Re: Online Law Needs Reforming
Prove that you did not leak or loose those details?
Data privacy addicts are being urged to take a 12-step programme – by no less than the UK's Information Commissioner's Office. The ICO, which is the Brit government agency responsible for enforcing Britain's rather weak data laws, has issued guidance for companies to seek redemption ahead of the EU GDPR rules coming into force …
This post has been deleted by its author
This post has been deleted by its author
"The issue was that my credit card(s) were visible, but expired"
Whoa there! Isn't that contrary to all manner of regulations, merchant T&Cs etc? You could use that to demand answers or else but if you did I'm sure the evidence would disappear PDQ.
And incorrect data under your account? Someone suggested the other day that if the company refuses to answer questions on account the the DPA, ask them for the section of the Act they're depending on. Although in this case I'd make them a counter offer - thery can answer the ICO's questions instead because unless I could get satisfaction that would be my next port of call. Failing to maintain proper business records is probably an offence under company law.
This post has been deleted by its author
As said, you do sound legit. But the chances of M&S getting "hacked" verses loosing a laptop with a login details somewhere/leaving a pc on and family using it is much much higher.
Again, I don't doubt you. Also I do know how easy it would be for an employee to type over details (I have no idea if M&S system allows it, but I have seen other firms where staff just typed new account details in any box, including old or existing customers).
So while you may or may not be right, the odds are sadly against you from M&S point of view, and any public (me) who hear your story. Only you and the other person, if self observant enough, know if you left your details/account info somewhere to be gobbled up.
However, if you are certain you never left them anywhere, then I'd assume it was a postcode search error, and the customer assistant stupidly typed over your details. That should get you a hamper + a nice £50(?) and apology letter. But that would require M&S admitting error... fat chance!
@LeahroyNake so long as you are not doing anything fancy with your data, GDPR is more than manageable by a small business. You do need to make website changes and you do need to educate your staff on what's ok and what's not. Start with the record keeping as that will tell you where the gaps are.