Over the last 8 months I have been fortunate(!) enough to visit three car dealerships, each representing a different marque of vehicle. None have handled my information correctly so chances are they are not handling yours correctly either.
I visited dealership A in April 2014, dealership B in June 2014 and Dealership C in October 2014. Here's the run down of errors made by the dealerships
Dealership A was not registered with the ICO when I visited. They subsequently became registered in June 2014.
Dealerships A and B have notified me that the MOT is due on the respective vehicle. Both dealerships got the date wrong. Dealership A is out by 6 months and Dealership B is out by 3 months. Given the MOT information can be obtained from the DVLA website they should be keeping that information up to date as required by the DPA. Of more interest is where they got the MOT information from as neither dealership asked me and I have been MOT'ing my car at a local garage rather than the dealership so neither had any MOT records for my vehicle.
Dealership A has been using my email address for publicity purposes without actually seeking my permission to do so.
Dealership B made marketing calls to me without asking my specific permission for this to take place.
Dealership C has been sending me marketing texts again without seeking my permission to include me on their mailing list and the format of the texts does not meet the requirements of the DPA.
Dealership C managed to lose my bank account details, they know not where. Really unimpressed.
My thoughts are that none of the dealerships I have dealt with have a clue how to comply with the requirements of the DPA in even the most basic way. None of the dealerships sought my information in a way that they could use is on an on-going basis, yet chose to do so anyway. As for contacting me about the MOT, that is just sloppy record keeping on their part.
I have contacted all the dealerships, so far only one has replied and their response was that they were fully accredited by the UK distributor of the car make and their processes regularly reviewed as part of the accreditation process. Surely this makes matters worse, that a car manufacturer is justifying the poor information security practices of its dealerships. I would be interested to know if I am alone in this experience so would love to know what your observations are.
Saturday 31 January 2015
Thursday 1 January 2015
NHS and Data Protection - Are you using the same strategies?
I was unfortunate to have an accident recently which required a visit to two hospitals. The NHS has always been an interesting visit from a Data Protection point of view. How to preserve individuals rights under the Act whilst still conducting the services required. I was really impressed with the the advancement that has been made.
I was admitted via A+E and from the moment I arrived, I was labelled (not sure that's the right term) and given a different name so that even when staff were talking about me it wasn't obviously me as they used my code name. I quite liked being "sierra" (place in the US, rather than a Ford car). Once I was admitted, I noticed a huge change from the last time I was in hospital (back in 2003), firstly no medical notes on the end of the bed. These were kept in a cabinet accessed by the medical staff on the ward. I was also referred to by my bed number when medical staff were discussing me away from the bedside I found this quite reassuring.Obvioulsy I wouldn't want to spend the rest of my life being referred to as "bed 14" but when medical staff are discussing me I was happy with it. I can see how some poeple might feel offended and to be fair to the staff they always used my name when addressing me at the bedside, so I had no problems with the situation at all.
From my experience, the NHS at this particular hospital have achieved compliance with the DPA, whilst still providing an excellent service and care for their patients. Can you say that your business is compliant with the DPA?
I was admitted via A+E and from the moment I arrived, I was labelled (not sure that's the right term) and given a different name so that even when staff were talking about me it wasn't obviously me as they used my code name. I quite liked being "sierra" (place in the US, rather than a Ford car). Once I was admitted, I noticed a huge change from the last time I was in hospital (back in 2003), firstly no medical notes on the end of the bed. These were kept in a cabinet accessed by the medical staff on the ward. I was also referred to by my bed number when medical staff were discussing me away from the bedside I found this quite reassuring.Obvioulsy I wouldn't want to spend the rest of my life being referred to as "bed 14" but when medical staff are discussing me I was happy with it. I can see how some poeple might feel offended and to be fair to the staff they always used my name when addressing me at the bedside, so I had no problems with the situation at all.From my experience, the NHS at this particular hospital have achieved compliance with the DPA, whilst still providing an excellent service and care for their patients. Can you say that your business is compliant with the DPA?
Subscribe to:
Posts (Atom)