By Stacey Langdown, Data Protection and Education Awareness Manager

Tuesday 28 January is International Data Protection day – an annual celebration to raise awareness of data protection for individuals and organisations.

To highlight it’s importance, two colleagues shared their experiences of personal information being lost or handled badly.

Harvey’s story

In a previous job, Food Store Manager Harvey Rainbow had his information shared inappropriately.

A colleague asked Harvey to be the guarantor on their rental agreement and due to unusual circumstances, he agreed. When a second colleague made the same request, Harvey said no due to the risks involved.

Despite the refusal, the colleague rang their Lettings Agency and mentioned they’d asked Harvey to be their guarantor. The Letting Agent interrupted stating “Do you mean Harvey Rainbow? Isn’t it great he’s also agreed to be the guarantor for another of your colleagues?”

The second colleague approached Harvey to question why he wouldn’t agree to be their guarantor as he was already doing it for someone else.

Harvey contacted the agency to discuss his information being inappropriately shared. He received an apology, but the damage was done as he’d already been put in an awkward situation with potential to strain working relationships between him and his colleagues.

Top tips:

  • In similar situations, discuss the problems with the organisation involved to help them improve and reduce the chances of it happening again. If you’re unhappy with their response, you can also complain to the Information Commissioner’s Office who’ll review the situation
  • In work, only share information with people who need to know and perform security checks to make sure they are who they say they are

Tony’s story

Tony Flaherty, Information Security Team, told us how a family member fell victim to a phoneline scammer.

They’d received a phone call claiming to be someone from a well-known telecommunications company. As they knew personal details about him, and the background noise sounded like a call centre, he proceeded with the conversation.

Apparently, there was a problem with his router so they needed to access his computer and check it. After giving access, he was told he needed a new router which would cost £100, but they’d transfer money into his bank account to cover the cost.

The caller asked him to check his online banking to confirm they’d made the transfer and the funds had arrived. He saw a credit which looked like it was from the company, but it was for £10,000. He explained this mistake and the caller responded with a panicked “I’ll get sacked, please transfer the money back, I’ll give you the details”.

They provided an account to transfer the money to, which he tried to do, but fortunately his bank blocked it. He was then asked to go to an ATM to take out cash so someone could come and collect it. It was at this stage he realised it was a scam so hung up and began panicking about what had happened.

He called his bank who investigated it for him. The scammers had put malware on his computer which transferred £10,000 from his savings account to his current account, modifying the transaction to make it look like it was from the company. They suggested he had his computer fixed which was an extra cost to him.

Since this event, he’s lost confidence and hasn’t used his computer. Although there wasn’t a large financial impact, there’s been a permanent emotional one.

Top tips :

  • If someone unexpectedly rings you claiming to be from a company, insist on calling them back on an official number. You can find these on the company’s official website
  • When returning the call, ring from a different phone or make another call in between. Sometimes scammers remain on the line leading you to believe you’re on a new call when in fact you’re not

For work concerns and advice about Data Protection, email dataprotection@coop.co.uk. If you have any concerns about your own personal information, contact the Information Commissioner’s Office.

Join the conversation! 1 Comment

  1. Another two stories from me, from intelligent and educated friends/colleagues.

    One person was having work done on her house, and the trusted builder had e-mailed his invoice with the details of how to pay. Later that day she received another e-mail saying that there was a problem with his bank account being hacked, and could she make the payment to another account instead. It was only when the builder followed it up the next week asking politely when his payment was due to arrive that she realised that the e-mail account had been hacked, and that the second absolutely genuine-looking e-mail was in fact a fake one.

    Someone else had a call from the internal audit division of his bank saying that they were concerned about a major fraud going on at his local branch, and that he was in danger of having his savings stolen. To assist the bank with apprehending the fraudsters and to protect his own money, they asked him to go to the branch urgently and transfer his money into a “safe” account. They told him that the staff there would attempt to dissuade him, but to insist in order to avoid falling into their trap, and not to engage them in discussions to avoid making them aware that he was helping to break the scam that they were said to be operating. It was only when he came home after making the transfer and explained to a friend what he had just done that he realised that the real scam was being perpetrated on him by the caller.

    In both cases, looking back the victims could not believe that they had fallen for the scams, as they seemed so obvious in retrospect, but they felt absolutely genuine at the time.

Comments are closed.

Category

Colleague support, Do what matters most, GDPR, People stories

Tags

, , ,