I recently wrote about why I’m cautious of all the hype surrounding what has become known as Web 2.0. One of my major concerns related to data security is that if my data is held on someone else’s servers, how can I control what it is being used for? Well, last week, back in the Web 1.0 world I experienced exactly the kind of issue which just underlines these concerns, when my ISP accidentally sent my account information to 1800 customers.
The first I knew was an e-mail from the Marketing Director which read (in part):
“This afternoon, whilst the marketing team was in the process of sending you a Customer Service Update, an email was sent in error to 1,800 customers. The email sent in error contained information relating to your Force9 service.The specific information was: our internal reference number, username, name, product name, subscription amount, Force9 email, alternative email, marketing preference and active status.
No address details, credit card details, payment details or phone numbers have been disclosed.
We have contacted the customers who received your information, asked them to disregard the contents and delete the email.
I would like to apologise. Although this was a result of a regrettable human error, we will be updating our systems and processes immediately to prevent this from ever reoccurring.
Once again, please accept my apologies for any inconvenience this has caused.”
Of course, my ISP should be commended for “‘fessing up” on this one – how many other organisations would have just kept quiet? But the accidental disclosure of information held about me by third parties is not an isolated incident – last year I experienced a similar problem when the Spread Firefox database was compromised. Some protection can be gained when registering with websites by using false details (watch those mandatory fields and think “why do they need my mailing address and telephone number?”); however there are practical reasons why many service providers need to be given real information.
In these days of direct marketing and (even worse) identity fraud, it seems to me that being concerned about the use of your personal details when they are supplied to a service provider is not being paranoid – it’s just common sense.