There has recently been a debate about the way banks attempt to verify financial transactions using call centres and automated phone systems. The irony of customers being asked for security details by a random caller has not been missed by some commentators as the “Kafka-esque nightmare” that it is.
This article puts it rather succinctly: “The banks, bless them, are only trying to prevent fraud, but this is a pretty silly way of going about it. For starters, there’s the business of calling up people and asking them to give you all the information necessary to prove that they are indeed a bank customer – all the information that a fraudster needs to impersonate that person at the bank, in other words.”
All businesses must adhere to the principles laid down by the Data Protection Act 1998, which govern how personal data is collected, held and processed by organisations. This pair of template data protection policies sets out the data protection obligations of businesses and employers and lays down a number of organisational and procedural measures to ensure compliance with the Act.