Perhaps my biggest problem with Pipex customer service has been this insistence that they have my personal information attached to every question I ask, or every problem I report, even when the communication has nothing to do with my account.
Here’s the latest email I have received from them about this:
Dear Mr. Gordon,
Thank you for your email, the contents of which have been noted. Firstly, I apologise for any inconvenience caused to you by the issues you have being experiencing.
I attempted to contact you by telephone earlier today but, unfortunately, there was no response.
I am glad to note that your connectivity issues are now resolved.
I apologise if you are unhappy with the level of customer service you have received; it is never our intention to cause frustration. Please note that, as per Data Protection procedures, each email thread must be Data Protection compliant.
We would have no reason not to deal with your issue. Your personal details are requested for no other reason that to verify that you are the account holder.
You can find our complaints procedure at the following link: http://www.pipexuk.com/terms/terms.html.
If you have any further questions, please do not hesitate to contact us.
Pipex Customer Relations
Our Customer Care Department is available on 0871 663 3300. Calls are charged at 5p/min from a Pipex line or at 10p/min from a BT line. Calls from mobiles and other providers may vary. Lines are open 8am-9pm Monday-Friday, 8am-5pm on Saturdays and 9am-6pm on Sundays.
The most interesting line in there is the statement that “as per Data Protection procedures, each email thread must be Data Protection compliant.” What does that mean exactly?
There are basically two types of reports that could arrive at an ISP’s help desk:
- Those that pertain to the reporting user’s account;
- Those that are general reports about the service, not related to a specific account.
When handling the former, I totally agree that being able to verify that the user reporting the issue or requesting a change is in fact the owner of the account is essential. For the second type of report though, it is irrelevant since there is no change to the user’s account information, or even a need to look at it. There is no need to require personal information from a user who is asking a general question (e.g. “Are there any service outages at the moment?”) or reporting a problem, such as a broken link on the company’s website.
Going to back to a case where my account might need to be accessed, or modified, let’s look at how Pipex chooses to validate that I am indeed the owner of the account: they ask for three of the following:
- My name
- My address
- My date of birth
- My phone number or email address
- My customer account number
And they believe this is secure? All but the last of those are basically public data these days.
Ironically, Pipex has a more secure option available to them since they issue user names and passwords for accessing their service. In fact, when submitting these support questions through their web portal, I was already signed in to that account. But still I am asked for more information. Even though the tickets I file are automatically associated with my account.
Security or Value
Of course, asking me for that extra personal data makes the information they sell much more valuable. So, is the real motivation for asking just to improve the value of the data that they sell? Perhaps.
Oddly enough, they’ve been quite happy to answer my questions and update my account even when I use a fake d.o.b., so it seem unlikely that they’re checking these values against my account.