Re: Learn from the ransomeware bods...
Let's try a different analogy. Instead of taking the chair I let myself in and read your bank statements, any personal letters, and your diary? I then take photographs.
You still have access to them but your privacy was needlessly violated.
The correct action is to advise the company that they made a mistake and give them the directions to show how they can verify your statement. You do not need to download a copy of the data and tell the company that you are keeping that data for 90 days.
If he'd deleted the data when asked there would not have been any problem. However, it took court action for him to do so.
Biting the hand that feeds IT
