Franklin Heath Ltd

Master Your Information Assets

  • Categories

  • Meta

Turning the Tables on Utility Companies with the Data Protection Act

Posted by Craig H on 7 August 2014

A few years ago I gave talks at Open Tech and Over the Air, including some mobile security ideas that phone manufacturers were unlikely to implement. One of those ideas was what I called “notarised call recording”, being a way to hold utility companies to account for what they promise you in telephone calls.

I was listening to the BBC’s You and Yours radio programme yesterday (on my way to Bletchley Park, as it happens) and was delighted to hear some aggrieved customers using the UK Data Protection Act (DPA) to get their utility company to supply them with call recordings. The company in question has complied, including a recording which clearly proves that they did promise what they subsequently denied!

Exercising your DPA rights by making a subject access request is quite easy. It doesn’t have to be in legal wording or in any particular format; if you ask a company which is operating in the UK for a copy of information that they hold about you, they are legally required to give it to you. They can only charge you a maximum of £10 (£50 for health or education records in some circumstances) and they must comply within 40 days. If they don’t, you can report them to the Information Commissioner’s Office (ICO), who have the power to fine them (up to £500,000 although that would be a very extreme case).

The reporter in the radio piece asks: “Why do you think a company would send out a recording that proves the customer right?” and the customer replies “a mistake at their end I think”. I would have preferred the reply “because they’re legally required to”, but it would of course be easy for a company to deny that they had the recording of a particular call. In that case you would have to take it up with the ICO, and it would be interesting to see just how thoroughly they would investigate it.

Recording the call yourself would still be the safest thing to do, but if you don’t have your own recording, a subject access request is easy and not too expensive, so give it a go!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: