Customer contact and data security: contact with third parties: disclosing information
The general rule when dealing with unauthorised third parties is that we can receive information but we must not disclose information or conduct a two way conversation unless we have prior authority from the customer.
If you are faced with a situation where a third party is offering vital or useful information then you should
take a note of
- the information
- who the third party is and their
- relationship to the customer (if any)
note all this information on the IDMS notes and other HoD notes where necessary.
If you are given new designatory details you should not change any of the customers details without verifying them first, see DMBM512150.
If you are offered payment or the third party wants to set up a TTP, see DMBM511645.
You should be careful not to inadvertently give out any information to a third party and not allow yourself to be led into giving it away. If the third party asks you for confirmation or information you should explain that you are unable to disclose any information without the customers consent and where necessary ask the customer to call in themselves.
(This content has been withheld because of exemptions in the Freedom of Information Act 2000) DMBM510280(This content has been withheld because of exemptions in the Freedom of Information Act 2000)