I had a letter saying that Budget would automatically renew my motor insurance. I didn't want that to happen, so phoned them - well, once I had found a proper number to call, not the 0870 given on the letter.

They asked for name, address and DOB - I refused to confirm DOB as I now consider that to be going beyond what information I should be giving under the Data Protection Act requirements. Just because a sales office's script says to ask for it, does not mean I have to give them it. As far as I am concerned, the DPA is to protect my data, not make it available to any Tom Dick or Harry who asks a question.

Needsless to say, the guy who took the call was then refusing to deal with my call, so I went to supervisor level. Still they insist that I have to give them my DOB. I know they have it on their screen, so I'm not actually protecting my data in this case, but disagree with the 'Big brother' attitude.

Question is - who is right?

I consider that I gave enough info to identify me as being the right person, and will continue to block certain bits of information when speaking to people I do not know.

It isn't actually anything to do with the Data Protection Act per se, it's more to do with taking reasonable steps to ensure that data they have is protected as per the requirements. One of the requirements is that they need to satisfy themselves that they are speaking to the person the data belongs to and a DOB is something that wouldn't be known to many people.

In this instance I'd say they were right to refuse to deal with you, you failed to provide proof of your identity, and as you state they alreday have your date of birth it isn't a case of making data available to any Tom Dick or Harry.

If you don't want to renew with them you have 2 choices, either confrim that in writing and send it to them or ring them up, answer their security questions and advise them you don't want to renew.

To be honest it sounds like you are being a bit petulant over something so trivial, it's not like they don't already have your date of birth anyway

Mossy

Have to agree there, though I do think the agent could possibly have exercised some common sense as well and asked for some other information.

I had a similar situation of a customer's refusal to supply her date of birth. Upon enquiring, it turns out that she was in the company of friends to whom she had fibbed as to her true age! In that case I got her to give the day and year along with some other info.

All the agent wanted to do was confirm that you are who you say you are, or at least cover his back. The person had your date of birth in front of him - he could have told you your date of birth if he so desired.

I admit I do get annoyed with security questions - both when I have to ask them as well as answer. Some companies seem to have no rationale as to DPA.

Thanks for the replies. It does back up my thoughts that it is not a requirement of the DPA that I must give them my DOB, which was the point I was making.

Far too many robots working in call centres, who know no other life than their scripts, which they then insist are gospel and the caller is wrong to decline answering a particular question. I was more annoyed at him insisting that this was against the Data Protection Act than the information istelf being disclosed over the phone.

The agent had already confirmed my full name, address, postcode and their own reference/account number. I just feel that they go way too far with 'security' questions.

Whilst agreeing that they need to know that the caller is the right person to be speaking to, I consider that the DPA is there for my security, not theirs. It's been shown many times that [problematic] can obtain lots of information about a person and if someone really wanted to impersonate me to call and cancel auto-renewal of a policy, they would do...

The problem is this:

Agents are put through the company's internal training program. This will contain a rather basic (and imho poor) translation of DPA. Such agents will be targetted on doing only what is in their training, otherwise they will miss targets, not get bonuses/promotion etc etc.

But yes it is daft imho. I often make calls to organisations on behalf of other people (with their knowledge and consent) o sort problems out by pretending to be the person I am acting for. And it is not that difficult to get hold of people's details.

I remember a couple of particular occasions when in insurance:

1. Different members of the same family calling and claiming to be the insured. I knew damned well that they were different people and raised this with my manager. Her response? "Well if you've done DPA then don't worry because it is them lying". It didn't matter that we knew it was different people and that we had no permission to speak to them. Needless to say, I got a bollocking off the team leader for refusing to speak to the caller.

2. Some clever dick decided that we had to ask security questions every single time we called someone. And I mean EVERY time. I, however, thought a common sense approach was being used and after speaking to a customer, I agreed to check something and call the person back. So I called back about 2 minutes later, finished the conversation - and then then the inevitable rollocking from TL for not asking DPA.

I explained that I had only spoken to them 2 minutes previous and knew it to be the same person. That did not matter. So I thought I would put my common sense approach to a test of their logic. "What then if I had the customer on hold for two minutes? On returning would I need to go ask such questions?" No of course not because it was the same call. So I queried what difference it made whether it was the same call or not - another person could have come on the phone whilst on hold. Answer came their not (except "do as you're told").

3. DPA seemed to go out the window when dealing with any third party (by TP I mean any external company - not claimant). A garage calling to request info was given it simply on the say so that they were from the garage. No questions, no checks and it was accepted. Same with the police as well. I think I was the only person who asked for their collar number, station etc and called back to verify their details.

I simply do not know why companies just give a password or some information more difficult to get hold of. My bank asks me for details of a recent withdrawal which I think would be more than enough, but nooo, they ask for name, postcode, date of birth, password, account type and details of overdraft as well - SEVEN bits of info!

I also do not know why companies ask for first line of address and postcode as two separate bits of info. One can easily be obtained by the other.

I have yet to have a satisfactory rationale for any company's security questions. Yes, they do annoy me as well, but I give them the info they ask for.

"The agent had already confirmed my full name, address, postcode and their own reference/account number. I just feel that they go way too far with 'security' questions. "

This information could have been easily obtained by someone opening your mail (potentially stolen mail). Your Date of Birth however, would not be on their correspondence.

With regards to Data Protection Act, companies must operate a Data Protection Policy- most are to confirm 3 pieces of info, for us- Full Name, 1st line of address & postcode (1 piece), and dat of birth, are typically the questions used.

I understand your frustration, however I dont feel that there is an need for "Far too many robots working in call centres, who know no other life than their scripts, which they then insist are gospel and the caller is wrong to decline answering a particular question"

-these people are doing a job, doing as they are told to do, how they are told to do it.

I don't understand what all the fuss is about. I could understand your concern if they phoned you out of the blue - it would be difficult to tell whether it was a genuine call or a phishing [problem]. However, you say that you called them - not the other way round. Why did you contact them by phone if you don't trust them with your data? You can contact them by writing if you prefer, or by visiting your local Budget branch.

I don't like the suggestion that people who work at insurance companies are all potential crooks who want to steal people's identities or the suggestion that people who work in call centres are robots with no personalities or intelligence.

Where I work, there is a strict vetting procedure - everyone has to go through criminal record checks and you have to provide written evidence of your previous activities (eg work or education) for the last few years before you can even be offered a job. I have no idea what the security is like at Budget though.

So I think the chances of a call center worker stealing your identity/personal data is very low - I've heard that this sort of thing has happened in the past, but security has been tightened a lot in recent years in response to public concern.

Most employees just want to do their jobs, they don't want to cause inconvenience to anyone. You say you thought the Budget staff were awkward, but they probably thought that you were awkward when you refused to answer their questions.

Budget always ask for DOB - even to an insurance company...

Lemon Twist - I have worked at 4 call centers and my experience alas confirms that the vast majority of staff leave their brains at home - and I think the companies wants it that way.

There were a number of problems of identity theft a while ago. One Direct Line staff member was jailed about 7 years ago, but yes, it is now rare.

The problem is the way companies treat their staff. Poor selection procedures, equally poor training by poor "trainers" who have no more idea of insurance than do the people they are supposedly training. Then staff are tied to a script and a prescriptive approach to tasks without them having any knowledge of what they are actually doing or why. Tie that up with companies putting themselves on a very high pedestal and promising excellent customer service that can rarely be delivered and it's no wonder so many customers get p***ed off.

But these organisations seem incapable of being rational. Some call centers banned mobile phones completely on the basis that you could photograph screens and sell the information. However, managers are seen freely walking around the center with mobile phones. It didn't seem to occur to them that all one needed to do was write the information down. Also, managers had mobile phones that they used. Like I said, irrational.

I do believe that the OP was unreasonable and have said so. But companies need to get their act together and stop being so daft.