The DPC received a complaint from an individual in relation to an access request made to an internet service provider. According to the individual, they rang the company regarding the possibility of switching broadband services and considered that the level of service received from the customer service agent was unsatisfactory. As a result, they made an access request for a copy of their personal data processed by the company.  

 
In response to the individual’s access request, the company sought further information from the individual including an account number.  The individual informed the company they could not supply an account number, as they were not a customer, merely a potential customer enquiring about switching their broadband service. In their response, the company advised the individual that without an account number they could not process the access request. On foot of this response, the individual proceeded to make a complaint to the DPC. Following receipt of this complaint, the DPC corresponded with the internet service provider to ascertain why the access request could not be processed without an account number, and to comply with the individual’s access request. 

The company promptly responded to the DPC accepting that the agent who responded to the individual should not have informed them that they could not process the access request. They also outlined that the agent involved did not follow the correct process for dealing with access requests from non-customers, and advised that additional data protection training would be provided to the agent. The company also provided the individual with a copy of their personal data. The individual confirmed that while they did receive a copy of their personal data, the matter was only resolved following the DPC’s intervention.