Data protection - received someone else's information

Thoie

I emailed a large Irish company the other day, asking for my balance in their loyalty programme (following instructions on their website). I provided my membership number and my full name, and said to contact me if they needed any other details.

They replied back promptly with an attachment containing my balance, but when I opened it, it contains someone else's personal data (full name, dob, address, email address, and details of their transactions for the last 4 years.

On the plus side, I'm a nice honest person, so I'm not going to misuse this data (there are 2 or 3 "malicious" things I could do with the amount of info I've got - this isn't Tesco grocery lists). I contacted the company immediately to point out the error, but haven't heard anything since.

Do I
a) delete it, move on
b) forward a copy to the customer in question
c) contact the company again asking them if they're insane (or something milder)
d) forward it to the Data Protection Commissioner?

Text your answers with your name, address, DOB and bank account details to this special 1550 number. Lines close... never.

muffler

a) delete it, move on

Yup, thats an option alright.

b) forward a copy to the customer in question

No, certainly not.

c) contact the company again asking them if they're insane (or something milder)

Give them 3 working days to respond and see how it pans out.

d) forward it to the Data Protection Commissioner?

Mistakes happen but if the company concerned cant be arsed to reply then I certainly would contact the DPC.

My 2c worth.

ytpe2r5bxkn0c1

Look, mistakes happen. I'd point it out to the company and delete the material. It didn't have Credit card or bank details. DOB isn't the most sensitive data in the world and name/address are on the publicly avaialbale electoral register and elsewhere. Go to DPC if you wish but I personally wouldn't in this particular case.

Clauric

Thoie wrote: »

a) delete it, move on

Not for the time being, but eventually, you should delete it.

Thoie wrote: »

b) forward a copy to the customer in question

Yes, inform the other customer that a company that has their data has disclosed it, albeit inadvertently, to another customer. Let them decide if they wish to make a complaint to either the company or the DPC.

Thoie wrote: »

c) contact the company again asking them if they're insane (or something milder)

Don't send them any other emails regarding this matter. If they don't realise what infractions they have committed, in regards to the DPC, it is not your concern, just do:

Thoie wrote: »

d) forward it to the Data Protection Commissioner?

Yes, forward it as a matter of principle. However, if the company don't reply by Friday (28th Feb), send a complaint to the DPC

Five Lamps

You should insist on a response from the company and a threat of the DPC will make them take note. Certainly, I would reconsider being a member of that loyalty club if they are that sloppy.

Destroy the info you received and certainly don't contact the other person. What is the point of that?

Again, what would be the point of making a complaint to the data commissioner? You have had no breach of privacy.