The Information Commissioner's Office has confirmed it is investigating complaints into Play.com. The online seller of DVDs, CDs and games last week sent out dozens of order confirmation emails to the wrong recipients. One Reg reader received some 24 emails with personal details of 24 people. The company said it had fixed the …
Gimme a break...
ICO is investigating this accidental incident, but I can't get them interested in BT's deliberate and continual spamming, despite me contacting them 6 times to get me removed from their mailings.
Play - Jersey - EU
Does the ICO have jurisdiction in the case of Jersey?
It's a question I'd be fascinated to know the answer to.
As a very obnoxious customer services representative took great delight in telling me once, when I had a faulty item purchased from them, Jersey is not bound by UK or European consumer law, nor is it a part of the EU (and then effectively told me to go stuff myself). Luckily the item was sufficiently inexpensive enough that I didn't try too hard to pursue the matter.
I will follow the developments with interest.
Does the ICO have jurisdiction?
Last time I checked play.com was based in Jersey and was not covered by much of the UK's consumer laws.
At least that was the answer when I tried to return something a few months back. However, IANAL.
That's not a lot when you think of the number of people that could be affected. Lose 100,000 people's details and they'll get a fiver each.
I am certain that if play.com transact business within the UK/EU then they are bound by the consumer laws of the UK/EU. Otherwise all large retail organisations would base themselves in some country with no/few consumer laws and just laugh at us should we have the effrontery to exercise our consumer rights.
Marc Hocking, CTO, Becrypt
The recent statement from the Information Com missioner’s Office that levels of UK data loss are ‘too high’ yet again reinforces the need for organisations to ensure that they treat data with due care and diligence. It is essential to ensure that the right technology solutions are put in place. The proposed £500,000 fines may be an effective wake-up call for businesses, but an Information Assurance policy will not appear overnight. Implementing technology is important, but it is key to remember that there is more to the problem than this. Companies need to sew the importance of data protection and information assurance into the very fabric of the company; there needs to be education for employees, as well as regular updates to security policy. Businesses need to ensure they don’t use a band-aid to cover the potential bullet-hole of data loss.