“For Data Protection Purposes”, Can You Give Me Some Personal Data…?

Ring ring… “Hi, it’s the AA; we’re doing a survey about your recent call out; for data protection purposes, may I have your address please?” Er, no… “Oh, well, I’m sorry, I can’t continue this call without confirming who you are…”

[I should really have asked what was meant by “data protection purposes”…;-)]

I think I’m going to start collecting stories like this, unsolicited calls from companies I’m a customer of, who call me on my phone (using a number they have on their records for my account), and then try to get me to provide them with additional personal information so that they can check I’m me… (but how do I know they’re them…?)

Ring, ring: “Hi, I’m an evil phisher who got your number from a phone book (phone books, remember them? Directories that came unsolicited through your letterbox, publishing the name, address and telephone number of most people in your area in public **Privacy breach alert**, panic, don’t panic ;-) pretending to be from a large company who you’re likely to be a customer of based on the demographics of your postcode area. Could you confirm your first name please… and can you confirm that your address (the one I found in the phone book…), is blah, blah, blah. And your date of birth…?”

Ring, ring: “Hi, I’m an evil burglar checking out properties that I might come and visit, but I’m pretending to offer cheap house insurance. Do your windows have XYZ locks? And do you have a burglar alarm? Is the property ever vacant for more than three or four hours at a time? Thank you…”

There has to be a better way… some form of reciprocated two step verification, maybe, whereby both the caller and the callee can confirm each other’s identity?