3rd Party Unauthorized Access To An Account.

Mark McNamara made this Freedom of Information request to Information Commissioner's Office

This request has been closed to new correspondence. Contact us if you think it should be reopened.

The request was successful.

Dear Information Commissioner's Office,

Could you please let me know if the following example constitutes, or would constitute a breach of the data protection act.

For example, if I have an account with Company XYG and a 3rd party individual telephones the company and gives sufficient details which identifies me such as name, address, date of birth and there has been no authorization from myself to this 3rd party to telephone giving my details and the company accesses my account for this individual. Would this be construed as a breach of the GDPR.

Also if it was abundantly clear to the employee who was accessing my account for the 3rd party individual, recognizing that it was not myself who was telephoning, for example my name is Mark and am male and if the 3rd party individual was a woman, then would that be an example of a breach of the GDPR.

Also if this scenario were to be officially recognized by the company as a security breach and admitted by the company as a breach of data protection policy, would this be recognized as a breach of the GDPR by the ICO.

Yours faithfully,

Mark McNamara

Information Access Inbox, Information Commissioner's Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit:


If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

For information about what we do with personal data see our [2]privacy

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found


Find us on Twitter [4]here.



Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/about-the-ico/news-an...
4. http://www.twitter.com/ICOnews

Information Access Inbox, Information Commissioner's Office

Dear Mr McNamara,

WDTK Acknowledgement - DP/FoI Complaints

Thank you for contacting the Information Commissioner's Office (ICO) through the whatdotheyknow.com (WDTK) website.

The WDTK website was created to help people request information from public authorities under the Freedom of Information Act (FoIA) and the Environmental Information Regulations (EIRs).

The ICO is the regulator responsible for overseeing information rights legislation. We are also subject to the legislation we oversee.

As a public authority we are subject to the FoIA and EIRs, so if people want to request information we might hold about our work as a public body, they can do this through WDTK.

The correspondence you have sent to us is not a request for information we might hold. It is a data protection complaint scenario about the way an organisation has or has not complied with the legislation we oversee. We do consider issues like this. However, we do not deal with this part of our work through the WDTK website.

Please visit the ICO website www.ico.org.uk for information about the legislation we oversee and advice on what to do if you are unhappy with the way an organisation has met its information rights obligations.

If you need to raise a complaint or concern with us you can do this by following the instructions on this page of our website -


Please also contact our helpline for any further advice on 0303 123 1113.

Please do not reply to this message through the WDTK website. We make no commitment to respond if you do.

Yours sincerely,

The Information Commissioner's Office

show quoted sections