Last month I wrote about a story on the Consumerist website about a customer whose wife started getting emails addressed to him from an online florist site that asked if he wanted to purchase additional gifts for someone named “Margaret” – which was a bit of a problem, since his wife’s name isn’t Margaret, and neither of them could figure out what these messages where about. Inquiries to the company and to their credit card providers confirmed that their identity didn’t appear to have been stolen, and no fraudulent charges had appeared on any of their cards, but the emails kept coming anyway. In my last post about this, I noted that the company could have caused some real trouble if the couple in our story wasn’t as confident in their relationship as they appear to be, and could have found themselves in real trouble if someone had decided to sue them over this little faux pas. However, the follow-up indicates that the situation is actually much worse than that…
On this week’s installment, the couple in the original story got fed up with the ongoing sales messages and decided to see if there was shipping information on file for “Margaret,” since online order forms will sometimes store that kind of thing. And, sure enough, when they hit the “order now” button the order form came up, complete with an address and telephone number for the mystery woman – who turned out to live in a city neither of them had ever visited, in a state neither of them had ever been to. The folks over at the Consumerist urged them not to contact Margaret directly, and to instead try (again!) to inform the company that they were screwing up by the numbers, but as of this writing there has been no further rely. I have to wonder if the company has any idea how badly things could have turned out…
Consider, for example what might have happened if this contact information had been sent to some unscrupulous person, such as an identity thief, or even a telemarketer. Just the name, address and telephone number could have been used for any number of scams, but the inclusion of Margaret’s email address would have made it almost too easy. If the database glitch that caused this information to be routed to the wrong person had also included credit card or banking information almost anyone could have taken advantage of it, and if Margaret herself had anything to hide the account information could have turned up in another family tragedy – or blackmailing scheme…
In my original post, I noted that even a few years ago this sort of clerical or database error would have had limited effect, and left the company open to extremely limited liability as a consequence, but in the Internet age it wouldn’t take much more than this to bankrupt the company. I should also point out that there has never been any such thing as a database with no errors in it, and no company going forward is going to have one, either – and certainly no Internet retailer ever will. If the company carries general liability insurance on its operations (our consulting company did back in the early 2000’s, but not every business does this) it might cover the potential lawsuits from this sort of problem, but it would probably be a good idea to check the exact language on the policy…
And if your business has any contact with its customer base that depends on a database being maintained without a single embarrassing error every happening, you might want to consider checking the language on your own policy – or getting such an insurance policy, if you don’t already have one…
No comments:
Post a Comment