calls I am thinking to sue my service provider what all evidence will I need.

[niki]

Yes there are security issues thats why always take a connection from a trusted ISP as they can intercept your information any time and also you can use proxy servers for very confidential matters.