Does data privacy equal no common sense?
Aug 18, 2022, 6:10 am
#16
Original Poster
Join Date: Apr 2007
Location: Anywhere
Posts: 6,576
This is where SQ is miles ahead of BA. Its system immediately recognizes the phone number from which you're calling against your Krisflyer profile, and prompts you to key in your 6-digit Krisflyer PIN. No more spending close to a minute authenticating yourself once an agent picks up.
Aug 18, 2022, 6:14 am
#17
Moderator, Iberia Airlines, Airport Lounges, and Ambassador, British Airways Executive Club
Join Date: Feb 2010
Programs: BA Lifetime Gold; Flying Blue Life Platinum; LH Sen.; Hilton Diamond; Kemal Kebabs Prized Customer
Posts: 63,803
This is where SQ is miles ahead of BA. Its system immediately recognizes the phone number from which you're calling against your Krisflyer profile, and prompts you to key in your 6-digit Krisflyer PIN. No more spending close to a minute authenticating yourself once an agent picks up.
Aug 18, 2022, 6:21 am
#18
FlyerTalk Evangelist
Join Date: Mar 2014
Location: 4éme
Posts: 12,038
But surely, if someone audits the call, the agent could “link” the current conversation to a previous one, furthermore it would’ve been obvious from the conversation itself that it’s a continuation of a conversation between the same people within a short space of time.
Aug 18, 2022, 6:30 am
#20
Community Director
Join Date: Jan 2009
Location: Norwich, UK
Programs: A3*G, BA Gold, BD Gold (in memoriam), IHG Diamond Ambassador
Posts: 8,476
As has been said, you will finding this level of checking to be commonplace across the UK & EU. Try ringing a credit card company, where you need to be transferred through to another person or department - despite the fact you're on the same call, none of the authorities transfers and you will be put through re-screening.
We live in a very different cyber world to even five years ago, and scammers are ever more clever. The companies are already chasing their tails, so don't expect this to get any better anytime soon - it's an inconvenience we have to live with to protect ourselves. I'm sure we'd all be less than delighted if our entire stash of Avios suddenly disappeared because it was easier for a bad guy or gal to impersonate us, hence why there are these tollgates that have to be passed each time.
We live in a very different cyber world to even five years ago, and scammers are ever more clever. The companies are already chasing their tails, so don't expect this to get any better anytime soon - it's an inconvenience we have to live with to protect ourselves. I'm sure we'd all be less than delighted if our entire stash of Avios suddenly disappeared because it was easier for a bad guy or gal to impersonate us, hence why there are these tollgates that have to be passed each time.
Aug 18, 2022, 6:36 am
#21
Join Date: Jul 2006
Location: Glasgow, UK
Programs: BA, UA, Marriot
Posts: 2,196
I had a call from Scottish Power asking me if I was interested in getting a smart meter installed. I was happy to say yes until they asked me to divulge my full name, address, email address and best of all the phone number that they had just called so that they could make the appointment to come and install. I wasn't particularly interested in doing so to someone who had called me, so declined the "opportunity" and suggested that they find a solution that I was comfortable with if they wanted to do the installation. It's several months later and they've yet to come back to me.
Aug 18, 2022, 7:06 am
#22
FlyerTalk Evangelist, Ambassador, British Airways Executive Club
Join Date: Jun 2008
Location: Somewhere between 0 and 13,000 metres high
Programs: AF/KL Life Plat, BA GGL+GfL, ALL Plat, Hilton Diam, Marriott Gold, blablablah, etc
Posts: 30,528
The whole point of data protection legislation is to not be able to use the excuse of common sense to justify breaches.
it maybe common sense that your wife might need to know on which flight you are as the taxi has just asked; but then equally, she might just be suspecting you flew away with your mistress and planned to trap you.
it maybe common sense that plenty of ggl agents recognise my voice be it every time or after a few minutes, but then someone could easily be impersonating me and my brother almost has the same voice as me.
it may be common sense that your Secretary is trying to change your ticket but equally she might not be your secretary or she might want to change your ticket against your will or extract information you didn’t want her to have or you may be James Bond and she is a Spectre agent who knows.
data protection is about legal obligation. Ba does not have discretion on when to respect or not to respect those obligations and thus cannot transfer such protection to its agents.
it’s a bit like wanting your taxi driver to go at the red light because you are in a hurry and can see that there is no pedestrian, bike, or other car around. It’s irrelevant : it is still a red light, and it is not for them or you to decide which red lights have to be respected or not.
it maybe common sense that your wife might need to know on which flight you are as the taxi has just asked; but then equally, she might just be suspecting you flew away with your mistress and planned to trap you.
it maybe common sense that plenty of ggl agents recognise my voice be it every time or after a few minutes, but then someone could easily be impersonating me and my brother almost has the same voice as me.
it may be common sense that your Secretary is trying to change your ticket but equally she might not be your secretary or she might want to change your ticket against your will or extract information you didn’t want her to have or you may be James Bond and she is a Spectre agent who knows.
data protection is about legal obligation. Ba does not have discretion on when to respect or not to respect those obligations and thus cannot transfer such protection to its agents.
it’s a bit like wanting your taxi driver to go at the red light because you are in a hurry and can see that there is no pedestrian, bike, or other car around. It’s irrelevant : it is still a red light, and it is not for them or you to decide which red lights have to be respected or not.
Aug 18, 2022, 7:11 am
#23
Join Date: Jul 2014
Location: WAW ✈ LHR ✈ GLA
Programs: BA GfL/GGL/CCR, HH Diamond, IHG Diamond Ambassador
Posts: 2,500
An observation, and a bit of a rant.
I’ve had several interactions with the GGL helpline in recent weeks.
It’s fair that for every new interaction, I’m asked to confirm my name, BAEC number, email address, first line of my address with postcode, and last 4 digits of my saved credit card and expiry date. After all BA is presumably extra cautious after the data breach incident of some years back.
But there was an occasion, while I was mid-conversation with someone, the line got abruptly terminated, I called back right after and spoke to the SAME person (who recognised me immediately, and was fully aware that the line was dropped barely 2 minutes earlier) - yet she required me to go through the rigmarole of repeating the same verification information.
And on another occasion, after hanging up the phone with another person, I noticed that he had typed my email address for a booking incorrectly (even though my email address was recorded correctly in my BAEC account, and I had earlier confirmed that he should use that for all booking related correspondences). So I immediately called back, and got through to the SAME person, who again recognised me (after all we only just spent the past 40 minutes in a conversation to make the booking). He clearly understood that he’s made a typo error - yet required me to go through the same security verification the second time round before he would correct an error - that he had personally made!
Do operational procedures trump common sense these days?
I’ve had several interactions with the GGL helpline in recent weeks.
It’s fair that for every new interaction, I’m asked to confirm my name, BAEC number, email address, first line of my address with postcode, and last 4 digits of my saved credit card and expiry date. After all BA is presumably extra cautious after the data breach incident of some years back.
But there was an occasion, while I was mid-conversation with someone, the line got abruptly terminated, I called back right after and spoke to the SAME person (who recognised me immediately, and was fully aware that the line was dropped barely 2 minutes earlier) - yet she required me to go through the rigmarole of repeating the same verification information.
And on another occasion, after hanging up the phone with another person, I noticed that he had typed my email address for a booking incorrectly (even though my email address was recorded correctly in my BAEC account, and I had earlier confirmed that he should use that for all booking related correspondences). So I immediately called back, and got through to the SAME person, who again recognised me (after all we only just spent the past 40 minutes in a conversation to make the booking). He clearly understood that he’s made a typo error - yet required me to go through the same security verification the second time round before he would correct an error - that he had personally made!
Do operational procedures trump common sense these days?
BA also does not want to invest in better / more robust system of authentication - I'd happily enter my membership number, then my secret pass code, and then be connected with a right agent - seems to be too much for BA.
Aug 18, 2022, 7:22 am
#24
Join Date: Jul 2014
Location: WAW ✈ LHR ✈ GLA
Programs: BA GfL/GGL/CCR, HH Diamond, IHG Diamond Ambassador
Posts: 2,500
In the end of the day:
* airlines don't keep my cash, just miles - if anything is booked using my miles - this is easily traceable and recoverable
* airlines don't store my credit card information - if they do, it usually requires me to enter CVV number and card number is partially displayed - so not a big deal here, although could be a vector
* malicious person could change my seat, my meal selection - they can still do it knowing my lastname and the PNR - severity of it is minimal
* malicious person could ask to cancel/refund my trip - this is a tricky one - money would go back to the original payment, but reinstating the ticket could be tricky - again my lastname + PNR is just enough...
So to me, having to enter my secret passcode when calling the airline would be good enough security instead of having to recite all my personal details.
Aug 18, 2022, 7:24 am
#25
Join Date: Aug 2014
Posts: 2,659
BA does not understand what their obligations from the GDPR are. My bank asks less questions when I want to speak to them.
BA also does not want to invest in better / more robust system of authentication - I'd happily enter my membership number, then my secret pass code, and then be connected with a right agent - seems to be too much for BA.
BA also does not want to invest in better / more robust system of authentication - I'd happily enter my membership number, then my secret pass code, and then be connected with a right agent - seems to be too much for BA.
Aug 18, 2022, 7:29 am
#26
Join Date: Aug 2014
Posts: 2,659
The data protection song and dance is nonsense. The lesson here is that if you want to modify, cancel or upgrade your cousin's colleagues' sister's former roommate's booking to first class, do it on the web. There you only need PNR and last name.
It's silly that I can't even just ask a general question unrelated to me or a specific booking on something like avios availibility on a given flight without giving a load of silly information. I once had to go through data protection 3 times on the same call: 1. to get the ball rolling and make changes to booking, 2. againwhen I got called back and 3. again on the call back to use a voucher that was attached to my name and BAEC number. This is a major reason that wait times have been so insane these last months, although things haave certainly gotten better lately.
It's silly that I can't even just ask a general question unrelated to me or a specific booking on something like avios availibility on a given flight without giving a load of silly information. I once had to go through data protection 3 times on the same call: 1. to get the ball rolling and make changes to booking, 2. againwhen I got called back and 3. again on the call back to use a voucher that was attached to my name and BAEC number. This is a major reason that wait times have been so insane these last months, although things haave certainly gotten better lately.
You can ask a general question without clearing data protection, but then the answer is only a general answer. Its usually better to pass DPA so the agent can discuss your Exec Club account or booking.
The more information given and that can be discussed, the more accurate the answer.
Aug 18, 2022, 7:33 am
#27
FlyerTalk Evangelist
Join Date: Mar 2014
Location: 4éme
Posts: 12,038
Ah the ole ‘I do X so I know about Y’ delusion. This is common in the IT world and some think it leads to complicated systems and IT meltdowns. Pumps up the billable hours though. Want to solve a problem spend time in the environment understanding all of the issues.
Aug 18, 2022, 7:39 am
#28
Join Date: Jul 2014
Location: WAW ✈ LHR ✈ GLA
Programs: BA GfL/GGL/CCR, HH Diamond, IHG Diamond Ambassador
Posts: 2,500
Aug 18, 2022, 7:43 am
#29
Join Date: Jul 2014
Location: WAW ✈ LHR ✈ GLA
Programs: BA GfL/GGL/CCR, HH Diamond, IHG Diamond Ambassador
Posts: 2,500
You can ask a general question without clearing data protection, but then the answer is only a general answer. Its usually better to pass DPA so the agent can discuss your Exec Club account or booking.
The more information given and that can be discussed, the more accurate the answer.
The more information given and that can be discussed, the more accurate the answer.
Aug 18, 2022, 8:43 am
#30
Join Date: Dec 2009
Location: near Heathrow
Programs: BA GGL/CCR, GfL (OWE), SA LifePlat (*G), BD Gold to the end, Hilton Diamond
Posts: 2,911
I really don't see it as an issue having to go through three data protection questions when BA Exec Club have to call me back. It takes no longer than a minute or two of my life. I've spent way longer than that reading this thread 