So I took a not-so-tech-savvy relative to a Tesco store in Gloucestershire yesterday evening to purchase a mobile phone contract. During the sign-up process there was a separate fail on Tesco's internal site, the relative I was helping happened to be a widower and as such in the 'Marital Status' section of the form only contained, 'Married', 'Divorced', 'Single' or 'Other'. My relative chose 'Other' being the most fitting and we progressed with the application. During the confirmation a referral was requested and the helpful Tesco employee called the call centre who requested that the 'Martial Status' option was changed to 'Married' to progress the application, my relative said that she would prefer to be listed as 'Single' and this duly broke the web form and the application had to be completed again.
It was at this stage that I spotted Tesco's Data Protection Act (DPA) failure. When the helpful employee clicked in the Drivers License and Passport Number field, used for identification purposes on credit agreements, hundreds of previous customer Drivers License numbers and Passport numbers had been cached in the form fields! I could not believe my eyes. I was actually speechless and for those of you who know me personally, im rarely lost for words :-S
I explained to the helpful employee how bad this was and she 'kind of' understood but didn't really seem concerned. Now I know that its not a great concern to a helpful young Tesco employee who was waiting for her shift to finish on a Saturday night so she could go out and enjoy the evening with her friends, but Tesco shame on you! Have you not learnt anything from the last berating you got from the IT Security industry - ahemm - http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html and - http://www.bbc.co.uk/news/technology-19316825
Now I do feel that I am in a position of responsibility and have sought advice, I have checked the Information Commissioners website who say that I should 'First, tell the organisation concerned and give it an opportunity to put things right.' - as I right this article Tesco have just contacted me on Twitter to ask how they can help.... Ill keep you updated.
No comments:
Post a Comment