Want to know your CIV score? Just ask then!
Jul 16, 2013, 7:24 pm
#48
Join Date: Jul 2008
Location: All over the place often South Wales and Lake District
Programs: BA Gold for Life Accor Platinum
Posts: 4,552
The DPA makes no distinction as to whether the data is held on a computer or in a paper filing system.
There is no distinction that some data is more personal than other data.
There is no distinction as to whether the data is of limited use to the recipient or not.
A breach is a breach is a breach.
The casual way the BA staffer handed over the PIL is one of the reasons why the DPA was needed in the first place.
There is no distinction that some data is more personal than other data.
There is no distinction as to whether the data is of limited use to the recipient or not.
A breach is a breach is a breach.
The casual way the BA staffer handed over the PIL is one of the reasons why the DPA was needed in the first place.
I don't know what's got into the forum today. First of all there is a 'Dangerous Lounge " that turns out to be a thread about how a customer asked about boarding time and then thinks it is not his responsibility to check the displays. Now you have this one.
If BA was throwing credit card details into a skip undisguised and unshredded, then I'd understand. I stopped using Virgin Wines because I found out during a call to chase a delivery that my card details weren't kept locked away at all.
There's plenty going on in the world to make a drama out of. We don't need to look for it.
Jul 16, 2013, 7:51 pm
#49
Join Date: May 2012
Location: ATL
Programs: BA Gold
Posts: 200
+1. Either some people like to spend their time trolling or they are clearly far too sensitive for their own good. Either way, I'd question if this is a productive way for anyone to spend their time: This is exactly what puts people off contributing to internet fora.
For the record, if I'm on a flight and anyone reading this wants to look at my passenger details on the manifest, knock yourselves out. You could almost certainly find out more information by just sitting nearby and watching me for 5 minutes.
(If you do sit near me and observe my movements, keep it subtle, eh?
)
For the record, if I'm on a flight and anyone reading this wants to look at my passenger details on the manifest, knock yourselves out. You could almost certainly find out more information by just sitting nearby and watching me for 5 minutes.
(If you do sit near me and observe my movements, keep it subtle, eh?
)
Jul 16, 2013, 8:52 pm
#50
Moderator: British Airways Executive Club
Join Date: Nov 2010
Location: TPA/ABZ
Programs: BA Lifetime Gold. GGL/CCR.
Posts: 13,252
If someone wants their information to be made public, they will post it on Facebook or Twitter at their own will and under their own steam.
If they undertake a transaction with a commercial entity, then there is an implied expectation of privacy, and in the case of an airline an expectation of security and safety. What if there was some high-profile individual on board, and the drunken people decided they didn't like them for political or whatever reasons and would go for some air rage ? (not saying it was the case in this particular situation, just speaking in general).
As BA staffers who have posted on this thread have pointed out, it was a big no no on the part of the cabin crew member. That sort of behaviour absolutely cannot be condoned, and if it were not for the wonders of employment law requiring disciplinary hearings, should be a sackable offence. Data Protection needs to be taken seriously and dealt with in the most severe terms when breaches are made. It is disgraceful, despicable and deeply unprofessional behaviour on the part of the cabin crew member involved.
However, as the originator was a FlyerTalk member, they should also have known better than to continue pushing too.
If they undertake a transaction with a commercial entity, then there is an implied expectation of privacy, and in the case of an airline an expectation of security and safety. What if there was some high-profile individual on board, and the drunken people decided they didn't like them for political or whatever reasons and would go for some air rage ? (not saying it was the case in this particular situation, just speaking in general).
As BA staffers who have posted on this thread have pointed out, it was a big no no on the part of the cabin crew member. That sort of behaviour absolutely cannot be condoned, and if it were not for the wonders of employment law requiring disciplinary hearings, should be a sackable offence. Data Protection needs to be taken seriously and dealt with in the most severe terms when breaches are made. It is disgraceful, despicable and deeply unprofessional behaviour on the part of the cabin crew member involved.
However, as the originator was a FlyerTalk member, they should also have known better than to continue pushing too.
Last edited by Prospero; Jul 17, 2013 at 12:50 am Reason: Repair quotation
Jul 16, 2013, 10:49 pm
#51
Join Date: May 2013
Location: YYZ/YTZ/YUL
Programs: BA Gold, TK Elite
Posts: 1,558
I think you understand very well.
You knew very well the only place the CIV could be found was on the PIL.
You saw the crew member was unable to find your value for you.
You continued to push, knowing what the likely result was.
Sure the crew member should have refused, and I hope some other crew member saw what happened and that the offending crew member will be made subject to a thorough disciplinary hearing and retraining. However you should not have encouraged the behavour, and you should not have accepted the document when offered to you.
You knew very well the only place the CIV could be found was on the PIL.
You saw the crew member was unable to find your value for you.
You continued to push, knowing what the likely result was.
Sure the crew member should have refused, and I hope some other crew member saw what happened and that the offending crew member will be made subject to a thorough disciplinary hearing and retraining. However you should not have encouraged the behavour, and you should not have accepted the document when offered to you.
In your post you seemed to suggest that the OP did something illegal / morally reprehensible by asking for his CIV score and/or looking at the manifest that was offered to him. I don't understand why you think this is the case, and that's what I was questioning in my response to your post.
Jul 17, 2013, 12:00 am
#52
Join Date: Aug 2010
Location: London Stratford, E7
Programs: BAEC Gold! Thanks to FT
Posts: 3,382
As other people have mentioned, a breach of the DPA is a breach, you don't get big or small breaches.
Scenario.. bank to customer... oh we didn't tell the nice old lady any of your account details or any private information like that we only said you had banked with us for 20 years.
End result... nice old lady is ex wife of bank customer, who goes to her solicitor and says that her ex husband has maintained a bank account with ABC Bank for 20 years. Silicitor ensures that this bank account is included in divorce settlement..... but of course it was only a tiny breach of the DPA.....
Scenario.. bank to customer... oh we didn't tell the nice old lady any of your account details or any private information like that we only said you had banked with us for 20 years.
End result... nice old lady is ex wife of bank customer, who goes to her solicitor and says that her ex husband has maintained a bank account with ABC Bank for 20 years. Silicitor ensures that this bank account is included in divorce settlement..... but of course it was only a tiny breach of the DPA.....
Jul 17, 2013, 12:23 am
#53
Join Date: Jul 2012
Location: London
Programs: BAEC GCH, CXMP Gold, Amex Plat, HH Gold, Accor Plat, SPG Gold, Carlson Gold
Posts: 1,106
I couldn't agree more. Maybe it's the hot weather, but tempers seem to be flaring on various threads.
Can't we all just get along? We're a group of intelligent people who share many of the same passions in life. Our intelligence, varied upbringings, varied life's mean we all have different opinions. But that doesn't mean mine is more or less valid than anyone else's.
We all act in a very decent manner when we meet for DO's so why not mirror that on this board?
Can't we all just get along? We're a group of intelligent people who share many of the same passions in life. Our intelligence, varied upbringings, varied life's mean we all have different opinions. But that doesn't mean mine is more or less valid than anyone else's.
We all act in a very decent manner when we meet for DO's so why not mirror that on this board?
Jul 17, 2013, 12:43 am
#54
Suspended
Join Date: Jul 2007
Posts: 4,477
Please explain how the passenger manifest is a "relevant filing system" within the meaning of section 1 (1) of the Data Protection Act, 1998.
Also, there is in fact a distinction between sensitive personal data and other personal data.
The UK does not need more people to throw around the Data Protection Act without understanding it.
Also, there is in fact a distinction between sensitive personal data and other personal data.
The UK does not need more people to throw around the Data Protection Act without understanding it.
A name with a third-party rating is not confidential data. Only if the third-party (BA) considers its rating (CIV) as private matter and not willing to publisize, then it is the third party's responsibility to pursue the protection of data.
Jul 17, 2013, 12:45 am
#55
Join Date: Mar 2011
Programs: MUCCI
Posts: 833
What a load of nonsense !
It is data associated with a name. It is therefore personally identifiable information. It is therefore 100% covered by the Data Protection Act.
The passenger manifest is confidential information, end of story. This has been confirmed by the many BA staffers who posted on this thread, and this will be readily confirmed by BA's data controller were you to ask them !
So both the passenger names and the associated data about their CIV scores, meal preferences etc. is all covered by the Data Protection Act.
Stop trying to make up silly excuses to justify the despicable and disgraceful actions of the cabin crew member.
It is data associated with a name. It is therefore personally identifiable information. It is therefore 100% covered by the Data Protection Act.
The passenger manifest is confidential information, end of story. This has been confirmed by the many BA staffers who posted on this thread, and this will be readily confirmed by BA's data controller were you to ask them !
Personal data means data which relate to a living individual who can be identified –
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
(a) from those data, or
(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,
and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
Stop trying to make up silly excuses to justify the despicable and disgraceful actions of the cabin crew member.
Last edited by Short Final; Jul 17, 2013 at 1:04 am
Jul 17, 2013, 12:47 am
#56
FlyerTalk Evangelist
Join Date: Mar 2008
Location: Netherlands
Programs: KL Platinum; A3 Gold
Posts: 28,750
If this high-profile individual was on board, and mere knowledge of the fact was, as you imply, potentially sufficient provocation, then how was the identity of this passenger going to be concealed from the other passengers that would see and/or interact with him?
That's your interpretation, but it doesn't mean it's right. The OP asked, clearly expecting just to be given the answer verbally. That the staff member (staffer is an American term) did not or would not know where to find the CIV score was not anticipated. And by telling the staff member where to look, the OP would have expected the staff member to do just that - look, then tell.
Jul 17, 2013, 12:55 am
#57
Join Date: Mar 2011
Programs: MUCCI
Posts: 833
Is that the most likely negative outcome?
If this high-profile individual was on board, and mere knowledge of the fact was, as you imply, potentially sufficient provocation, then how was the identity of this passenger going to be concealed from the other passengers that would see and/or interact with him?
If this high-profile individual was on board, and mere knowledge of the fact was, as you imply, potentially sufficient provocation, then how was the identity of this passenger going to be concealed from the other passengers that would see and/or interact with him?
For example, if the drunkards were in J and the individual being targeted was in F .... they would not necessarily know of their presence were it not for seeing the manifest. Same if the drunkards were in lower J and the person targeted in upper J.
There are many potential negative outcomes, I just quoted one, I think that was fairly obvious that I was quoting an example scenario (I think I even made it clear it was just one example scenario in my original post) !
Jul 17, 2013, 1:02 am
#58
Join Date: Jul 2011
Programs: Mucci de la Cuisine Aérienne du Réseau Courte Durée de British Airways
Posts: 4,704
Why don't we all agree that this was wrong and a breach of the Data Protection Law but unless the OP is going to identify the flight and crew member concerned there really is nothing that BA can do about this incident.
Hopefully the OP only looked at his own name and therefore did not notice the names of any other passengers and therefore no harm,in this particular incident, will have happened. As mentioned by others the list really only contains names but of course it is important that this is not shared with all and sundry.
As I mentioned earlier, we sit a Data Protection test every year and hopefully this crew member will be refreshed soon and realise the error of her ways.
Hopefully the OP only looked at his own name and therefore did not notice the names of any other passengers and therefore no harm,in this particular incident, will have happened. As mentioned by others the list really only contains names but of course it is important that this is not shared with all and sundry.
As I mentioned earlier, we sit a Data Protection test every year and hopefully this crew member will be refreshed soon and realise the error of her ways.
Jul 17, 2013, 1:11 am
#59
Join Date: Mar 2011
Programs: MUCCI
Posts: 833
