Data protection, violation?

[ash_scotland88]

Today I received an email from a company they are claiming I have an overdue balance to.
Now in the email the sender has just copied everyone into the "to" section instead of "bcc." Thus making my email and everyone elses email visible to everyone else.

I've already sent an email complaining and saying it's an issue I will look into further, but what are actually my rights?

 

[gillywibble]

Depends what's in the e-mail. Does it contain personally identifiable information?

 

[ash_scotland88]

Well email address, which is in my name. I would describe that as "personally identifiable information"

 

[SexyGreyFox]

I'm afraid they won't get fined £500,000 for that.
No worse than all the email addresses that are harvested and used for junk mail.

 

[ash_scotland88]

Not looking for them to be fined.
Looking for anything that I am able to claim.
It's not junk, it's a legitimate company I had a tenancy agreement and now 30odd others know that I (supposedly) owe them money.

 

[jamief]

Pay the debt and stop looking for ways to "claim".

 

[SexyGreyFox]

Not looking for them to be fined.
Looking for anything that I am able to claim.
It's not junk, it's a legitimate company I had a tenancy agreement and now 30odd others know that I (supposedly) owe them money.

It's an email address and there must be at least 1000 other people called Ash Scotland.

 

[RomanNose]

A university recently did it to me, according to facebook there is a grand total of four people who have the same name as me ,so my email pretty much gives away who I am.

 

[ash_scotland88]

Not looking for ways to claims, and this is my actual name, not an online name, it's my personal email address with real life name.

 

[GreatAuk]

Well in our IT GCSE lessons we had to learn about the data protection act and the teacher said that means the company can't disclose any of your details without your permission, so maybe it's in breach of that.

Apart from my GCSE (lack of) law knowledge, I would also complain if some company did this to me.

 

[Icm76]

30odd others know that I (supposedly) owe them money.

Is it true, do you owe them money or have you been libelled?

You can google for examples but there are no guidelines on compensation for breaches of privacy under the data protection act. Banks have compensated customers to the tune of ~£50 each in instances where personal details were exposed and emailed to 1000s of other customers. More serious breaches where all personal statements & account access or history are exposed to the wrong person have been compensated at ~£250.

This has happened to me a couple of times, both times it was retailers messing up. The first time it was email address exposed to 20-30 people, retailer honoured a minor misprice, worth about £5. Another retailer after exposing email addresses to a few hundred people gave each of us a €10 (or $10) coupon.

In your case, it's 30 people getting your name and email address only? It doesn't look any where near as serious as the examples of bank customer details being leaked. If they libelled you I might ask for £25-£50, but if it's all true then £5-£10 is perhaps pushing it.

 

[SexyGreyFox]

Not looking for ways to claims, and this is my actual name, not an online name, it's my personal email address with real life name.

I bet you have the same real name has 1000s of other people.
Your email address is not [email protected]

 

[ash_scotland88]

Is it true, do you owe them money or have you been libelled?

You can google for examples but there are no guidelines on compensation for breaches of privacy under the data protection act. Banks have compensated customers to the tune of ~£50 each in instances where personal details were exposed and emailed to 1000s of other customers. More serious breaches where all personal statements & account access or history are exposed to the wrong person have been compensated at ~£250.

This has happened to me a couple of times, both times it was retailers messing up. The first time it was email address exposed to 20-30 people, retailer honoured a minor misprice, worth about £5. Another retailer after exposing email addresses to a few hundred people gave each of us a €10 (or $10) coupon.

In your case, it's 30 people getting your name and email address only? It doesn't look any where near as serious as the examples of bank customer details being leaked. If they libelled you I might ask for £25-£50, but if it's all true then £5-£10 is perhaps pushing it.

Thanks for the decent feedback.

It's not yet clear if I owe them money.
So apart from having a hissy fit, and spitting out my dummy at them (which I've already done) there's nothing else I can do about it.

 

[dowie]

I'm afraid they won't get fined £500,000 for that.
No worse than all the email addresses that are harvested and used for junk mail.

Actually people have been fined for doing pretty much the same thing - HFC bank, similar e-mail blunder, £130,000 pay out.

 

[dowie]

hmmm - 30 odd people - guess it won't be a particularly big payout for the company to make (if there is one)

 

[SexyGreyFox]

Actually people have been fined for doing pretty much the same thing - HFC bank, similar e-mail blunder, £130,000 pay out.

For an email address?
sauce?

 

[dowie]

For an email address?
sauce?

HFC bank, similar e-mail blunder, £130,000 pay out.

I had a temp job there after uni shortly after the incident happened.

Though for lots of e-mail addresses like couple of thousand - but essentially they sent out a mass mailing and didn't BCC the recipients as per the OP.

 

[SexyGreyFox]

HFC bank, similar e-mail blunder, £130,000 pay out.

I had a temp job there after uni shortly after the incident happened.

Though for lots of e-mail addresses like couple of thousand - but essentially they sent out a mass mailing and didn't BCC the recipients as per the OP.

So where is the sauce for just using emails with no other information?

Got the full story -

the mistake was compounded when ‘out of office’ replies from some customers exposed telephone numbers and details of holiday dates.

 

[Burnsy2023]

I call BS. Email addresses by themselves do not qualify as personal data as they are not personally identifiable as has been mentioned.

 

[Icm76]

I call BS. Email addresses by themselves do not qualify as personal data as they are not personally identifiable as has been mentioned.

perhaps it's normal for you to just randomly send emails with no actual content? the rest of us like to include messages that sometimes contain names, addresses or personal correspondence that is private. We also prefer to keep our email addresses private so that we can't be spammed or be sent viruses.