To panic over this???? (GDPR breach)

[aconfusedperson]

Hi all,

So I was emailing a company back and forth regarding a faulty product.

Included in this email thread was my full name, old address, new address, and personal mail address.

I replied to an email in the thread this afternoon and it somehow reached a customer who has a similar first name to me. She replied asking to be removed from the conversation but upon investigation, she has access to the whole thread, meaning a random stranger out there knows very personal information.

I am an extremely private person and things like this give me a lot of anxiety. I especially keep my address private due to past problems with stalkers etc.

Any advice on what to do? Can I sue this company for GDPR breach?

Thanks

Op you are massively over reacting and could get someone fired in the current climate would that make you happy over an honest mistake

Good grief, companies need to do better than this.

It's not companies though is it. This won't be their policy - quite the opposite I'm sure.

This is human error. A single person.

Technically it's a breach but honestly, unless they have form for doing this to multiple customers I doubt they'll be any fines or any 'punishment', just a warning no doubt.

It's a very simple error. I've made it. Gmail has saved me many a time with its 10 second recall!

To put in perspective. It's like you've left something accidentally in your basket and walked out the shop. Sounds like you want a full swat team sent out, £1000 fine and years in prison over what?

Computers can be weird. Bugs happen. You say it wasnt human error, for all you know some idiot linked the wrong email to your account, hence why she got the email. Unless you know the complete inner workings of the company, I think the best you can hope for is an apology, and a promise they will investigate to ensure it doesn't happen again. Believe me, serious gdpr issues can be costly.... 4% of annual turnover as a fine so I've been informed....so it's in their interest to take your complaint and work through their process. But they are highly unlikely to be fined because some twollop accidentally ccd in the wrong customer somehow.

Yes it's your data, yes you have a right for it be protected. But it sounds like a one off accident. It has be sent to ONE similarly named customer not hundreds. It has not been published publicly. The person who received is highly unlikely to have even given it a second thought.

Also encryption or not, I wouldn't be sending chapter and verse of my personal details in one chain. How do you know it's secure? I tend to send things separately. And I'm quite laissez faire about my data...

Justice? This wasn't a malicious act, someone has made an error.

It is highly unlikely that this random person is going to do anything with your details. The fact that they responded to be removed from the thread, makes it even more likely that they have absolutely no interest in you or your details.

Absolutely raise a complaint if they sent your details to someone else thougg

@Heyahun

What’s someone going to do with your bank account number? They could pay money into it - but can’t take anything out of it ?? I don’t see the big deal at all- do you think the woman is going to come over to your house now she has your address!

Diabeties UK will take a donation with just the account number.

Jeremy Clarkson found that one out

Just to point out every delivery driver you've ever had knows your name and adress. And the phone book?

God people are nasty cows on here...

Why were you giving out your bank details if you wanted a cheque? They just need your name.

I have been the stranger with a similar email address/name who received communications I wasn't supposed to before. I informed the sender and asked to be removed. I used none of the information in the thread and found the whole thing a nuisance, not a source of illicit income by ripping off bank details. It is very unlikely the unintended recipient of your details will do anything nefarious with it either. Which doesn't mean it's risk free, few things are, but the risk is small.

You should complain to the company - it's almost certainly human error but not an unavoidable one. There are systems to make sure typos like that don't happen when you already have a verified address for someone. It sounds (much as with the company that emailed me) as though they're a bit incompetent with technology or haven't spent resources considering how easy it is to do this and there isn't really any excuse for that nowadays.

According to the ICO you can ask for compensation for a GDPR breach and take them to court if they refuse. Such compensation can cover distress not just material loss. I suspect, it would not be worth going to court for what has happened but IANAL.

I'm curious what encryption you were using over email? (I wasn't aware anything was ubiquitous enough for general use between a business and a member of the public, so would be good to know how things are changing).

If you’re going to report anyone to the ICO, report yourself for sending all that information via email. Sounds like you’re dealing with a really dodgy company if they don’t refund onto the card you paid on or send a cheque.

If by bank details you mean sort code and account number, this is nothing. That info was on cheques which were common not long ago. And all anyone can do with it is put money in, they cannot withdraw with those.

If you mean card details and cvc, this is different, but there would be no reason for this to be on a thread anyway so that they were asked for (and given, if cvc is there..) is slightly more concerning in that case.

Diabeties UK will take a donation with just the account number.

I think companies can set up direct debits, however they have to send you the confirmation at which stage you could stop that? And if you don't, getting a refund on a DD payment is easy and is done in minutes. If someone was going to commit fraud, I doubt they would be donating to charities somehow? I mean, they could set up DDs on someone elses bank just to be a twat I guess, but the risk of being prosecuted for doing it for a 'joke' would stop most surely. Theres no way for a person to gain.

God people are nasty cows on here...

Aren’t there just? I call it competitive cuntiness

Your bank details would be on your cheque back in the day (& will still be if you use them). I think you are over-reacting.

Oh for Gods sake calm yourself down. This is the problem with modern life gdr Breach suing and all this crap. I’d love to go back to the days when all of this wasn’t even a thing. 99% sure you will be fine. Can you really not just accept that in life no matter how robotic we are striving to be there will be genuine mistakes made. The person involved asked to be removed from the thread... job done. Move on, unclench and breathe. No lawsuits needed. Save yourself the stress, money and energy and go and use your time and energy in something that benefits you instead... I would suggest mediation by the sounds of things

Relax! You’re working yourself up over something and nothing. It was an error, nothing more, nothing less. I don’t think the third person would have announced them self if they are planning to stalk you, do you? They also can’t do anything with your bank details.

What would ‘justice’ look like to you? What could they do to make it right? If you’re going to complain, it’s worth thinking about that.

Lastly, as you’ve been though a recent traumatic event, maybe, for your own sanity, you’d be better off avoiding online shopping until you feel safer and your anxiety is under control.

I don't understand what happened. They emailed you, you replied, they replied, etc., how did the 3rd party become involved?

Remember the good old days of cheques..... bank details on everyone!

OP you're making a mountain out of a molehill!

YABVU and overdramatic. No, you can’t sue. Yes, humans make errors and mistakes happen. It’s just part of life.

I am an extremely private person and things like this give me a lot of anxiety. I especially keep my address private due to past problems with stalkers etc.

If you've been stalked in the past I'm not surprised this has put you on edge and raised old anxieties. 🌺

try to bear in mind though that the other customer is not a stalker and did the right thing by alerting the company immediately. These are not the actions of anyone who wishes you harm.

I think some of the responses are a bit harsh - you mention in your opening post about being stalked. I can only imagine that it does affect a person. People who have been burgled often move even though it's unlikely to happen twice especially if you ramp up security.

Have you had counselling about the stalking? It's a good thing to be cautious but not to the point that it's making you over-anxious

A bit crap on their part but likely a genuine mistake by a lowish paid admin or customer services person. Kicking up a fuss could lose them their job or put them in the firing line and I'd personally feel bad about this over something which is extremely unlikely to have a bad outcome.

I'd be more worried getting behind the wheel daily than this and I'm not worried about that.

[quote aconfusedperson]@Powerchewings how would you feel that a stranger has all of your personal information. all you need for some websites is a name and an address to access even further data on someone and potentially hack them.

Anyone would be crazy not to take further action even if it is just getting a warning sent to the company.[/quote]
How would suing them stop this?

If you want to report them go ahead, but your talk of suing them suggests that all you are really after is some easy money. It was a mistake, it happens, the third party has flagged it so presumably aren’t planning on doing anything.

What do you think anyone can do with your address anyway, or even your bank details, which are printed on every cheque (which some people still use).

And no, I am not registered to vote.
I suppose they could report you for failing to register to vote and you might get fined (then you would have suffered a loss and so mighte be able to legitimately claim some compensation.)