Who is getting access to our personal and financial data in call centers? Is this information being sent out of our country to scammers. We have no protection.

It is just getting completely ridiculous when you phone a call center for some service provider, Electric Suppliers, Sky, Vodafone, Virgin Media, Eir, or Banks or whatever, your chances of speaking to an Irish person on the other end of the phone is remote. Less and less Irish people being employed in phone shops as well, while Irish people are being forced to emigrate by the thousands.

Local Irish bank employees can't sort out online login issue and request that the customer rings online service which is usually answered by an Indian customer service agent. Tells customer that a customer support agent has access to more account information than the customer service agent in the local bank.

So an online customer support agent in another country has more access to the data in your bank account that the agent in the local bank where you live in Ireland.

https://timesofindia.indiatimes.com/india/7-held-for-stealing-selling-personal-data-of-17-crore-indians/articleshow/98955138.cms

These global companies are so big now they can operate without fear or risk of punishment for any wrong doing, such as breaches of data privacy, cases can take years to get into court.

"The Sun reporter paid a computer expert $5,000 to obtain account numbers, bank card details, secret passwords and other personal details like expiry dates and security numbers of some 1,000 British bank customers that could be used to make fraudulent purchases".

For online customer service, they preferably work with third parties in call centers, either based here in Ireland or in other countries, employing mostly foreign workers. That trend is now repeating in phone shops here as well.

For Irish customers this means: the data you gave to the service provider when you opened your account, that service provider has no longer any control of who is actually looking at or what may be happening to the data that you are supplying to the customer service agents in these centers regardless of any contractual agreements.

The minute you call you must allow them to open up your accounts.

For instance if you ring a bank, the customer service agent on the phone: within minutes of speaking to you, they have, your name, address, phone number, date of birth and other information and access to your bank accounts, personal, business and financial information.

You set up your account in good faith and expect your data to be protected as is stated in data protection laws. This data should only be shared with the actual staff of the service provider, and even at that only a limited amount of people employed by that service provider should have access to that data so you can trace back any possible data breaches to those staff members. Your private and financial data must be protected under their internal privacy policies, that is the law, your legal right.

Diploma in GDPR

I have a diploma in GDPR and nowhere does it state in law that when you sign a contract with a service provider or any other company that you are obliged or should be forced to hand over your personal or financial information to third party companies, service provider, or service agents in call centers or in shops.

Call Centers

The information you gave to the service provider when you signed up for your account is now, probably in the hands of a third party company, but this is your very sensitive private information and deserves to be protected at all costs.

Under the present system the service providers have become emotionally, personally and physically devoid of any responsibility for the data they have just handed over to these third parties. If they had their own customer service agents employed they would have to take responsibility and protect your data. If they can't protect your data they should not be issuing contracts and collecting data, in fact they should not be allowed to trade at all.

Further to that if they trade within the borders of our country, even though they may be trading globally, they have an obligation to abide by our data protection laws in Ireland.

Vodafone: Call Center In India

A person in a Vodafone shop told me, "their call center is in India". If this is true, when you call the customer service center you are giving all your personal information to some customer service agent in India.

When did giving all your personal information to someone in India, or anywhere else in the world become part of a phone contract that you had to sign.

Staff from all over the world employed in phone shops in Ireland. Our Data Exposed.

You could call into a phone shop for a query about your account or to buy a phone, and the person in that shop will open up your account, almost instantly for you on their computer.

Most of these phone shops, I believe, are not owned by the service providers and are privately owned and managed.

There is no privacy, the amount of information the shop assistance has in front of them on the screen is exposing customers private, personal or business information, it is unbelievable, this is so dangerous.

How do we know what is happening to our data?

There was a report a few weeks back on RTE, Prime Time, about "Bad Actors" working in the tech industry in Ireland from North Korea to send money back to fund its North Korean Nuclear program. How many people from countries around the world are working in call centers or shops with access to our personal and financial information? This information is just being handed over to them every time a person in Ireland phones a call center or visits a shop.

Giving access to our sensitive private information could cause serious harm to an individual or business: identity theft, website hacking, business break-ins or scammers and so on.

This is just so dangerous for customers of these service providers. It is just too dangerous to be giving that much information to a person who I might add, does not have to even identify themselves to you in a call center.

Won't give you my name for DATA PROTECTION

If you ask their name, you are denied this information you are told it is for their Data Protection. But you have no data protection because they now have all your data in front of them on a computer screen but you cannot get the name of that person.

For their data protection but you have no protection.

Retention of recordings for quality and training purposes.

Some companies tell you they are recording the conversation for quality and training purposes. There is so much private information in these phone calls, who has access to that information, what is it being used for, how long are they keeping your information on file?

There is usually a transcript to accompany the call as well. If a customer service agent say this to you, tell them you have no problem with that as long as they email you a copy of the call and the script as well. You are entitled to know the data they have on file belong to you or how long they intend to keep it on file.

For any company to use your data for training or any other purposes is, I believe, is a personal data breach. This statement is based on the fact that the owners of these corporate businesses are commercially trading companies and if they are using your data to further their companies profits, your data is being used like any other tool in their business to create profit.

Customers who are not employees have no obligation to train service providers staff. If they want to use your call information for training or quality purposed you are entitled to be paid. It is your voice and words they are using to make profit for their business. They don't usually ask your permission, they tell you they are doing this for quality and training purposes and if you refuse, usually they will not deal with your query and will cut you off. You may hear this message while on hold and have no choice but to accept it or hang up.

Ask your service provider for the information they have stored and who has access to that information. 

Even with providers entering into contractual arrangements with third party companies the security and privacy here COULD NOT POSSIBLY BE GUARANTEED.

If data is stolen or sold, who is responsible to the customer? The service provider has allowed access to your data to third parties in call centers or phone shop owners, this automatically brings more privacy issues for the customer as the customer has now maybe hundreds of different companies with different privacy policies to deal with.

If a data breach occurs as a result of this data sharing in Ireland or in a different jurisdiction or country what would be the chances of you every being able to find or pursue the guilty party? How could you even trace it?

Is your data being used to train machine learning AI systems?

We urgently need to have a serious look at data privacy in Ireland.

Useful Link:

https://www.telegraph.co.uk/news/2024/03/11/britain-fbi-lead-global-call-centre-scam-crackdown-interpol/