Welcome to the forum
The answer to your question can be found in this thread here http://community.plus.net/forum/index.php/topic,76119.msg611543.html#msg611543

Hi,
The South African call centre have access to the same information that we do.
They will also follow DPA procedures at the start of each telephone call to ensure that they are speaking to the account holder.  We are also able to see who (from our staff) has accessed your account at any given time, be they based in the UK or SA.

Thats worrying...... is there any way I can "opt" out of having them have my personal data?

They are covered by the same set of rules that our staff are covered by.
You wouldn't be able to remove your personal information without completely removing all information that we are able to see.  I promise you, this isn't an issue.

you say its nothing to worry about however, there's been many instances recently where overseas call centre staff have been stealing personal data and selling it on. As part of the DPA if you are allowing overseas (outside EU) companies to process or store personal information you must ensure that there is an adequate level of protection in place. The ICO recommends the following
Select a reputable organisation offering suitable guarantees about their ability to ensure the security of personal data.
• Make sure the contract with the organisation is enforceable.
• Make sure the organisation has appropriate security measures in place.
• Make sure that they make appropriate checks on their staff.
• Audit the other organisation regularly to make sure they are ‘up to scratch’.
• Require the organisation to report any security breaches or other problems.
• Have procedures in place that allow you to act appropriately when you receive one of these reports.
I would be more at ease if PN could tell me that the SA employees have had appropriate checks and that PN have a security professional audit the SA call centre at least annually. I will then be satisfied that my data is less at risk.

Fully understood.  I've done some more digging since I last relpied too
All the employees in SA undergo credit and security checks prior to starting work at Bizwork (who fulfill the Plusnet/MAAF contract).
They have also applied for ISO27001 which they are expecting to be awarded shortly and again - they are expected to follow all of our processes surrounding DPA.
http://www.27001-online.com/

since the Information Commissioner has stated that a company being ISO27001 would be fully DPA compliant then that's fine.  Would be good to know when they get the cert (and if not what PN will do to ascertain they are secure) and also would be good to know that PN Uk are ISO27001 certified.....

dont get me wrong, being ISO27001 is not a silver bullet but its a massive step in the right direction.
PS 
one other thing.... are PN PCI compliant?
PPS
Don't worry, im not singling PN out for special treatment. Im doing this with all entities that hold my data....

Hi again,
Our of our credit card data is encrypted and the company we use the process payment transactions are fully PCI compliant.

having card data encrypted is just one small part of being PCI compliant.  Can I ask again, are PN PCI compliant or not? I just want to safeguard my payment details.

PCI compliance has been a large part of our plans and continues to be so, we realise the importance of this work and have already completed a substantial amount of this which includes additional security controls to both the network and our systems. The work already completed ensures that the way we store customer and payment details are fully PCI compliant.
We are continuing to work in order to prove our full compliance with PCI and should achieve this shortly.