Recently it emerged that the food delivery business Just Eat is facing an investigation by the Information Commissioner’s Office (ICO) after a delivery driver stole a customers’ number to send her inappropriate text messages.
According to The Telegraph Technology (pub.16 January 2018), the customer claimed she received a text from the driver after ordering a takeaway. When she asked who was contacting her, he told her it was “a fan” and sent a winking emoji. She said that the driver asked her if she had a boyfriend and told her that “I do not just try to make friends”. He also told her he would see her “next time, when I get your meal”.
After sharing the messages on Facebook and Twitter, the customer said she was “astounded” by the number of women who had got in contact to say the same thing had happened to them.
The ICO said it had opened an investigation on the matter.
A spokesman said: “If a customer’s phone number is used for reasons for which it was not originally taken, it could be a breach of the Data Protection Act. Organisations have a legal duty to make sure personal data is only used for the purposes for which it was obtained. We are aware of reports of an incident involving Just Eat and will be looking into it.”
A spokesman for Just Eat said: “The safety and wellbeing of our customers is extremely important to us and we were deeply concerned to hear about this incident.
“Along with our restaurant partners we take the safeguarding of customer data extremely seriously. We share information with our restaurant partners solely for the purpose of facilitating delivery and are continually reviewing our policies and practices to ensure they are robust.“
“When you visit the Website or use the Service to make an Order from a Restaurant through the Website, you may be asked to provide information about yourself including your name, contact details (such as telephone and mobile numbers and e-mail address) and payment information (such as credit or debit card information).
“We may need to provide your information to any Restaurants that you have placed an Order with so as to allow the Restaurant to process and deliver your Order. By submitting your personal data, you agree to this transfer, storing or processing.
This incident appears to show that the misuse of customer’s personal data is widespread. It’s no wonder than that many people say they do not trust businesses with their personal information. Just Eat’s reputation has been damaged, it could face a fine from the ICO and it may lose customers.
Businesses need to understand that good data protection is essential – and that this includes doing much more than having well-written policies. It means adopting an ethical mindset and amongst other things this means ensuring that any other business that customer’s personal information is shared with can be relied upon take data protection seriously.