Melbourne

1870 readers

51 users here now

This community is a place created for the people of Melbourne and Victoria. We are a positive, welcoming and inclusive community. We might not agree about everything, but we always strive to stay civil and respectful.

The focus of our discussions is based around things that affect Victoria, but we are also free to discuss our local perspective on wider issues. Or head to the regular Daily Random Discussion thread to talk about anything.

Full Community Guidelines

Ongoing discussions, FAQs & Resources (still under construction)

Adoption Certificate for Nellie, the Daily Thread numbat (with thanks to @Catfish)

Feedback & Suggestions

founded 1 year ago

MODERATORS

lodion@aussie.zone

RustyRaven@aussie.zone

briongloid@aussie.zone

bot001@aussie.zone

Daily Discussion Thread 🌅🌈⛱️ Sunday, 24 November, 2024 (aussie.zone)

submitted 2 days ago* (last edited 2 days ago) by Baku@aussie.zone to c/melbourne@aussie.zone

166 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] StudChud@aussie.zone 5 points 1 day ago (1 children)

The principle of least privilege should always be used where possible. If you don't need to access information, you really shouldn't even have the option, at least not without either the client/customer's approval, or a managers authorisation

Nice idea in theory, but imagine you had a bank or energy account and had to call customer service. If the agent has to get approval to access every account, that would be so, so time consuming, the company wouldn't have clients/customers. There isn't enough managers on the floor or available for that to be feasible. So they drill into us phone monkeys that we are not to access that kind of data (celebrities, people we know). The authorisation to access comes from the customer calling in, and asking for an action or info on their account. This is also why, in the back end, everything is logged: the date and time, which agent, whether a note was left, what the interaction was for, etc. We are told, over and over, not to do it, with Privacy Act citations.

Besides, there are preventions in place. Example: I was trained, at one point, to deal with only residential customers. I could not access Small-to-Medium business accounts, nor Large Business accounts. When I was promoted, that's when further training was provided and my access upgraded. Again, everything is logged, and every phone monkey KNOWS it's illegal to access that info without a customer asking, or without a manager asking. I had to access Large Business accounts without a customer telling me to, because I was doing remittance. I'm talking over $1m in one payment from one company.

The phone monkeys know it's wrong without authorisation. I promise you they KNOW. It's on them at that point and they should expect at least a firing, if not legal action.

[–] Baku@aussie.zone 1 points 1 day ago (1 children)

If the agent has to get approval to access every account, that would be so, so time consuming, the company wouldn't have clients/customers. There isn't enough managers on the floor or available for that to be feasible.

Some other call centres request authorisation through the caller in the form of an OTP, which doesn't seem like a bad system. Or some banks still require phone banking passwords (although I believe they're mostly about protecting the bank from the liability of somebody impersonating a customer, I don't think that is required to access files. It should be though)

[–] StudChud@aussie.zone 3 points 1 day ago (1 children)

When you work in a call centre, let me know, and maybe we can then discuss this.

[–] Baku@aussie.zone 3 points 1 day ago

Bit rude. I'm allowed to have opinions on how I believe companies should handle my personal information. If you don't think companies should have any semblance of accountability for how they process and treat personal information because it would slightly inconvenience you, that's fine, but you don't get to stop me from sharing my opinions.