The Password Scramble and your Data Protection rights

December 6, 2007

What can you do to prevent Fasthosts re-setting your email passwords if you have already changed them? You might spend the next week changing passwords, only to find that another Fasthosts blunder forces you to do the whole thing again, this time with irate users/customers.  Is there anything we can do to inform Fasthosts that passwords have been changed and insist that your account is exempt from the great password scramble – well there might be:

The Data Protection Act gives you a limited right to prevent significant decisions being taken about you solely by automatic processing. This affects only those decisions made by a computer where there is no human involvement in the decision.

More at the DPA site Here

Many people are worried that even if they change their email passwords, Fasthosts will still scramble them on Thursday 13th, as they did in the recent Control Panel password change.  This would effectively mean that no matter how many hours hard work you put in to change the email passwords prior to December 13th, you may have to the whole lot again after December 13th

No statement has been issued by Fasthosts about the fact they did this during last weeks reset, or re-assuring us that this will not happen.  However, you may be able to protect yourself if you do the following:

1) Change all your passwords, check and double-check that they are all changed.

2) Write to Fasthosts informing them that everything has been changed.  Request that no automated decisions are made on your account until they have confirmed in writing that they are aware that your passwords have been changed, or are able to respond to this request, in writing, within the statutory 21 days .

Depending how well you write this letter and what legal advice you take on the subject, you may force Fasthosts to stick to what they have promised, or end up paying out compensation to hundreds of angry and over-worked IT people if they screw it up again

On the same subject, Fasthosts are required under the DPA to keep your information secure, they didn’t.  If anyone has any idea if claims on this basis are likely to result in compensation, please post them here.  Not conjecture please, just legal reality.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: