Online DVD and CD seller Play.com has sent out dozens of emails containing customer account details to the wrong customers. We were contacted by Reg reader Ben, who had received an order confirmation email for a customer called Kate. This included the title of the CD she had ordered - The Killers' "Live at the Royal Albert Hall …
Sounds like they should be up for the next big Government data handling contract, then.
Play.com is based in Jersey
Since Play.com is based in Jersey I'm not sure the UK ICO has jurisdiction, you might want to try contacting the Jersey equivalent... www.dataprotection.gov.je
I placed an order on play.com late last night before I'd heard about this problem. I thought it was odd that I didn't receive an email acknowledging my order and to think that it might've been sent to somebody else is a worry.
... limited resources. They need time... and a PR expert !
Play.com is based in Jersey so I'm not sure if the ICO has any jurisdiction there!
File this under "dangers of sending personal information abroad" :-)
Play are pretty good at this sort of thing
I received a printed order confirmation for someone else when I bought a jacket from them last year - it looked like it was from someone who'd bought and returned it, so not a total fail, but still...
He should have asked for a £5 voucher for each customer whose email has gone astray... preferably delivered via email.......
Oh, work it out for yourself.
Had to shut my account a year ago. They say that they will not ship mobiles to other than the main address, but they accepted a new (fradulent) delivery address on my account, then tried to ship 3 mobiles there.
By chance I was in time to cancel the third order (the first two were already in packing by the time I got home and saw the email, and of course there is no way to contact them and cancel at that stage).
I provided the name and delivery address (including postcode), but couldn't get any interest from them bar a 'oh we know about him'. Not shopping there again in a hurry!
Well, now you know.
A fiver is what other people's data's worth to play.com.
Only the warehouse and the REGISTERED office is in Jersey - all backoffice functions such as IT, HR and customer services are done by "The Web Factory" which are based in Cambridge...
Ooh a title
Given that Play.com send their items from Jersey with the CN22 customs declaration falsely stating 'optical media' and 'gift' (when what you've purchased from them is not optical media), I don't think following the rules is in their remit :-)
AC Just because they may email my details to someone
I may have done this once
I re-indexed the contact DB out of hours, of course marketing were informed but decided to send a mailing to 3 million people anyway, cue people being mailed 400 times with other peoples details.
What am i missing?
So you know someone's name and address and the name of a cd they've ordered from Play. What use is that to anyone?
Yes, it's a data leak, but file under "who gives a shit"
@The Original Steve
Steve is right, the company is registered in Jersey however the dev shed and call shack are based in Cambridge.
Play.com should just say what the government would say: "We are sorry for the distress cause, but employing proper data control would not be practical. Now shut up and get back to paying your taxes, citizen."
Nothing to do with the UK Information Commissioner as it is a Jersey Company.
The Information Commissioner there is very effective.......unlike some otherswho cannot write plain English or fewer than 3 pages.
Play are spammers and give poor service
I stopped doing business with Play when they got cheap. Cheap in a bad way.
They used to be competitively priced, and would use a delivery service that meant you'd get your CD the day after ordering it, every time. They would also send out newly released CDs on a Friday when they would be coming out on the following Monday, meaning you'd get it on the Saturday before release.
Then something changed at Play, and after 2 or 3 orders that arrived late (as far as I was concerned - they just hid behind their T&C when I contacted them) I decided enough was enough. In fact, I once rang up to find out where a CD was I ordered and they didn't know, and just hid behind their 28 days T&C..... it turned out there was a postal strike that same week, so that was probably the delay. But Play had become so useless by that point that they hadn't made their call centre aware of it! In a company that runs its business by mail order!
At some point the spam started. I never, ever, ever, allow companies to use my personal details for anything other than delivering goods to me. Play started spamming me with their PlayUSA junk. I mailed them telling them to delete my data..... and after hearing about this data leak I am wondering if they have. (I blocked their emails at the SMTP server - I do not unsubscribe to spam as it confirms which addresses are looked at).
Oh well, if they haven't deleted my account I guess I'll be contacting the Data Commissioner, and a solicitor.
Don't tell anyone
£5 may just be the smallest bribe in history.