Even modern life, with its greater immediacy, better efficiency and wide access, can be incredibly frustrating. As if remembering a vault full of different passwords isn’t difficult enough, when we do finally get a chance to speak to a human being, often on the end of the phone, we are faced with a barrage of security questions that seemingly are only asked to try our patience. In reality of course, they are there to protect you and your personal information and here’s why:
The Data Protection Act
The DPA or The Data Protection Act, to give it its full title, gives you the right to know what information is held about you. It sets out rules to make sure that this information is handled properly and governs how 123-reg and every other company in the UK can react to your queries.
Guided by European law, the DPA is based upon 8 principles which in summary are:
- Personal data shall be processed fairly and lawfully.
- Personal data shall be obtained only for one or more specified and lawful purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
It applies to everybody
The principles are designed to ensure that 1) the information held about you is accurate, 2) the information is held only used in defined ways and 3) the information is protected and only shared with and accessible to authorised persons, this is where the need for the security questions arises. Whether that is with 123-reg, your bank or within your own organisation.
The regulation of data protection in the UK is carried out by the Information Commissioner’s Officer (ICO) and individual firms are registered on their databases for specific information processing.What this all means is that in order to share information about your account – that’s even to acknowledging what services you have listed etc. – we need to make sure that you are the account holder or have clear, authorisation to act on behalf of the account holder. So we need to go through our security checks, each and every time we talk to you. It’s not that we want to be difficult and it’s not because we don’t believe you, it’s just a necessity we have to follow each and every time. It’s not us setting the rules, it’s the laws of the land and the fact that we apply the rules is only there to protect your interests. We are sure you could do without the added of headache of worrying about somebody else being able to use or make changes to your account without your authorisation so have to be clear and accurate on how we confirm the identity of people we speak to in relation to accounts.
Keep your own information up to date
We recommend you make sure on a regular basis that we hold up to date information on you too. You can do this via the Account Management feature when you are logged in to your 123-reg Control Panel . This article explains how
Our aim is to be as helpful as possible within the law and if you find yourself unable to login to your 123-reg account, again the DPA guides what we do and how we do it. We can only provide information about an account once we have been able to satisfy certain criteria in respect of your security and even if you no longer have access to the email address linked to your account, we can help as this article explains.
So our ream of questions each time you come through to our call centre staff is only there to ensure we keep your security to max. Our staff are trained to ensure they collect this information as efficiently as possibly whilst complying with all our obligations under the law, in order that they can get to helping resolve your query as quickly as possible. Please respect their need to ask what we know can seem trivial questions, so that we can make sure we continue to give you the best service possible.
Are you registered?
Finally, a word of warning. If you are running an online business it is almost certain that you will also need to register with the ICO to stay compliant with the DPA for your own business. Just holding a customer database, or even a potential customer database, or perhaps a list of competitors, would trigger a need to register your business. It doesn’t need to be on a computer either, paper records also impose obligations. If in doubt, check here with the ICO via their online self-assessment quiz. It’s not expensive – unless you don’t register and then it can be. For most businesses it is only £35 per year. If you have a turnover of £25.9 million and more than 249 members of staff or you are a public authority with more than 249 members of staff then the fee is £500.
Registration isn’t onerous either. The ICO have a long list of templates covering a wide range of types of business and organisation, so you just need to make sure you choose your relevant templates and then make sure all your data collection, processing and uses are covered within them.