Which Credit Card Blunder
London July 2001 - Little wonder that the IT press has given so much coverage to Which's massive own goal. As readers will doubtless be aware, Which runs the Taxcalc site which provides assistance with completion of self-assessment tax forms. It is not yet clear whether this episode was the result of a software glitsch or employee blunder but in any event, the site failed Which's own security standards by inadvertently publishing the credit card details of almost 3,000 of its customers on the Taxcalc site.
1. Vicarious Liability
Under English law, a company is responsible for the actions and omissions of its employees even if the employee acted without direct authority. Thus, if any of the customers do become victims of fraud because of the release of their credit card details, Which will not be able to escape liability by blaming the incident on employee error.
2. Data Protection
The Data Protection Act 1998 is based on eight principles, which aim to protect individuals about whom information is collected and stored ("Data Subjects") against use, misuse and storage of data secured in an unfair manner as well as storage of inaccurate or incorrect information. Obviously, it is imperative that those who collect personal data adopt adequate safeguards. Detractors would argue that Which has not done so.
3. Legal Regulation of Websites
Which's own failure to subject its own site to its own voluntary accreditation scheme, highlights the need for legislation imposing compulsory standards on websites in respect of matters such as content and security. Various rules already exist but a comprehensive single piece of legislation directed specifically at websites would make things much clearer.
4. The effect on E-Commerce
It is arguable that Which's well-publicised failure will result in further recalcitrance from the members of the public to entrust their card details to internet vendors. This might have cause severe business problems for UK e-commerce and might even result in business failures. Rules of legal liablity mean that it will be impossible to pin this on Which but it is difficult to avoid the conclusion that Which's blunder might do for UK e-commerce what the film Midnight Express did for the Turkish tourism industry.
SPRECHER GRIER HALBERSTAM LLP
Sprecher Grier Halberstam specialise in e-commerce and domain name disputes.
© This article is copyright Sprecher Grier Halberstam LLP 2008 and should not be construed as legal advice or opinion in any specific facts or circumstances. the contents are intended for generic information purposes only. You are urged to contact a suitably qualified lawyer for specific advice.