Reading a thread on the other place, from auscorp and people being fired for accessing data they shouldn’t. Man, why? Like, firstly, the Privacy Act is really fucking strict, and is drilled in during training, with excerpts used in the e-learning and whatnot. Secondly, one user states their ex-colleague looked up the CEOs account for the bank they worked at lol, so so so dumb 😭
Reminded me of when I worked at one of the energy companies, and we heard Hugh Jackman had an account with us. We were told, so extremely explicitly, not to access it at all, don’t even think of accessing it, he has an account manager so we mere phone monkeys have no reason to check it out and we’ll be fired if we do.
Nek minit, my colleague left her brain cells at home and did the dumb. 😂 She was fired so fast time stopped for her 😂
Yeah, I remember years back someone phone up a radio station saying that a well known celebrity claimed their cosmetic surgery as medical procedures. It’s like dumbass, someone will recognise your voice.
The level of entitlement to know people’s personal information is mind boggling.
It’s so stupid and audacious 😭 like, the company will have ways to find whether you accessed data in good faith, and will kick you to the curb if you didn’t note the account with a good reason as to why it was accessed. People have been seriously injured and died from assholed accessing data to find where they live. It’s protection that should never be violated.
Like, we were even told not to access our own accounts, or accounts of people we know. If we got a call from someone we knew, we had to transfer it to a different consultant.
Like, what goes through these people’s heads that they think they won’t be caught and sacked? I don’t get it 😭
I realise this is a controversial opinion, but tbh I reckon some of the blame for these kind of things needs to rest on the company, too. The principle of least privilege should always be used where possible. If you don’t need to access information, you really shouldn’t even have the option, at least not without either the client/customer’s approval, or a managers authorisation
Humans are curious things, it’s bounds to happen. Firing people after it does is a reactionary response, not a preventative one. And prevention is better than cure, especially when it comes to personal information
(My perspective comes mostly from being in care, because pretty much every single piece of information about me, including things often said in confidence, lives in a little grey box with no transparency about what goes on or who has access. And there have been data breaches in the past, where people from certain organisations managed to gain access to the files for clients within completely separate organisations, with multiple instances of support workers using that access to do terrible things. I wasn’t involved in that, and have never even worked with that organisation, but it’s still something that used to play on my mind a lot and made me quite upset and worried. I realise that my views are probably a little OTT for certain industries that handle less confidential information, but that are still covered under the privacy Act. I still believe all systems handling PII should always use the principle of least privilege and fail safe, though)
The principle of least privilege should always be used where possible. If you don’t need to access information, you really shouldn’t even have the option, at least not without either the client/customer’s approval, or a managers authorisation
Nice idea in theory, but imagine you had a bank or energy account and had to call customer service. If the agent has to get approval to access every account, that would be so, so time consuming, the company wouldn’t have clients/customers. There isn’t enough managers on the floor or available for that to be feasible. So they drill into us phone monkeys that we are not to access that kind of data (celebrities, people we know). The authorisation to access comes from the customer calling in, and asking for an action or info on their account. This is also why, in the back end, everything is logged: the date and time, which agent, whether a note was left, what the interaction was for, etc. We are told, over and over, not to do it, with Privacy Act citations.
Besides, there are preventions in place. Example: I was trained, at one point, to deal with only residential customers. I could not access Small-to-Medium business accounts, nor Large Business accounts. When I was promoted, that’s when further training was provided and my access upgraded. Again, everything is logged, and every phone monkey KNOWS it’s illegal to access that info without a customer asking, or without a manager asking. I had to access Large Business accounts without a customer telling me to, because I was doing remittance. I’m talking over $1m in one payment from one company.
The phone monkeys know it’s wrong without authorisation. I promise you they KNOW. It’s on them at that point and they should expect at least a firing, if not legal action.
If the agent has to get approval to access every account, that would be so, so time consuming, the company wouldn’t have clients/customers. There isn’t enough managers on the floor or available for that to be feasible.
Some other call centres request authorisation through the caller in the form of an OTP, which doesn’t seem like a bad system. Or some banks still require phone banking passwords (although I believe they’re mostly about protecting the bank from the liability of somebody impersonating a customer, I don’t think that is required to access files. It should be though)
Bit rude. I’m allowed to have opinions on how I believe companies should handle my personal information. If you don’t think companies should have any semblance of accountability for how they process and treat personal information because it would slightly inconvenience you, that’s fine, but you don’t get to stop me from sharing my opinions.
Reading a thread on the other place, from auscorp and people being fired for accessing data they shouldn’t. Man, why? Like, firstly, the Privacy Act is really fucking strict, and is drilled in during training, with excerpts used in the e-learning and whatnot. Secondly, one user states their ex-colleague looked up the CEOs account for the bank they worked at lol, so so so dumb 😭
Reminded me of when I worked at one of the energy companies, and we heard Hugh Jackman had an account with us. We were told, so extremely explicitly, not to access it at all, don’t even think of accessing it, he has an account manager so we mere phone monkeys have no reason to check it out and we’ll be fired if we do.
Nek minit, my colleague left her brain cells at home and did the dumb. 😂 She was fired so fast time stopped for her 😂
Smdh
I found one of Hugh’s early autographs at work the other week. It’s rather timid looking, don’t think he was used to it yet.
Yeah, I remember years back someone phone up a radio station saying that a well known celebrity claimed their cosmetic surgery as medical procedures. It’s like dumbass, someone will recognise your voice.
The level of entitlement to know people’s personal information is mind boggling.
It’s so stupid and audacious 😭 like, the company will have ways to find whether you accessed data in good faith, and will kick you to the curb if you didn’t note the account with a good reason as to why it was accessed. People have been seriously injured and died from assholed accessing data to find where they live. It’s protection that should never be violated.
Like, we were even told not to access our own accounts, or accounts of people we know. If we got a call from someone we knew, we had to transfer it to a different consultant.
Like, what goes through these people’s heads that they think they won’t be caught and sacked? I don’t get it 😭
why would they even mention hugh jackman’s name? 🙄
Ikr stupid on the managers part there 🤦🏼♀️🤦🏼♀️🤦🏼♀️
I realise this is a controversial opinion, but tbh I reckon some of the blame for these kind of things needs to rest on the company, too. The principle of least privilege should always be used where possible. If you don’t need to access information, you really shouldn’t even have the option, at least not without either the client/customer’s approval, or a managers authorisation
Humans are curious things, it’s bounds to happen. Firing people after it does is a reactionary response, not a preventative one. And prevention is better than cure, especially when it comes to personal information
(My perspective comes mostly from being in care, because pretty much every single piece of information about me, including things often said in confidence, lives in a little grey box with no transparency about what goes on or who has access. And there have been data breaches in the past, where people from certain organisations managed to gain access to the files for clients within completely separate organisations, with multiple instances of support workers using that access to do terrible things. I wasn’t involved in that, and have never even worked with that organisation, but it’s still something that used to play on my mind a lot and made me quite upset and worried. I realise that my views are probably a little OTT for certain industries that handle less confidential information, but that are still covered under the privacy Act. I still believe all systems handling PII should always use the principle of least privilege and fail safe, though)
Nice idea in theory, but imagine you had a bank or energy account and had to call customer service. If the agent has to get approval to access every account, that would be so, so time consuming, the company wouldn’t have clients/customers. There isn’t enough managers on the floor or available for that to be feasible. So they drill into us phone monkeys that we are not to access that kind of data (celebrities, people we know). The authorisation to access comes from the customer calling in, and asking for an action or info on their account. This is also why, in the back end, everything is logged: the date and time, which agent, whether a note was left, what the interaction was for, etc. We are told, over and over, not to do it, with Privacy Act citations.
Besides, there are preventions in place. Example: I was trained, at one point, to deal with only residential customers. I could not access Small-to-Medium business accounts, nor Large Business accounts. When I was promoted, that’s when further training was provided and my access upgraded. Again, everything is logged, and every phone monkey KNOWS it’s illegal to access that info without a customer asking, or without a manager asking. I had to access Large Business accounts without a customer telling me to, because I was doing remittance. I’m talking over $1m in one payment from one company.
The phone monkeys know it’s wrong without authorisation. I promise you they KNOW. It’s on them at that point and they should expect at least a firing, if not legal action.
Some other call centres request authorisation through the caller in the form of an OTP, which doesn’t seem like a bad system. Or some banks still require phone banking passwords (although I believe they’re mostly about protecting the bank from the liability of somebody impersonating a customer, I don’t think that is required to access files. It should be though)
When you work in a call centre, let me know, and maybe we can then discuss this.
Bit rude. I’m allowed to have opinions on how I believe companies should handle my personal information. If you don’t think companies should have any semblance of accountability for how they process and treat personal information because it would slightly inconvenience you, that’s fine, but you don’t get to stop me from sharing my opinions.