Plusnet customer awarded £500 compensation in County Court

https://community.plus.net/t5/Broadband/No-broadband...

A tale of an OpenReach foul-up, Plusnet inefficiency after which Plusnet tried to deny responsibility by blaming OpenReach. As the OP (shermans) posted:

We have made it clear to them that under the law of agency, every first-year law student learns that a master is liable for the acts of his servant and that they cannot wriggle out of liability for Openreach's negligence.

Blow, useless regulators - if more people took action like this perhaps OpenReach might start to improve - accountants always seem to have the biggest influence in companies!

I've saved that page in case it "disappears"

I've asked the OP for clarification as to whether this ever went to court as the timescales and amount awarded (the claimed £500 + the MCOL fee) suggest that a default judgement was issued either as Plusnet didn't respond or they responded and accepted the claim.

If Plusnet did not respond to the claim, then I hope the OP had the correct legal name for Plusnet and address as it would be very easy for Plusnet to request the judgment to be set aside if he did not (also he wouldn't be able to enforce the claim).

Edited by deleted (Fri 20-Jan-17 16:42:09)

That's certainly a big eye-opener! So often we hear "Not our fault" from many ISPs, and told there is nothing they can do.

As for the Data Protection Act, again so many businesses are way out of order when citing that as a reason for non-helpfulness.

Absolutely bang on.

Well done the Plusnet customer.

The Data Protection Act is much abused by companies and with what appears to be a fairly lax regulator.

In reply to a post by Mac99:

The Data Protection Act is much abused by companies and with what appears to be a fairly lax regulator.

In this case PN were right. Account in Male name (we assume, as never seen a joint BB acc) call answered by female who gives password. In some lines of business that would be enough to get the account fully locked until account holder responds to prove who they are. As could be possible fraud....

What is odd is that after all the fuss. The poster does not want to leave... Smacks of someone who is simply out to make a few £££ along the way.... The excuse "It's to highlight the issue" is laughable. If that was the case, then the regulator is the way forward. Even though they are toothless...

Here's hoping the poster has never made a mistake in their life... Or they could end up on the wrong side of a court case

Yeah it looks like someone who is good with law, but just took advantage of the situation to earn some quick compensation. Fair play.

I expect plusnet didnt bother to defend as it would be wasting money on legal fees.

In reply to a post by JohnR:

In this case PN were right. Account in Male name (we assume, as never seen a joint BB acc) call answered by female who gives password. In some lines of business that would be enough to get the account fully locked until account holder responds to prove who they are. As could be possible fraud....

Utter rot.

Edited by RobertoS (Sat 21-Jan-17 12:34:31)

I wouldn't say it would be a waste of money on legal fees as Plusnet/BT will have their own in-house counsel, so no need to hire an external solicitor.

The version of events also appears to be his interpretation, rather than an objective view.

I would also say that this is someone who is not good with the law for a couple of reasons:

- He initially refers to suing BT Openreach as well as Plusnet, well this wouldn't go far as "BT Openreach" is not a legal entity and he has no service contract with Openreach.
- Then the amount claimed, £500. There is no explanation how he has come up with this amount for being without broadband for 4 days. If there was a hearing, then he would have to explain and give evidence to justify the amount claimed (loss of earnings etc.). Courts in this country very very very rarely award punitive damages, except in very limited cases.

John Lewis broadband (provided by Plusnet) allow additional authorised contacts on the account, so I assume PN can also do that.

In reply to a post by AndyHCZ:

Courts in this country very very very rarely award punitive damages, except in very limited cases.

That was my understanding as well.

In reply to a post by jelv:

Plusnet tried to deny responsibility by blaming OpenReach.

They did the same when I was with them.

Thanks - that's a good read!

In reply to a post by RobertoS:

In reply to a post by JohnR:

In this case PN were right. Account in Male name (we assume, as never seen a joint BB acc) call answered by female who gives password. In some lines of business that would be enough to get the account fully locked until account holder responds to prove who they are. As could be possible fraud....

Utter rot.

So you would be happy for anyone that can give your password to have full access to your account?

Bet you would be 1st in line complaining about lax security.

In reply to a post by JohnR:

What is odd is that after all the fuss. The poster does not want to leave... Smacks of someone who is simply out to make a few £££ along the way.... The excuse "It's to highlight the issue" is laughable. If that was the case, then the regulator is the way forward. Even though they are toothless...

Here's hoping the poster has never made a mistake in their life... Or they could end up on the wrong side of a court case

Why is it odd that he doesnt want to leave? Most people have a natural urge for brand loyalty. Especially if the person isnt that knowledgable in technology. Once they have something setup correctly they try everything to keep it the same.

I think more people need to start complaining like this. It's not really about the fault. It's more about the procedure. A lot of ISP's have a very lazy attitude when it comes to the technical side of customer support.

Making a mistake and being deliberating awkward are two different things.

Your post was utter rot for the simple reason it started with "In this case PN were right.... In some lines of business ...."

It wasn't "some (other) line of business". It was Plusnet's line of business, which is phone and broadband supply.

The Data Protection Act is to prevent misuse or inappropriate disclosure of personal data for reasons other than the declared purpose for which it is gathered.

In this case, the phone call where this citing of the Data Protection Act occurred was made by Plusnet staff, on the line involved. The purpose, to arrange the date for a previously agreed Openreach engineer visit.

The data held by Openreach about the contract holder is name and address, telephone number, bank account number, bank sort code, bank name and maybe bank address. Plus no doubt a credit reference report and certain activity logs required to be kept by law.

None of this data was relevant or would need to be disclosed by Plusnet to the OP's wife. The need for an engineer visit had been agreed. The call was purely to make an appointment, via a responsible person, for when a responsible adult would be present at the premises to admit said engineer. The person answering the phone was clearly such a person, and even more clearly aware of the phone number and address.

The Plusnet staff member must almost certainly have already disclosed the contract holder's name, simply by asking to speak to him. (Oh dear - a breach of the DPA?)

Finally, what possibility of fraud was present?

"In this case".
_{Edit - spelling correction.}

Edited by RobertoS (Sat 21-Jan-17 21:51:10)

It's a pretty clear the OP is not happy with Plusnet and the service provided.

I would say it's highly unusual for an end user to claim negligence/incompetence of a service provider, sue them for a large amount of money and then retain their services.

Plusnet is at the end of the day a very low cost provider and clearly unable to meet the expectations and needs of the OP (in terms of support etc.).

I suspect the concern is not really with a breach of personal information, but more what someone can do if they have access to an account without the permission of the account holder.

What happens if someone books an engineer without the account holder's permission, there is a charge and the account holder says no permission was given for the engineer to be booked?

Or what happens if someone tries to cancel the service without the account holder's permission?

I suspect most support staff at large ISPs won't talk to anyone other than the account holder or those who have permission on the account.

As I pointed out, the call was due to the previous call where from the opening post the visit had been agreed. It was merely a question of arranging the date.

I agree your point about authorisation of possible billing. That is largely covered by the above, and even if not has nothing whatsoever to do with the Data Protection Act or fraud. Which are the aspects JohnR suggested justified Plusnet citing the DPA.

In reply to a post by bowdon:

Why is it odd that he doesnt want to leave? Most people have a natural urge for brand loyalty.

So loyal to the brand that he sue's for their failings..... That is some loyalty....

The fact that they went to the lengths they did (going to court) means a massive amount of unhappiness. Yet you still want to stay.

Strange beasts humans at times....

In reply to a post by RobertoS:

Your post was utter rot for the simple reason it started with "In this case PN were right.... In some lines of business ...."

It wasn't "some (other) line of business". It was Plusnet's line of business, which is phone and broadband supply.

The Data Protection Act is to prevent misuse or inappropriate disclosure of personal data for reasons other than the declared purpose for which it is gathered.

The account is in MR name, So how are plusnet to know that He wants Mrs to know about it.
Or even it is a account that has been created by a 3rd party using someone eles's details.... Yes it does happen.
I take it you have heard of ID theft.

They have also shared a password.... Opps that is a no no to start with. That is supposed to be known to the account holder only.
So a 3rd party giving it should be ringing alarm bells with ANY company.

All plusnet should have done is asked for the account holder. If they were not there then ask to leave a message for them to callback.
Not confirm what the call was about.

I suspect Plusnet staff are trained to talk solely to the account holder or someone who is authorised on the account.

This is certainly backed up by what Chris Parr said in the past - https://community.plus.net/t5/Plusnet-Feedback/Wife-...

None of this has anything to do with the DPA, as Chris points out. I do understand though why some staff might use the DPA as a reason though when a customer grills them about why an unauthorised person cannot book an engineer appointment.

It doesn't quite make sense to me why the Plusnet support staff member would have said they agree to sending out an engineer, but will only book it after 72 hours. Even still, responsibility lies with the account holder as there are fees involved if an appointment is not necessary. There are also scenarios like for example, an unauthorised person books an appointment when no one is at home or forgets to tell the account holder.

Now you are really struggling. Before, I could accept that frontline support are badly trained about the DPA, or in your case perhaps only taught about in with specific reference to financial dealings, so talking rot about it wasn't your fault. Merely a lack of knowledge.

Now it is pure fiction coming out of your head.

Plusnet rang the number. His wife answered. It is to be expected that the caller would say where they were from, particularly if asked. That is normal. So the wife then knows that Plusnet wishes to contact him. Bang! On your version Plusnet have now broken the DPA by allowing someone who is not the account holder to know the requested person is one.

Once she knows it is Plusnet, she also correctly expects it to be to make an appointment for the engineer visit. There is no reason not to proceed.

However, let's assume that when Plusnet rang, he answered the phone, or his wife brought him to it when Plusnet asked for him. The appointment is successfully made. At the appointed date and time an engineer arrives at the premises. The OP isn't there, only his wife.

Oh dear! The engineer needs to deal with the Plusnet account holder because of the Data Protection Act. The engineer cannot reveal that the OP has a broadband account or with which company. They can't even say why they have turned up at the premises. Monty Python could have done a brilliant sketch on this.

At this house, when we moved in it was my wife ordered the gas supply. So the account was in her name. When the central heating needed replacement it stayed on the same account of course, but we also took out a maintenance contract with British Gas.

One time a year or so later, when the annual boiler maintenance was due it was convenient that I rang up to arrange it. The handler refused to make the appointment with me, for the same reason, the Data Protection Act and I wasn't the account holder. Precisely the same drivel in an equivalent situation.

Then came the time when such appointments could be made online. So they are. The information available when logged into the screen far exceeds that needed to make a visit appointment. The Data Protection Act is completely irrelevant in the particular case. If it was relevant, the company lawyers would not allow online access to accounts to be set up.

You work in a specific industry. What happens in that industry if a staff person wishes to ring an account holder? How do you establish that a person of the correct gender answering the phone is the person you wish to speak to if their opening words are the conventional ones, the telephone number? If the person answering is of the wrong gender, how do you get to speak to the right person?

To quote you again, "In this case PN were right ...." No they were not.

In reply to a post by JohnR:

So loyal to the brand that he sue's for their failings..... That is some loyalty....

The fact that they went to the lengths they did (going to court) means a massive amount of unhappiness. Yet you still want to stay.

Strange beasts humans at times....

Maybe Plusnet was his first ISP and he had loyalty to them. It seems like he was doing it to correct procedures rather than punish the ISP. He wanted to make a point.

I'm not saying I would have stayed with them, or you by the sounds of it. But some people are scared/nervous of technology, so once everything is setup they dont want it changed.

This is also why these Switch websites have been created to encourage people to switch providers (of all utilities). Even when they could get cheaper prices most people don't move.

In reply to a post by bowdon:

he was doing it to correct procedures rather than punish the ISP. He wanted to make a point.

Surely taking an ISP to court for £500 is punishing them? I doubt the end user suffered any financial loss even close to that figure.

If broadband/telephone are essential services to you, then chose an ISP with enhanced care packages and highly rated support.

I agree with most of what you say Andy, particularly as to the question as to why the appointment making had to be delayed. One would also expect the possible charges to have been discussed in that original call.

The scenario where there is nobody at the premises at the appointed time applies even if the account holder makes the appointment.

The post you linked to also contains:-

I agree that the majority of the concerns are not actually related to the DPA but down to our own policies on who and how people can contact us about their accounts.

Therein lies the problem, as discussed at length in the containing thread. Which incidentally long predates the collapse of the ticket system and effective absence of a phone response facility.

Two main points arise from that link. The Plusnet policies are too restrictive, in that they appear to be constructed to remove any exercise of common sense from the support staff, which is alarming regarding the quality of staff recruited, and the training needs specifically to make it clear when the DPA is and is not applicable. Which in this case it wasn't.

The latter is a simple matter, taking a few lines of script and maybe three or four minutes discussion. Particularly given the very basic personal information that Plusnet hold about a customer anyway. The contract holder exists, have ordered phone and/or broadband service at the address, the phone number concerned, the contract price and term, and Direct Debit details. Plus now a list of authorised contacts, that isn't apparently publicised as available when signing up.

From the linked thread even having authorised contacts has significant flaws.

In the case of an existing fault report by the OP and the Plusnet commitment to call back to make an appointment, given it wasn't a clearly immature child answering the phone, it was ridiculous that there was any problem at all making the appointment. It wasn't a contract regrade. It wasn't a dispute needing resolution. It was simply agreeing when there would be someone at the premises to allow access.

This is also why these Switch websites have been created to encourage people to switch providers (of all utilities). Even when they could get cheaper prices most people don't move.

And thus further fuel punters desire for cheapness as the ultimate desirable facet of any product .........

... damnation lies this way. [glum]

Wow I should tell my dad. Turns out his fault was due to someone disconnecting him by accident. When they first came out he was told he had to wait 4 days for a cherry picker. And when the second guy came he sorted the problem stating that it was actual problem was at the bottom of the pole and therefore the 4 day wait was unnecessary and the first engineer could of and should of sorted it.

So he was out for well over a week - He should do the same!

In reply to a post by Zarjaz:

And thus further fuel punters desire for cheapness as the ultimate desirable facet of any product .........

Considering the nasty Tories love to financially shaft every punter left, right and centre its no surprise that Joe Public will often look for the cheapest utility provider. Not everyone can afford the likes of AAISP, Sainsburys Energy, Tesco Finest car insurance et al (or have caviar & champagne for breakfast daily).

Edited by deleted (Sun 22-Jan-17 12:07:19)

@Zarjaz, yup.

"A fool is a man who knows the price of everything and the value of nothing". Oscar Wilde.

You're right of course. I well remember having champagne and caviar for breakfast every day for the 13 years Tony & Gordon were in power. People's stupidity, greed and inability to differentiate between price and value has nothing to do with it either. Oh hang on, I was dreaming. Just what does politics have to do with it?

John

In reply to a post by AndyHCZ:

It doesn't quite make sense to me why the Plusnet support staff member would have said they agree to sending out an engineer, but will only book it after 72 hours.

Maybe the OP did not understand what PN said.. And what they really said is it can take 72 hours for a appointment to be made...
Would not be the 1st time someone has misunderstood what they have been told.

Also OP complaining about possible charges. PN do right by informing people of possible charges. Again many people think they are trying to put off calling out OR for the customer. NOT simply advising of possible charges.
But sure as hell if they did not mention these POSSIBLE charges and a customer was charged. The customer would be moaning bucketful's about it.

In reply to a post by RobertoS:

Plusnet rang the number. His wife answered. It is to be expected that the caller would say where they were from, particularly if asked. That is normal. So the wife then knows that Plusnet wishes to contact him. Bang! On your version Plusnet have now broken the DPA by allowing someone who is not the account holder to know the requested person is one.

Once she knows it is Plusnet, she also correctly expects it to be to make an appointment for the engineer visit. There is no reason not to proceed.

So any tom dick or harry can be on the end of the phone... Rep could even have dialed the wrong number and the person on the other end thought it would be fun to play along....

The simple reason NOT to proceed is it is NOT the account holder they are talking too. Unless they have said it is OK to talk to Mrs. And given it is possible that they would not be there to take the call. It would have been a sensible option to have added.

Wonder what would have happened if MRS had simply said cancel the account if the rep had continued with the call...

Have you ever thought of writing fiction for a living?

If you have, I suggest you don't. You'd never get published.

You keep putting forward scenarios to show that Plusnet were right. None of those scenarios applied "In this case".

The thread is not about the Data Protection Act. It is not about fraud. It is about rubbish procedures and incorrect statements by Plusnet staff that the DPA prevented them making an appointment via the OP's wife.

Get over it. Plusnet were wrong. "In this case". How many more times do I need to quote what you said right at the start?

However, it is clear from your history of the customer is always wrong when arguing with a company representative that it is pointless trying to correct your misinforming posts.

Hang on.

it used to be the case that if you rang the landline then it was auto DPA clearance. It's highly unlikely anyone at said address wouldn't know they have phone line and broadband with someone.

I did that thousands of times, never had an issue. It's only inbound where random digits of the password are given, and even then we used to be told didn't matter who it was - if they knew the password they were authorised.

it's no secret I worked there from 2006-2011. So things probably have changed, but you would be a fool to challenge my knowledge of the time, as it was several of the Best Practices of that time period and therefore fact.

Unfortunately, I happen to agree with JohnR here.

It is better for Plusnet to be sure that they are talking to someone authorised to deal with the issue, no matter who made the call and no matter who answers a Plusnet-originated call.

The real thing that PN did wrong, in this aspect of the issue, was to rely on the DPA as a lazy catch-all, even when it is only sometimes true. In this instance, the call likely wouldn't have strayed into something controlled by the DPA ... but it is far too easy for a support bod to continue dealing with an "Oh, hang on, while you're on the phone, can you just tell me ..." question that would stray.

From Plusnet's perspective, it is far better to insist on ensuring the person is authorised at the start of each call. There's no doubt about that.

From an end-user's perspective, sometimes it is better that PN don't deal with an unauthorised user, and sometimes it is better that they do. The problem is in figuring out, for each instance and each unauthorised user, what choice the subscriber would make.

Looking at both views, it is clear there's only one real answer. To check for authority every time.

I fell foul of this a long time ago (the account is in the wife's name). Solution: get her to make me an authorised user. No issue ever since.

To live up to Plusnet's motto of "We do you proud," they could make some simple, but significant changes to the way their support staff deal with issues:

a) When a fault is reported, the PN staff could remind the (already confirmed to be authorised) caller of the restriction, and to check whether anyone should be added;

b) When rejecting someone's involvement, more clearly state that they can only deal with authorised users, and tell them how to become one for future dealings;

c) When rejecting someone, state that the reason is respect for privacy, to guard against fraud, and for some issues that they are regulated on legally such as the DPA.

You're right of course. I well remember having champagne and caviar for breakfast every day for the 13 years Tony & Gordon were in power. People's stupidity, greed and inability to differentiate between price and value has nothing to do with it either. Oh hang on, I was dreaming. Just what does politics have to do with it?

Well said.

In reply to a post by JohnR:

PN do right by informing people of possible charges. Again many people think they are trying to put off calling out OR for the customer.

Based on my experience, a few years back with PlusNet, that is precisely what PN were trying to do!!

Virtually every time I contacted them (on a failed Order Provision) they REFUSED to proceed further until I would acknowledge that that I would potentially accept the charges.

In reply to a post by 23Prince:

I did that thousands of times, never had an issue. It's only inbound where random digits of the password are given, and even then we used to be told didn't matter who it was - if they knew the password they were authorised.

it's no secret I worked there from 2006-2011. So things probably have changed, but you would be a fool to challenge my knowledge of the time, as it was several of the Best Practices of that time period and therefore fact.

So a account in a male name answered by a female, who gave the correct password to the account would see you divulge anything they asked.....
YES. It would appear things have changed a lot since you stopped.... For the better as well.....

Examples of Data Protection Breaches

There are many ways in which you can be in breach of the Data Protection Act, but here are just a selection of examples.

Address logged incorrectly resulting in letter being posted to the wrong address
Personal data disclosed in error via email
Bill sent to previous address in error
Information shared with third party without consent
Providing personal details to a family member without consent
Emails sent out to a number of personal email addresses without using BCC function
Loss of a laptop containing personal data
Email sent to correct person but was not encrypted
Data left in an unsecure area during an office move

So unless the account holder gave consent. Then its a breech.

In reply to a post by RobertoS:

However, it is clear from your history of the customer is always wrong when arguing with a company representative that it is pointless trying to correct your misinforming posts.

Who said anything about wrong....

I said Misunderstood.....

In reply to a post by JohnR:

So a account in a male name answered by a female, who gave the correct password to the account would see you divulge anything they asked.....

All invented scenarios. An agent calling to make an appointment for an engineer can easily, politely, courteously reply that they are not able to do anything but make appointments at the moment. That they are not allowed to access any screen that isn't relevant to that.

Wriggle how you like, it was ridiculous that the OP's wife could not make the appointment when called by Plusnet. I've already covered the limited personal information that Plusnet have anyway. Very little of it not obviously already known to the person phoned, and the rest obviously not to be communicated to that person.

Other possible scenarios that you keep dreaming up are completely irrelevant, as I explained in my second and third replies to you.

YES. It would appear things have changed a lot since you stopped.... For the better as well.....

What a nasty remark.

Examples of Data Protection Breaches

There are many ways in which you can be in breach of the Data Protection Act, but here are just a selection of examples.

Address logged incorrectly resulting in letter being posted to the wrong address
Not relevant

Personal data disclosed in error via email
Not relevant

Bill sent to previous address in error
Not relevant

Information shared with third party without consent
Not relevant

Providing personal details to a family member without consent
Not relevant - or already done by the mere fact of asking for that person

Emails sent out to a number of personal email addresses without using BCC function
Not relevant

Loss of a laptop containing personal data
Not relevant

Email sent to correct person but was not encrypted
Not relevant

Data left in an unsecure area during an office move
Not relevant

So unless the account holder gave consent. Then its a breech.

"Breach". Breeches aren't mentioned in the DPA, as I have pointed out to you before.

There was nothing happening or could happen that would have involved any breach of the DPA. This is not a thread about the DPA itself. This dispute is about its frequent mis-citing by badly trained staff or those who ignore their training and throw it in through stupidity.

In particular, this dispute is about:-

In reply to a post by JohnR:

In this case PN were right.

They were not.

The agent may have been acting as instructed, in which case the instructions need revising, or wasn't, in which case needs (in Plusnet senior agent terms) a little re-education.

In reply to a post by RobertoS:

You work in a specific industry. What happens in that industry if a staff person wishes to ring an account holder? How do you establish that a person of the correct gender answering the phone is the person you wish to speak to if their opening words are the conventional ones, the telephone number? If the person answering is of the wrong gender, how do you get to speak to the right person?

Maybe you would care to reply to that? With a method that does not breach the DPA simply by being used.

In reply to a post by RobertoS:

In reply to a post by RobertoS:

You work in a specific industry. What happens in that industry if a staff person wishes to ring an account holder? How do you establish that a person of the correct gender answering the phone is the person you wish to speak to if their opening words are the conventional ones, the telephone number? If the person answering is of the wrong gender, how do you get to speak to the right person?

Maybe you would care to reply to that? With a method that does not breach the DPA simply by being used.

Even a child could work that one out...

But to appease you... You simply ask for Mr or Mrs 1st name & surname as required.

So then you are asked (if you haven't said), "Who shall I say is on the line?". Or similar.

Regarding the engineer approval to me its clear why plusnet required the account holder.

Given they made a threat of charges for the engineer, it means approving an engineer is also approving the charges, typically things that will add charges to an account require the account holder.

For reference whenever an isp threatens me with charges I agree on the provision that the engineer does adequate testing to prove the fault is not within openreach's network. Since engineer's very rarely do that (no a voice compliance test is not adequate) then I have talked myself out of charges, the operator on the phone has always approved of my terms and I get the callouts. Never once have I actually been charged.

Just read this for the first time and something is jumping out at me that doesn't seem to have been covered.

When PlusNet rang and Mrs answered they could probably tell the person was not a man. Even if they couldn't they presumably should say something like "This is PlusNet, I need to speak to Mr please". At that point Mrs would say Mr is not available.

So, how did it get to a point where PlusNet asked the password of a person that they would not deal with anyway? Before asking for the password they should already have ascertained it was not the account holder and therefore left a message or agreed to ring back at another time.

The fact they asked for the password would suggest that the password carried some special weight irrelevant of who they were talking to.

The other thing I would add is that if I had a call from a supplier and they asked for my password to prove who I was I would refuse. That is because they will have done nothing to prove who they were so I would not give out my password to an unverified caller. At that point I would refuse the password and tell them I would call back on a known number.

I don't think the story is 100% correct as Plusnet don't ask for a password (or at least they never did with me), they ask for certain characters of a password.

I wonder also what staff members can see themselves until the password characters are verified.

Edited by deleted (Mon 23-Jan-17 10:47:20)

That is a little better but it still begs the question - why ask the password at all if the person answering the phone is clearly not someone they are permitted to talk to. You establish you are talking to the account holder and then ask for the characters from the password - you don't ask for it then decide the person is not someone you can discuss the account with.

While I was there I believe staff could see the whole password - not good.

When the OP says what he did about the password I assumed that was simply shorthand for the long-winded version of saying his wife was able to supply the requested characters of the password.

The whole episode was quite ridiculous, but I'm fed up with arguing . I did also ask earlier about how the caller manages not to reveal the name of the company calling and possibly the reason for the call - standard information for any savvy person receiving a call for someone else to request before summoning the person.

According to JohnR that in itself breaches the DPA because it reveals that the person requested has some relationship with, in particular in this case is a customer of the calling company. I haven't received a reply from him yet .

This is the JohnR who has adamantly argued in the past it is perfectly reasonable for a bank to call, with number withheld, a customer and ask for security question replies before continuing. Refusing to continue if the customer refuses to answer these questions without prior answers to reverse questions such as details of transactions or some specific direct debit details which prove the caller does have access to the account. (The caller already having access means answering the security questions is safe).

For instance in my case I could ask how much I transfer monthly by standing order from one account to another.

You are going off topic and getting personal again.

You seem to have issue's when I post and its getting beyond a joke now.

So lets leave it at that. as I'm not going to answer any more of your questions that are going off topic.