An estate agent playing fast and loose with customer data?
I'm shocked. Shocked I tell you!
A London estate agent has been fined £80,000 for losing thousands of clients' personal data when it was handed over to a third party. A ruling from the Information Commissioner's Office found Life at Parliament View Ltd (LPVL) left the personal details of 18,610 people available online for just under two years. The data was …
As there is some high quality data there:
Passport scans - always useful as a "gold standard" item in getting away with identity theft
Bank statements - superb again as in addition to account details you have some transaction info, and as banks love to get you to describe actions on your account as "proof of ID " over phone, being able to say "I have regular direct debits to xyz, abc etc. of amount 123 and 456 can get you past those hurdles.
A huge amount of damage can be done with data like that - a fine of high hundreds of pounds per "customer" would be more appropriate to reflect the huge potential damage
a fine of high hundreds of pounds per "customer" would be more appropriate to reflect the huge potential damage
Sadly, under pre-GDPR legislation, the fines were very limited when it comes to being punitive enough. I, for one, can't wait until the 2-4% of turnover type fines start hitting companies who have a less-than-rigorous respect for the personal data of their customers.
With a passport copy, crooks even have your signature. This is why I use different signatures for my passport and for my banks.
I also use an ID card at a hotel, not a passport and then I use a credit card from another country, so that nobody ever get two types of ID from the same place. However, this kind of mixup is only doable by someone like me who live and work internationally.