Tag Archives | customer data loss

More on Data Protection

Following on from my two recent data protection and identity security posts (here and here), I’ve started to keep a running total of the number of Irish companies who’ve lost their customers personal data. This new research is now available here. Please let me know if I’ve missed out on any data loss incidents.

In the same way that we’ve captured every reported incidence of overcharging by businesses of Irish consumers in the past 4 years, we’ll now do the same for data protection breaches.

To date, 20 Irish organisations have overcharged 1,601,258 Irish consumers a total of €623,943,892. And yet no one has been punished, including the many banks who haven’t even been bothered by the Financial Regulator for their wrongdoings.

Based on my analysis, since the start of the year 5 different organisations have been responsible for 9 data loss incidents which have affected an estimated 580,700 Irish consumers.

We Irish consumers are really getting it from all angles. Remember, our tips on protecting your personal data is available here.

0

IPSO misled consumers during credit card skimming fiasco

Back towards the end of August, I wondered what particular data protection regulations were being invoked by the Irish Payment Services Organisation (IPSO) following a number of credit card skimming incidents in the country. Data protection rules were used as the reason IPSO, nor the credit card providers, could not reveal the names of businesses targeted by scammers who installed bogus credit card terminals in a number of shops around the country.

As it turns out, IPSO were misleading Irish consumers. I have had this confirmed by the Data Protection Commissioners (DPC) office. There are no data protection regulations that would prevent the publication of the names of the impacted shops – unless the shops were sole traders, which the DPC doesn’t believe isn’t the case in any of the businesses impacted recently.

I guess that this deception was primarily intended to protect the names of the idiotic shop owners and credit card providers, and their businesses, who were caught out by this scam – at the expense of protecting the consumer. I can only guess here because IPSO did not respond to 4 e-mail requests for information on this issue over the past couple of weeks.

What should have happened here was that the names of the impacted shops should have been published immediately to allow consumers check their credit card accounts, and take precautions to ensure that they weren’t scammed. Instead, the whole country was left wondering if they could have been impacted.

What should also happen now, is that the organisation that allegedly “aims to defend consumer interests and to embed a robust consumer culture in Ireland”, the National Consumer Agency, should follow up on this with IPSO and the banks to ensure that this misleading of consumers doesn’t happen again.

Well, that’s what should happen, but what are the chances the fuckers* will do anything?

2

Data Protection versus Consumer Protection – round 2

Update to my post below about data protection regulations not protecting the consumer.

There was an article (linked here) in yesterdays Sunday Business Post that contained the sub-headline of “Payments group claims data protection law prevents naming of shops and restaurants”. But unfortunately, the article doesn’t really detail the reasoning behind this bizarrely anti-consumer aspect of data protection legislation.

From the article, Jennifer Chamberlain, marketing manager of IPSO, said that “the exact locations and retailers in which the incidents occurred could not be made widely available due to data protection issues”.

I still stand by my assertion below that this should not be the case (if in fact this is actually a specific data protection regulation) as their silence is more to protect the retailers and credit card providers reputations rather than protecting customers.

1

Consumer Protection versus Data Protection – and consumers lose!

I was listening to Newsbalk this morning where they were talking about another credit card skimming incident, this time in Galway.

What struck me again about this incident, as well as the original story last week, was the failure of the banks, the Gardai or IPSO – “the representative industry body, the voice and guardian of the payments industry” – to let potential victims of these scamming incidents know which credit card providers were impacted, and which shops the skimming took place in.

We were told that the banks would be following up with the impacted consumers – but we know what the banks are like here so you wouldn’t put much faith in that happening quickly.

So, the only way people will know that anything is up is through the limiting of their credit limits – presumably then when the customer rings up, the bank will inform them of what’s going on and what should happen next.

And why aren’t we told that our credit cards are at risk of being skimmed – data protection regulations apparently. I can’t find any information online at least as to why this is the case, but it seems highly ridiculous to me.

It’s apparently against data protection regulations to let consumers know that they are potentially at risk of having money stolen from them. It’s against data protection regulations to give consumers the information that they would need in order to allow them protect themselves against being ripped off by credit card skimmers.

Or is it that somewhere there’s an agreement that in the interests of protecting the businesses impacted and the credit card suppliers that their names won’t be published in the media. If a shop is announced in the media as having been stupid enough to allow scammers install a skimming mechanism right under their noses, how likely are customers to go back into the shop in the future – their business would go down. And if a credit card supplier is found to be susceptible to skimming, how likely are people to continue to be, or to continue to be, their customers.

This is nuts!!! Data protection is about protecting the data of individuals – not the reputation of businesses who are sloppy in their actual data protection responsibilities.

On the other hand, if there is some data protection law that is preventing this information from being published – someone should do something!!!

Maybe we could have the the fuckers* at the National Consumer Agency which was set up to “defend consumer interests at the highest levels of national and local decision making” write a nice letter to the Data Protection Commissioner to get changes made to allow the names of impacted shops and credit card providers be named in public.

This is something that would definitely be a positive move that would be of benefit to the consumer – but that would cause the first instance, I think, where one arm government would be expected to go up against another arm of government in order to defend the rights of consumers – something that from Day 1 I and many others never expected to happen.

0

Powered by WordPress. Designed by WooThemes

hit counter