There is a very worrying trend of employees stealing data from their workplaces in order to engage personal contact with a customer. More often than not, it is an employee stealing a customer’s mobile phone number and then contacting the customer to “make friends” or try and pursue a romantic interest in the victim.
Clearly, this is wrong.
How will this worrying trend be stopped, and what can victims do if they are contacted by people who have stolen their contact information from a workplace?
In a recent example, a customer of takeaway firm JustEat provided her telephone number to the company as part of her online order. Having had her meal delivered, she started receiving Whatsapp messages from an unknown person who turned out to be the takeaway delivery driver.
When she later tried to lodge a complaint with the company, she was informed that JustEat reportedly do not have a complaints department, and was offered a £56 voucher for her “inconvenience”.
This is just one incident of many, where a worrying trend is leading to people becoming data breach victims by the selfish acts of sometimes predatory employees or agents.
What can you do?
It’s a difficult one, because people ought to know that they have no right at all to steal something like a telephone number of a customer in order to pursue a personal interest in them.
Most organisations should have some form of basic data protection training that you would think covers the fact it is not allowed to engage in such behaviour.
These employees and agents are likely knowingly going beyond the realms of their employment, and unless a person has a history of such behaviour, it can be hard for an employer to stop a sudden occurrence of it happening.
Clearly, it is absolutely unacceptable, and following the story referenced above, a deluge of victims who have had similar experiences came forward as well. We ourselves have been contacted on numerous occasions by people who have been contacted by employees or agents who have stolen their contact details from an employer or intermediary to try and engage in personal relations with them.
Everyone has the right to data privacy and safeguarding, yet there is clearly somewhat of a pandemic of people being contacted through the use of stolen contact information. The Information Commissioner’s Office (ICO) can punish individuals for data protection breaches with fines and prosecutions, so a sensible step forward may be to increase the severity of punishments as the deterrent to such occurrences happening again, and ensure more awareness is raised.
Having helped and advised people who have been on the end of these breaches, we know how disturbing and worrying it can be for the victim to know that their right to privacy has been abused in such a way. Training staff and agents on why this is not OK at all, and what consequences they can face, should be mandatory for all organisations.