Name changed for obvious reasons... I did write a thread on this about a year ago... However - long story as short as possible.
A while ago a company that I did some work for erroneously passed by bank details, email address and phone number to a third party. Without going into long winded details - the upshot has been that I’ve paid tax on an amount that this has caused me hassle - nothing too serious but irritating ended up with me asking to remove all my details from their company database etc. It’s a bit more complex but don’t want to bore.
Anyhows, yesterday I am copied into an email trail - again they have passed my email address on, for a second time to the third party company.
Despite me asking several times how the original breach happened and also what they plan on doing to tighten up their processes - nada.
So I get a call (finally) today from the ceo after threatening to report to ICO. A vague apology etc and I pointed out that they have at least twice passed on my data without my consent, habe not deleted as requested etc. CEOs answer was all very “well I don’t really know much about all that so if you want to sue us go ahead”. I tried twice pointing out that I wouldn’t be suing - and it wasn’t for my benefit (not about compensation - they’d possibly be fined).
He was so dismissive - and very much “well it’s a human error and these things happen”. I get that once is - but this series of fuck ups isn’t human error - it’s a total disregard for data protection and his attutude was very much “well I don’t know about this stuff so I’m going to ignore it”.
I’m tired of the whole thing and basically tempted to leave it - but Aibu to report it?