Like most people, I get a lot of emails from firms I’ve ordered from online. And I nearly just deleted one email I received this week from a vitamin and supplements store that recommended I might want to re-order three items that I had supposedly previously ordered from them. But then I took a closer look at the email, which was addressed to the tagged email address I used with them, and thought about the fact that they were recommending I reorder three items I had never ordered from them or ever purchased from one of their brick-and-mortar locations.
A simple error in their records? Maybe. But do I want a store’s records reflecting that I bought supplements to treat health problems I don’t have?
So I emailed Customer Care and told them that their records of my purchasing history were incorrect. And because of data mining, I told them, I wanted them to delete those records from my history.
What followed was some interesting correspondence that included them asking me whether I wanted a password reset (which is fine, but irrelevant if the error was made by a clerk in a brick-and-mortar location).
So now I’m waiting to see if they’ll delete the incorrect records, as I requested, or – as I let them know I would do – I delete my account with them altogether (which would not be to their advantage and wouldn’t get incorrect records disassociated from my name).
This incident made me realize how often I might not think to seriously look at what I’m being sent, even though it might alert me that a store’s records might include purchases I didn’t make, and how those records might come back to bite me if the purchases suggest health problems or other issues I don’t have.
I know this might seem like a very small deal and not even worth blogging about, but because I do not know with what other firms or data brokers those records might be shared, yeah, I responded to this instead of just letting it all go.
So how’s your Sunday morning going?
Interesting.
Do they state in their policies who they may share data with?
Do their policies reflect a requirement in the case of incorrect data/info (or to correct data)? And what about who they share the data with when corrections are made?
It also has me curious if what they tried to push on you is targeted for your age (29) and gender?
Good for you! Many people would let this go.
I too came across a situation the past couple of weeks. Not sure how to go about it (not even sure how to state it here w/o giving up some person info). I think a bank breached our info to another entity (doesn’t make sense to me), or an employee breached it to an entity to get a possible commission (makes more sense to me). :/
The entity in question stated they got the info from some Canadian data-broker. When I looked at the data-brokers site and what they state and give, it would seem the entity in question is lying since this entity had private financial information which the data broker apparently does not have, get, or give. Nor do I know how the data broker in question would get this info the exact same day we made inquiries to the bank (entity called same day pushing their service for the same thing I went to the bank for, and the exact same amount).
That’s some serious coincidence there.
A week later when the bank came back to me with a sum (a range), I got the call again from the entity, and this time not for a single figure as before, but the exact same spread of the sum that the bank gave (example, 19 to 20K).
That’s some serious coincidence there.
I think you just gave me the encouragement I need to get the ball rolling on this. Been mulling this over for the past week. Still not sure how I should start this, or with whom, or to involve all parties at the same time. (bank, broker, entity in question).
The entity, in effect, was trying to cut the banks grass and I think an employee breached our info. It all seems too coincidental to me. Not to mention we never had calls like this before.
But try and show this is more than coincidence regardless of what I write/do is what is holding me back. hmm
Just to make sure I understand your situation: the first time you made inquiries to the bank, was it in person in the bank, or you inquired by phone or email or…?
And when the bank got back to you a week later with a sum (range), did the bank contact you by phone?
ah, it was initially by phone to discuss it and make an apt. We stated what we wanted and so forth. It was detailed. The person on the phone said they would contact the rep at the bank that’s in charge of our file and the apt will be made.
That same day the other entity called out of the blue with what we asked the bank. I didn’t answer that call, but even my wife found it bizarre (and she isn’t tin-foil hat type).
The actual amount (the spread) was shown to us at the bank.
Call came again (not the same day this time, but about 4 days later) from the entity with the same spread.
Person tried to get me to answer question, but i only replied with, where did you get our info? How did you get it? From who?
Then I got told they got the info from “info Canada” and that it’s stats canada info, and stats canada doesn’t give personal information.
The entity has no privacy policy on their website and are actually located near the bank (same sector).
It could all be coincidence, but that is weird coincidence. A little to close to home type thing with the timing, amount, then the spread. And to be a business right near the bank on top of it?
OK, letter-writing time for you, I think. To the bank’s privacy officer, telling them that your recent experiences suggest the bank is sharing info that you think shouldn’t be shared or they have a rogue employee leaking info. Then give them the chronology, including the allegation by Entity Y that they got the info from “info canada.”
I’d be tempted to tell the Privacy officer that if I don’t get a satisfactory explanation from the bank as to how my info got to this Entity Y, I will file a complaint with the Privacy Commissioner’s Office.
Or something like that. 🙂
Feel free to email me if you want to discuss further.
oh I plan on doing something, or finding out more info at the very least. But time hasn’t been my friend the past few weeks and it won’t be this week (though I will try this week to get something down).
I was going to start with having that other entity show me what info they have (per PIPEDA), then the same with the data broker.
Then I was going to try and compare, and piece things together.
But, in the back of my head I have this little bell going off that sounds like it’s an employee giving info out to the other entity. At least this is my unfounded belief since I find all this a bit too much of a coincidence. And it’s not just me, but also the better half is questioning the same thing. She finds it too bizarre as well.
So the other way I could start is is as you stated, directly to the priv person of the bank instead of me trying to piece this together.
The bank’s priv person may be best to start with, as you stated. At least they should have security personnel to root this out and check it out since it’s banks phones and they should be able to see who took the apt and so forth. Only a couple of people involved there (that I know of).
I may even call PrivCom to see what they think I should do, if anything. So this way the letter to the bank will show I called PrivCom and they may move a little faster on it to check it out.