Info Commish offers privacy addicts a 12-step GDPR programme

Re: Online Law Needs Reforming

"The issue was that my credit card(s) were visible, but expired"

Whoa there! Isn't that contrary to all manner of regulations, merchant T&Cs etc? You could use that to demand answers or else but if you did I'm sure the evidence would disappear PDQ.

And incorrect data under your account? Someone suggested the other day that if the company refuses to answer questions on account the the DPA, ask them for the section of the Act they're depending on. Although in this case I'd make them a counter offer - thery can answer the ICO's questions instead because unless I could get satisfaction that would be my next port of call. Failing to maintain proper business records is probably an offence under company law.

Re: No worries about the downvotes.

As said, you do sound legit. But the chances of M&S getting "hacked" verses loosing a laptop with a login details somewhere/leaving a pc on and family using it is much much higher.

Again, I don't doubt you. Also I do know how easy it would be for an employee to type over details (I have no idea if M&S system allows it, but I have seen other firms where staff just typed new account details in any box, including old or existing customers).

So while you may or may not be right, the odds are sadly against you from M&S point of view, and any public (me) who hear your story. Only you and the other person, if self observant enough, know if you left your details/account info somewhere to be gobbled up.

However, if you are certain you never left them anywhere, then I'd assume it was a postcode search error, and the customer assistant stupidly typed over your details. That should get you a hamper + a nice £50(?) and apology letter. But that would require M&S admitting error... fat chance!