“You must be new here”
As we’ve seen from GreenSquareAccord’s recent recruitment drive there are lots of newbies onboard who are ready to prove they’re worth their ‘weight in salt’.
How do GreenSquareAccord onboard these new recruits? Are they given a thorough induction or merely thrown to the wolves? Are they provided with all the tools and background and then left to sink or swim?
Apologies and promises
With GreenSquareAccord having missed the date set by the ICO and with me having shared and shamed the issue here I received an unannounced call from GreenSquareAccord on Friday 4th March. Proving yet again that the ‘tail wags the dog’.
The call was from Anthony R. who requested that I not publish his surname whilst being confident that I wouldn’t find his profile on LinkedIn. Please note; I only publish names that have been already shared online or when I feel the person has a direct impact upon service or is a member of the senior leadership team. The reason I sometimes publish names is it is my believe that when they take a decent wage out of a not-for-profit organisation their track record should be available to those who wish to read it. I am also aware that this may include future employers and as such, I feel a true and accurate record of their performance is relevant as they move from association to association. Rest assured that if you are a customer service representative your full name will not be shared, the ongoing issues are not yours to burden. Your first name is published so GreenSquareAccord (with the history of struggling to tracking emails and calls) know where to start the search if they wish to verify what has been written. This is fair as hopefully it will support them in strengthening their procedures.
Anthony has been with GreenSquareAccord for less than a month and wanted to apologise and acknowledge that this was a breakdown in communication - this is an ongoing issue that predates Anthony’s three weeks with GreenSquareAccord. However he assures me that this isn't the way in which he would be running his team.
I asked Anthony that as he believed this was not the correct way to handle customer communications, nor was it the way he would be running things going forward, did he feel the failure sat with Sophie Atkinson Executive Director of Governance; after all I had included her on emails and written to her, and she was as the GreenSquareAccord website explains responsible for governance, risk and assurance, health and safety, and data protection. Anthony very wisely chose not to comment on this as she was at director level and he couldn’t comment on the past, but assured me that he operated in a ‘totally different way’.
Praise me!
Anthony was keen to thank and praise me for raising the issue(s) so GreenSquareAccord could rectify them, and acknowledged that failing to do so was disrespectful. If the senior leadership team felt this way they wouldn't have asked me to take my site down or instructed their lawyers (at cost I assume) to send me a scary letter.
But he’s right, the issues do need to be raised. Failing to do so would leave GreenSquareAccord in the dark about their many ongoing issues, their inability to communicate, and would allow them to continuously bask in their own published glowing results and aspirations. It would allow Ruth Cooke to say that she was already a ‘simply brilliant’ landlord! And we can’t have that now can we, not until it’s fact.
The three outcomes
So what happens when a new person joins, can they change a rooted culture?
Will Anthony’s dedication to data protection and customer service change the mindset of his colleagues?
There are three potential outcomes:
New staff members quickly become disillusioned with their inability to rectify issues, respond in a timely manner and honour agreements; due to GreenSquareAccord’s culture and lacklustre procedures.
New staff members take on the current GreenSquareAccord (housing sector) mindset; blame other departments, dismiss residents as ‘ne’er-do-wells’ who should be grateful, and become bogged down with a housing stock that cannot be repaired due to years of failing building maintenance.
They strive, thrive and survive and change the mindset and produce results that drive others to do better! They reshape the culture bringing shame to those who won’t adapt and in turn make GreenSquareAccord a ‘simply brilliant landlord’.
When I put these options to Anthony he assured me he was option three. He was customer focused, he was aware of the issues ahead, he was confident that he (and GreenSquareAccord) could overcome these barriers to service.
Then he promised to send me by the end of the day the email that summarised the procedures put in place to stop further data breaches. The communication that had been requested by the ICO and was already overdue.
Less than a month in and Anthony breaks his first promise on behalf of GreenSquareAccord
Missed timeframes
GreenSquareAccord didn't respond to the initial email/letter after the data breach incident was reported
GreenSquareAccord failed to respond within the ICO timeframe
GreenSquareAccord or Anthony should/could have notified me when Anthony knew he would miss the ICO timeframe (this would have held them over) due to being ‘poorly’ and wanting to ‘fully research the issue’
Fails to send the agreed email as promised…
In summary
What option will Anthony’s recruitment to GreenSquareAccord result in; will he become disillusioned, will he adopt the current GreenSquareAccord mindset, or will he bring great results and positive change? - So far less than a month in it’s looking less likely to be option three…
Will GreenSquareAccord team leaders and managers continue to under represent themselves by throwing new inexperienced players under the bus? - Our virtual meeting here in Oxford isn’t (as previously agreed) being attended by senior team members with the knowledge and skillet to address the issues…
Will GreenSquareAccord ever respond to the ICO’s request or will they keep stalling for more time? - As always, updates to follow…
Sorry Anthony, it looks like you’ve been thrown under the GreenSquareAccord bus.
An update - The incompetence factor
Being a decent chap and able to appreciate the difficult situation GreenSquareAccord had put Anthony in less than a month after he started, I shared this page with him before publishing. After all there was a broken promise of an email he was going to send.
It turns out that although my email address is blocked, widely known throughout the company, at some point GreenSquareAccord or Anthony opted to use an incorrect address. Doh.
Not the first time either.
On 1 Apr 2021, at 17:07, Suse Weeks <Suse.Weeks@greensquaregroup.com> wrote:
Dear Mr *******,
I’m sorry Mr ********, it has just been pointed out this went to the wrong email address.
Kind regards,
Suse Weeks
Suse Weeks | Customer Insight Manager, GreenSquare Group
tel: 01249 465465 | Methuen Park, Chippenham SN14 0GU
And Anthony’s email, what of that?
From: Data Protection
Sent: 04 March 2022 13:17
To: ben.*****@gmail.com
Cc: Data Protection <Data.Protection@greensquareaccord.co.uk>
Subject: Follow up as promised.
Hello Mr ********
I am writing to you in reference to a data breach that you were connected with that took place 3rd September 2021. I would also like to thank you for taking the time to discuss this matter with me today at 11:00 Friday 04 March 2022 via the telephone.
The data breach, in summary, took place when a letter to people that share a residence block was misprinted. The next letter in the print run was printed on the reverse side of letter 1, and not on a new sheet of paper. The recipient of letter 1 could turn the piece of paper over and was able to view letter 2. This error was not spotted, and the communications were posted out to customers.
The postal communication itself, was a letter informing residents that the September 2021 newsletter would not be produced, however formal communications were to be sent out regarding the window and door replacement consultation. Due to the communication, no information other than what was strictly necessary to communicate this was used.
Please be assured that the incident is rare occurrence, and this matter was investigated at the time and enhancements made to our processes. Sadly, this was not communicated to you, and so an opportunity to provide assurance to you was lost. During our conversation, I understand that this is the first communication you have received concerning this matter, and for this on behalf of GreenSquareAccord I wish to offer you again our unreserved apologies.
While the incident is unfortunate, as was the clear breakdown in communication between us, the human error that exposed the Personal Data was not and is not considered to be high risk or presents any factors of concern. This is due to the data consisting of name, and the property number only. The rest of the address information is either shared between the parties (and so known), or the information is within the public domain. The incident did not involve any financial or sensitive information.
I have only recently started with GreenSquareAccord and would like to pass on my thanks for reporting the incident as you did, as I personally value the support and notification that our customers provide when these incidents do occur, however infrequent.
Kind Regards
Anthony
Anthony ***** Data Protection Manager -
GreenSquareAccord, Methuen Park, Chippenham. SN14 0GU
So an apology, the breach was not an important one, someone at GreenSquareAccord was blamed for the ‘human error’, a missed opportunity to communicate, and a reassurance from Anthony that these incidents do occur however they are infrequent; bless him, he has only been with GreenSquareAccord for less than a month.
In conclusion
When can all my neighbours expect a formal apology?
Why did it need the involvement of the ICO before a response was provided?
Should this breach be downplayed? What if my neighbours didn't want their neighbour finding them on Facebook, didn't want them knowing their full name?
Any breach of data is a serious one. That’s why it’s been put into law.