Wednesday, 18 April 2012

Big Gaff by GiffGaff Mobile Network

As one does, i requested for VAT receipts for payments made to GiffGaff Ltd who i use for two of my mobile telephones.

What subsequently happened was simply amazing however quite embarrasing for GiffGaff i am sure.

A little digging on my side revealed a lot and quickly put GiffGaff back in its box.

Attached below are communications from GiffGaff from thier "Ask an Agent" part of thier website where one can ask for help.

Few things to note from this message from GiffGaff Ltd:

1) GiffGaff believe VAT Invoices are protected under the UK's Data Protection ACT as they believe it contains sensitive information.
2) GiffGaff claim that although VAT receipts are protected under the Data Protection ACT that they can be simply emailed as a PDF. (I dispute the fact that an Invoice is protected under the DPA to begin with). However it is fasinating to note that GiffGaff believe information which is protected under the DPA can simply be emailed over plain text email.
3)However the statement which really makes me laugh is: "Our email servers here at GiffGaff are secure and protected.

A simply quick check via NSLOOKUP against a public DNS Server shows that GiffGaff uses Google Hosted Email for its entire corporate email.

Hence neither can these email be considered "Our email servers here at GiffGaff" and nor can they be considered "secure and protected" as Google's own terms and conditions clearly state that the information on Google Servers can be held anywhere in the world. This obviously goes against the UK Data Protection ACT as the ACT requires the information to be held in certain countires only.

This however is not a issue for Google, as they are not selling Hosted Email which is compliant with the UK DPA, but an issue for GiffGaff who believe they can fool a customer like myself by stating they actually own and physically host their own email server.

There is nothing wrong in using Google Mail, even i use it, byt for GiffGaff to sell it as UK DPA compliant is simply laughable.

When i pointed out this Google Email Hosting issue to "Joe the Agent" he quickly changed his tone and agreed to post out the the VAT receipts by 1st Class Recorded post no less.

This might be just a one of Rouge Agent Joe who thought let me just try and make a mockery of the customer, but i did on every ocassion also copy the emails into Mike the CEO of GiffGaff. As i also got an out of office reply from Mike the CEO, the emails clearly did get to him. However Mike the CEO of GiffGaff did not reply once at all.

Hence i can only assume that the replies from Joe were fully sanctioned by GiffGaff.
I have forwarded this matter to the UK Information Commissioner's Office.

If GiffGaff Ltd wishes me to change any of this information, as long as they can provide the necessary justification i will be happy to do so.

No comments:

Post a Comment