In theory, under compliance with GDPR, companies that store your “Personal Data” (see https://gdpr-info.eu/issues/personal-data/) should handle it to a certain standard, including deleting it when it is no longer needed.
These rules would mean for example, that if you rang up my bank and said “I need to know where Dug Falby lives” they would politely tell you that they can’t divulge that information. If you were cheeky, you might even press further, making up some story about why it’s OK to share that information. You might say you were my Dad and it was a health issue; or that it’s urgent; or even that a Nigerian prince is trying to send me gold bars from an unclaimed inheritance for example.
So because we have quite a lot of cheeky going on, people who manage call-centres; who manage chat support and things like that make sure their teams are trained to spot the issues and keep our data safe.
Unless you’re eBay, in which case you share #personaldata with anyone who chats with your support team.
[transcript begins] subject: just my address 2018 - 09 - 25 04:27:45 UTC Heins Welcome to eBay Live Help, my name is Heins. Please stay connected while I review your query. 04:27:56 UTC Heins Hello 04:28:04 UTC Heins May I know, if you wish to update your address? 04:28:37 UTC eBay_Guest i just need to know the address on my account 04:28:45 UTC eBay_Guest if thats possible please. 04:29:24 UTC Heins May I know, if you wish to know the address to which the items get delivered to ? 04:29:37 UTC eBay_Guest yes correct 04:30:08 UTC Heins I will check what can be done in this case, Might have to verify your identity first though! 04:30:11 UTC Heins I would appreciate if you can help me with your full name, User Id and registered email address to fetch your account details. 04:30:33 UTC eBay_Guest yes my name is dug falby and my email adress is firstname.lastname@example.org 04:31:57 UTC Heins For verification could you share your phone number ending with 655? 04:32:40 UTC eBay_Guest 07515661655 04:33:49 UTC Heins Thank you for verification. we have your address with xxxx xxxx avenue, do you recall this address, Dug? 04:34:24 UTC eBay_Guest yes please could i have the full adress please 04:34:42 UTC eBay_Guest with post code? 04:36:08 UTC Heins Yes, here is the complete address: 04:36:10 UTC Heins [Redacted: Full postal address with postcode] 04:36:27 UTC eBay_Guest thank you heins 04:36:53 UTC Heins You are welcome. May I ask, why you wish to know the address, are you facing issues with login to your account? [transcript ends]
I have now closed my ebay account. The account was [redacted]
It’s very subtle, the little nudge for the postcode, the volunteering more data than asked for up front. This language is the work of an advanced fraud person very familiar with human engineering, right down to the “thank you heins” at the end.
Note also that by the end of the call, “Heins” has realised what he has done – see his question “why you wish to know the address” but at that point the damage is done and team cyrus just hangs up on him.
I hope Heins gets some more training:-(