What is it with companies emailing people to say their details may have been stolen from a third party? We’ve had a handful of these in just a few weeks, but we want to see them doing more than simply ‘fessing up.
If you shop online, have an internet account with a bank or retailer and they confess that your details have been stolen by a third party, should this be an end to the matter? I don’t think so.
In the last few weeks I’ve heard numerous cases of people getting emails from the likes of Play, Santander, Trip Advisor and Lush along the lines of ‘we’ve discovered that an unauthorised third party has stolen part of our member email list…’.
Great, thanks for letting us know. You’re absolved. Not.
Companies such as these are clearly breaching the Data Protection Act. Plus, people who have opted out of third party online marketing are now at risk of their emails landing in the laps of any number of spam marketers – or worse.
Saying sorry isn’t good enough
Holding your hands up to sloppy – and potentially illegal – breaches of law is just not good enough. If I smashed into your car and just said sorry I wouldn’t expect you or your insurer to forget the matter.
Yet it seems that the industry wants to confess and get absolution. In fact, all they’re probably doing is hoping to avoid getting blamed by the press by coming clean before their sloppy errors are leaked by someone else.
What they should be doing is controlling their customers’ data properly. Fine, we know hackers do get in – as Wikileaks highlighted with the likes of Visa, Mastercard and the Swedish Government.
But when these things do happen we’re left having to close email accounts, open new ones, let all our contacts know our new address – and, if our financial details have been seen, cancel all our cards and reapply for new ones.
Give us a ‘customer pledge’
So what should companies be doing in these circumstances? Here’s what Which?’s senior lawyer, Georgina Nelson, says:
‘These companies need to start taking it on the chin and manning up, rather than looking to blame it all on the hackers or an IT glitch ‘outside of their control’. The evidence is clear – their security has been flawed. So – what are they going to do about it?
‘The “sorry” emails should outline a ‘customer pledge’ – a pledge to carry out a privacy audit, a pledge to work with the regulator (the Information Commissioner’s Office), a pledge for compensation if the consumer has suffered a material loss and a pledge to provide them with meaningful advice on how to minimise the damage.’
Have you been receiving any emails like this, and are you concerned that your data’s going into the wrong hands? Personally, I’d feel a lot happier if the regulators took a stand against these companies that don’t seem to have any control over the highly personal data they hold.