Case Note 218337 [2010] NZ Priv Cmr 17: Customer’s booking information disclosed on company website

Article posted on : link to source

A customer purchased travel related services from a company. The company sent him an email with a link to his booking details on its website. The customer noticed that the website url link ended with his booking number. He observed that by changing the booking number, he could view booking details for other customers. He realised that other individuals would also be able to view his booking information. The booking details included personal information about customers like: Name Address Phone number Email address Vehicle registration Travel datesThe customer was concerned about this information being disclosed. He contacted the company asking it to secure his personal information on its website, but it did not respond. He then complained to us.Principle 5Principle 5 expects agencies to have reasonable security safeguards to protect personal information against loss, inappropriate access, use, modification or disclosure, or other misuse.Agencies making personal information available to customers via…