Profile being built on cloud software without consent - data protection

dahayeser

I recently got an invoice from a company I do business with. The invoice as in the form of a link sent to my email. I had to create an account to login and view the invoice. I had got this before from other clients but ignored as it was always accompanied by a PDF version. This time there was no PDF so I had the option of creating an account using my email an password which I did.

To my shock my account appeared to be have been pre-created and there were invoices there from a number of clients of mine. I was aware of these invoice due to having accessed received the PDFs that wasn't the issue. My problem is it seems I have had account created for me due to clients using this invoicing package and directing invoices from it to my email address. I never endorsed this package or agreed to have any of my details on it yet when I log on I find details of my business and a number of my recent purchases sitting there.

I don't want this record, yet if my clients keep invoicing me through it when they add an invoice to the system it will also appear under my account. I know I can ignore it and insist on getting PDF's but clearly there is an account detailing purchases I am making sitting up there on the cloud that could be compromised at any stage. The more of suppliers of mine that use this the more detail of my business that ends up out there and I don't want it

Surely this can't be legal can it? It is password protected but still, they don't have my consent to log this information.

I would appreciates peoples thoughts / knowledge here.

dudara

Are you posting this query in a business capacity or in a personal capacity?

Triangle

<SNIP> no need to quote entire OP

So if I use a cloud system to generate invoices that are being sent to you. Surely I need to have your email address, business name and address to send them too?
I'm also going to want to store a copy for future verification and account reconciliation.
Then I give you access to these....and you have a problem with this?


Just trying to show it in a different angle.

antoinolachtnai

dahayeser wrote: »

Surely this can't be legal can it? It is password protected but still, they don't have my consent to log this information.

They do not have your consent but they may well have a 'legitimate interest', either in their own right or in their capacity as a data processor on behalf of the participants in the scheme.

dahayeser

Triangle wrote: »

So if I use a cloud system to generate invoices that are being sent to you. Surely I need to have your email address, business name and address to send them too?
I'm also going to want to store a copy for future verification and account reconciliation.
Then I give you access to these....and you have a problem with this?


Just trying to show it in a different angle.

Indeed and I thought of it like that too but I do think there is a significant difference. If you have a record of your interaction with me and you get hacked a small portion of my data is compromised. However in this case someone is effectively creating an account on my behalf and everytime a client using this software deals with me, they add to that account.

If that account gets compromised there is potential for a lot of damaging data to get out there.

dudara, asked if I am posting in a business or personal capacity. I suppose I came across it in a business capacity but am asking in a personal capacity. I run a small ecommerce business on the side. If some detail got out I suppose it is not that big deal but I am curious as to the legal implications of this.

nosilver

Gmail is a cloud system as are many other email programs.

I really can't see an issue - if anything it's more beneficial to you.

Can't see any data protection issues either and can never understand how people trot the "data protection" argument on anything and everything.

dudara

I can see your concern. If I understand correctly, you are dealing with Company A and Company B, two distinct companies, who happen to use the same software for invoicing. When you log into the portal, you see invoices from A & B, despite them being different companies. Am I correct?

That's a little concerning to me. I would expect company data like that to be segregated and I wouldn't expect a cloud service provider to be mixing together data from different customers in the SRM portal.

WildCardDoW

dudara wrote: »

I can see your concern. If I understand correctly, you are dealing with Company A and Company B, two distinct companies, who happen to use the same software for invoicing. When you log into the portal, you see invoices from A & B, despite them being different companies. Am I correct?

That's a little concerning to me. I would expect company data like that to be segregated and I wouldn't expect a cloud service provider to be mixing together data from different customers in the SRM portal.

It seems here that the cloud invoice company are storing and linking the invoices sent by email, i.e
Invoice #|from|to
1234|email1@email.com|opemail@companymail.com
1235|email2@email.com|opemail@companymail.com


So when op uses that same email to register they are now calling up the invoices sent to that email.



Potentially a bit of an issue as it appears then that all invoices are stored in a global style table rather than having separate tables per user.

jimmycrackcorm

dahayeser wrote:

To my shock my account appeared to be have been pre-created and there were invoices there from a number of clients of mine. I was aware of these invoice due to having accessed received the PDFs that wasn't the issue. My problem is it seems I have had account created for me due to clients using this invoicing package and directing invoices from it to my email address. I never endorsed this package or agreed to have any of my details on it yet when I log on I find details of my business and a number of my recent purchases sitting there.

Your clients are the ones who've effectively created this account. By publishing their invoices against your email they're responsible for that data being there.

I don't think that is an issue in itself. If you only have access to the email that is used to access this then it's only you who can get this data and this shouldn't be a privacy issue.

I'm reading your concern as being abit the data being there that you didn't put, but that your clients did. This is no different that your online banking containing transactions generated by third parties and when you log in you see these.

dahayeser

nosilver wrote: »

Gmail is a cloud system as are many other email programs.

I really can't see an issue - if anything it's more beneficial to you.

Can't see any data protection issues either and can never understand how people trot the "data protection" argument on anything and everything.

I make a decision to sign up to gmail though, I get to see the Ts&Cs (ok I probably don't read them all, but I can if I want). I have made a conscious decision to have an account and am prepared to do what is necessary to keep it secure - update passwords etc. I get to delete my email and even my account if I want.

Here my account is created without my consent. I haven't committed to maintaining this account.

To say it is beneficial is a big assumption. I don't know the quality of this software. If this thing gets compromised my margins and suppliers out there. That could be very damaging.

I can't see how this type of system isn't a breach of something.

ED E

You should have the option of merging the "receiving" account if you so wish, otherwise the links should be ephemeral.

I would view this as very shoddy systems design, probably aimed at making you a customer too further down the road.


Do a data protection request and see how much they actually have on you.

Ongo Goblogian

A user may have several unrelated business interests that they need to bill or be billed for. They may have a direct email for convenience and expediency when dealing with customers.

In this instance it appears that the package provider has taken one piece of information and assumed everything that relates to it also relates to each other. This is a fundamentally incorrect approach to a solution and I believe the OP is correct to be concerned at the lack of compartmentation and the assumptions that are made in relation to his business.

In reality what may be happening is that the companies that the OP deals with have created an entry for the OP that only they can access. The company's account will have all their clients, not just the OP.

A second/third/fourth... company who also deal with the OP has done the same.

An account with all the OP's dealings never existed until such time that the OP created it by giving a user name and password. At this point a virtual DB account is created from the OP's information and strips the Databases of the companies above to create this repository of past OP transactions.

I would reckon if the OP deletes this account he will also delete the reference to the information he is concerned about. The information will still be on the cloud in the DB's related to the companies using the package, but the conglomerated OP data will be dispersed. Although, still easily retrievable if the master DB is compromised.

I hope the above makes some sense but I will put it a different way...

If the op's account is hacked, the hacker will see all the op's transactions. If the op deletes this account which he created, the transaction links will also go.

If a companies account is hacked, only the op's dealings with this company will be compromised, not dealings with other companies.

If the package itself is hacked, everybody knows everything!

Disclaimer, all of the above is speculation as I don't know what package is being used!!!

dudara

WildCardDoW wrote: »

Potentially a bit of an issue as it appears then that all invoices are stored in a global style table rather than having separate tables per user.

Agreed that this is potentially an issue. The software company appears to be pulling based on email address, without looking at segregation by company code etc.

A global table for all invoices is common in ERP solutions, but invoices would typically be segregated somehow by company codes, which then feed into security rights. So even though all invoices are stored together, you can only see those for which you have access rights.

SRM portals are common, whereby a supplier can log in and see their invoices, enter shipping notices, make payments etc. But this would typically be with just one company, or group of linked companies. To see invoices from several legally different companies in one portal doesn't feel right to me.

Potential here for incorrect invoices to be displayed to the OP if email addresses are incorrect or mixed up.

Ongo Goblogian wrote:

In this instance it appears that the package provider has taken one piece of information and assumed everything that relates to it also relates to each other.

This is the nub of the issue, and I don't think that the software provider has the right to make that determination. It feels like poor system design to me

derickmc

I have encountered this or something very similar over a year ago. Had to create an account or at least activate one. I am not sure of the exact procedure or if the account was pre created. It did ask for a company code on first sign in I think..

Once I saw the build up of data I wanted to delete my account but there was no facility to do so. I emailed the company (best left nameless) and they deactivated my account. Not before they tried talking me into taking it on as my system though. I think the deal was I got to send 5 invoices p/m for free and paid for more than that.

Is it in breach of some data regulation? I don't know. It's not something I am comfortable with and would prefer to avoid using suppliers that use it. Interesting view points above.

Ongo Goblogian

derickmc wrote: »

Is it in breach of some data regulation?

The data supplied by the companies in relation to their customers would be required for functionality and most likely legit.

The striping or mining of this data and associations made with a new account seems backhanded and possibly an abuse.

Most likely the original companies are not aware of the practise.

Also I expect that the package provider has some t&c's that cover it. Also servers possibly based in a jurisdiction where it makes no ends.