Tiscali Breech of Data Protection / Set top Boxes

  mugwash 12:31 28 Jul 2008

Thanks to some of the information I discovered in this forum I was able to call Tiscali head office in aim to have an outstanding issue dealt with. I recently migrated from Homechoice to Tiscali [who took them over] and was promised the migration would be smooth with only 1 hour’s interruption to my service. This sadly was not the case; there have been various teething problems that have ticked me off, but what has alarmed me the most is how Tiscali has jeopardised their customers’ privacy by, I believe, breaking the Data protection act. I refer to an incident that occurred earlier this month upon where I tried accessing the HBO channel. I put in my pin which got rejected twice, I then noticed on my TV screen my name had changed from “John” to “Tracy” [names have been changed] I called the tech dept to be told to access an IP or ID number from the digi box and to do so I had a series of buttons to press on my remote control handset. On completion of this I was provided with a pop up menu. I was then asked to access a certain area whilst the tech dept rectified the problem. Whilst on hold I realised I was actually looking at another customers’ personal details. Tracy in fact is a man, he is aged over 18 yrs, I got his DOB, his email address, PIN number, Personal ID number, Homechoice Account number and his Postcode. I reside SW London and he SE London.

When the tech guy returned asking me to reboot my digi box I challenged him with my findings. He apologised and admitted Tiscali customers personal details are stored within the digi boxes when the engineer installs it upon joining. He also said should the box get stolen and recovered by the police they will know who it belongs too. However he did agree the storing of such sensitive information in the digi boxes should not happen. He said my cable that had been unplugged from BT had been put into a different port at Tiscali. [hence the different account details on my screen] and when such migration occurs the cable is cleared of all information that may still be present, but when challenged further over who had my account details [in and beyond the London region] he could not provide the answer nor could he give me a guarantee anyone had not accessed them they way I did via the tech dept and further admitted this occurrence is rare but does happen. This issue dispelled the theory of clearing the cable of sensitive information otherwise I would not have had Tracy’s’ personal details in my possession. My main worry is that although I know I can be trusted not to use the information I obtained for fraudulent purposes there is no guarantees whoever has accessed mine will be as honest as me.

I have to add here this is not the first time another person’s name has appeared on my screen, the first occurrence was back in 2005 6 months after joining Homechoice. An engineer came to deliver my 4th digi box that year to rectify the on going problems I was having. He admitted the boxes that had been previously handed out were in fact reconditioned and not new but assured me the one he was installing was fresh off the production line so I should not have any more issues. I was with Homechoice for nearly 5 yrs until the recent take over and now this happens. Despite calling Tiscali I was only provide with an email address to complain too, neither phone number nor a manager’s name was provided to air my issues which I find disgraceful and certainly inconvenient and unprofessional.

  mugwash 12:32 28 Jul 2008

I emailed the complaints dept on the 23/07/08 at 21.09hrs requesting a receipt. It was opened 6 minutes later but to this day I have not received an acknowledgment either by email, telephone or by letter to the request of wanting a personal appointment with a manager at head office to discuss the breeches I discovered.
I have also contact Ofcom who agreed there is an issue and passed me onto the information commissioners’ office due to the various issues of storing customers’ personal information. The ICO have advised me to go through their complaints procedure which I am cohering too. As of today I obtained Tiscali head office telephone number thanks to this forum [BIG HUGS] and have spoken to a gentlemen who has apologised for my troubles; not only am I receiving one months free subscription for the all other issues I have been laden with [not for the breeches] I have been assured he will be monitoring the email sent as well as all other issues and has asked me to send in my complaint in writing as I will receive an acknowledgment. He also told me all emails received are prioritised as per service level agreement…I hate to think where a breech of data protection act comes on the Tiscali’s list of priorities but if I have not heard from them by early next week I will be getting back to him, in the mean time I will be seeking legal advice from my lawyer. Due to the sensitive nature of my complaint I will keep you guys informed of the progress and I am keen to discover if anyone else has had this happen to them. I know most of the issues aired in this forum are ISP related, but as I have TV, telephone and internet package with Tiscali I figured there maybe others who have experienced the same as me. Many thanks.

  spuds 14:23 28 Jul 2008

Regarding the promise of a months free subscription, I would suggest that you check your next billing information email to see if this promise as been activated!.

  Forum Editor 23:38 28 Jul 2008

this represents a minor breach (not breech) of the data protection legislation, and although it shouldn't have happened it doesn't represent a serious threat to anyone's right to privacy - it was a mistake, and the Data Commissioner's office recognises that mistakes occur.

The Data Commissioner treats breaches seriously when disclosures result in any direct adverse consequences to the individual or individuals concerned, but non-serious breaches happen all the time. The Data Commissioner's office will write to any data controller who is responsible for these minor breaches, and suggest a tightening of company or institutional procedures to prevent further occurrences, and that's usually the end of the matter.

In your case no disclosure of your personal data has occurred, and the person concerned is probably oblivious to the fact that his details were inadvertantly revealed to you. The company has apologised to you, and offered you a subscription-free month. I see no reason why you should be granted an appointment to discuss breaches - you're not the one whose data has been disclosed, and in fact Tiscali would be in further breach if they discussed another person with you.

My suggestion is that you take your free month and the apology and let the matter rest.

  mugwash 02:02 29 Jul 2008

Thanks for pointing out my spelling mistake – although I appreciate the information you have provided I do disagree with letting the matter rest. In today’s society fraudsters can clone one’s identity with what we deem to be the least personal information obtained and there is no clear answer as to how to remedy this as they are always finding new ways whilst keeping one step ahead. One sure avenue for such fraudulent individuals is obtaining personal information from the electoral register and the amount of information I was actually privy to I feel constitutes a potential threat to “Mr. X”

Neither you or I nor Tiscali for that matter can guarantee my details were not disclosed, so although I am none the wiser to this issue there is a high probability they may have been and the fact still remains Tiscali are at fault and need to reassure their customers such incidences do not reoccur. I do agree mistakes happen and the ICO will no doubt point this out along with asking Tiscali to tighten their procedures. As this is not the first time this has happened and it needs to be remedied I disagree with your comment to not being granted an appointment. Why not? After all I am paying for my subscription, I have placed my trust and personal information within this company and have not received what I deem to be a good service, and I have been made privy to another’s personal information which has caused me much concern.

If Tiscali wish to regain some form of professional attribute towards their customers even if it is to be seen as polishing up their image, being granted an appointment will be welcoming and will not only allow me in person to air my grievance regarding the breech in aim they may agree that the storing of personal data in the digi boxes need to be removed, it will also show they are in fact actually listening to what we the consumer have to say instead of us having to put up with sending emails to a complaint department in hope someone will read them and then act accordingly. Obviously the best way forward for Tiscali is to not store sensitive information in the set top boxes – simple! As for their verbal apology “I’m sorry” it is not really good enough as actions speak louder than words hence my request for an appointment.

With regards to the free month subscription that was given due to all other issues I have been having problems with [over billing, poor + slow ISP service, erratic TV service, incorrect migration dates and the changing of my BT / free line rental dates, plus many more]and for the inconvenience caused. I was more than happy they made a gesture of good will and gladly accepted it. I apologise if I gave the impression I gained a free month for the breach however minor it may be.

  Covergirl 12:25 30 Jul 2008

. . . it was a mistake as the FE says and a minor one at that.

After all, what is the likeleyhood of one persons details falling into the wrong hands ? 60 million to one or thereabouts ?

Sorry, but idioms involving mountains and molehills start percolating through my cranium.

  GANDALF <|:-)> 13:18 30 Jul 2008

You need to get a hobby/interest or move on and worry about important things in life. Calling it a 'breach of data protection' is politically correct talk gone mad and an unhealthy belief in your own self-importance.


  Forum Editor 19:41 30 Jul 2008

As I've already suggested, to ask for an appointment over a matter like this is innapropriate, and I certainly wouldn't grant you one. What do you need an appointment for? You've made your point.

Technically, if anyone at Tiscali discussed another person's data with you it would in itself constitute a data protection breach, and I would be astonished if they did it.

My advice is to try to grasp the fact that this was an unfortunate human error - nothing more sinister than that - and move on. Life's too short to make so much of something that really isn't that important.

  mugwash 20:36 30 Jul 2008

My oh my arent we a blood thirsty mob? All i wanted to do was air an issue and ask if other's have encountered the same. I certainly was'nt expecting to stir up the social misfits who demand i get a life and move on...its no wonder you guys are called geeks!

  GANDALF <|:-)> 20:43 30 Jul 2008

You are using the word 'geeks instead of 'realists'.


  bjh 22:00 30 Jul 2008

Anyone who can devote that much effort over such a minor point and can so lose the plot... oh, it beggars belief.

Definition from Urban Dictionary:

1. mugwash

When your superior makes you wash her/his coffee mug. Derogatory for being someone's bitch.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Xiaomi Mi Mix 2 review

What went wrong at the Designs of the Year 2017

iPhone X news: Release date, price, new features & specs

Comment utiliser Live Photos ?