Once Next have your personal data, they have it forever

29 June 2010

Bitterwallet - Next logoIn the year of our Lord 2010, it's a foolish man that splashes about his personal data like Old Spice. But what do you do if a business has your information and refuses to delete it?

An avid Bitterwallet reader, let's call him Simon, is locked in a battle with Next over such an issue. Simon recently decided to cancel his Next account, because he had no intention of using it again and didn't want a £900 credit limit in his name floating about in the ether.

Simon phoned Next to cancel his account, to be told it wasn't possible to close his account or delete his details, but a quick email to customer services resolved the issue, and Simon was told his account is closed. Except it wasn't, because Simon could still log into his account through the Next website, where all his details and the £900 credit limit were still intact. So Simon emails Next again:

I recently asked to close my account, but I am still able to log into my account, and I can see there is still a credit limit available. Please delete ALL my details from your system, and remove my credit limit. Please confirm once complete. Thanks.

And Next duly reply once more:

I am sorry that you wish to close your account. I can confirm that this has now been done and no further Directories or promotional literature will be sent, unless specifically requested.

And of course Simon checked, and of course his account was still there. Simon emailed Next a third time, and Next replied once more to say they'd definitely sorted it out this time, right, because his account is blocked, his email address has been removed and the credit limit has been cancelled. Simon checked his account; his details were still there but the credit limit had been removed and so Simon assumed the account was closed.

The next day Simon received an email entitled "Notice of Variation of your Next Directory Credit Agreement" which outlined out changes to the credit agreement Simon thought he no longer had. Another email sent to Next, and another reply:

Although you have requested your account to be closed, we are obliged to inform you of any changes in relation to the Credit Agreement for any future purchases you may make.

Simon emailed a fifth time to say he will not be making future purchases, and insist that the account and his personal details be deleted. Next replied:

The order facility has also been closed at your request, but you will still be able to log in and view your account online as we are unable to remove this facility.

Your account details are held for Data Protection purposes and we cannot delete your account.

So Next are saying they will never delete anyone's personal information - even if a customer has repeatedly asked for their account to be closed - and that Next are doing this for "Data Protection purposes". Baffling, since the Data Protection Act states under the heading "THE DATA PROTECTION PRINCIPLES":

5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

That's the law, then, and it seems rather straight forward; Simon's information was collected by Next for the purpose of opening a credit account, and now the account is no longer required and has been closed, Next shouldn't keep the data. Except they are.

We called Next's press department about the matter, but their spokesperson wouldn't comment unless we sent Simon's personal details to them; even when we simply asked what Next's data protection policy was, the spokesperson refused to answer, making it impossible ascertain whether their treatment of Simon is company policy or poor interpretation of it.

We're following up the story with both Simon and Next, but in the meantime - have any other readers had experiences of company's refusing to delete their personal data when closing an account?

TOPICS:   Privacy   High Street News

15 comments

  • Tom
    NEXT are particularly bad at flouting the law. I had a recent run in with them over returning some goods where they deemed it necessary to charge me for the postage. I advised them of the Distance Selling Regulations which governs mail order, telephone and internet sales. Eventually they offered a "Goodwill £5 for my inconvenience" but did not actually admit they were at fault. I have never used them since. However I highly suspect that this practice continues.
  • alexandrov
    @Tom my understanding of the DSR is that so long as they make clear that the customer will be liable for the return postage then it is perfectly acceptable. This is based on previous conversations with CD and TS.
  • Nobby
    Take a shit in a bag, and leave it under a clothes rail in your nearest next.
  • kfcws
    Standard letter template is simple. and don't forget that there are provisions in the act for compensation if they fail to comply. Dear Next, I have closed my account by paying the balance in full and no longer consent to you keeping or processing any data on me. I feel that by refusing to delete my information you could cause me financial damages as it will still show on my credit report and affect my future chances of getting credit. Please respond in writing to confirm that you have complied within twenty one days. Regards Simon
  • Whogivesafuck
    Who gives a fuck, You don't want the account, Don't use it, Simple's, Move on.
  • The B.
    It's a dodgy one, I understand both sides, Next are loath to allow deletions to their live db because they're terrified they'll lose someone they shouldn't (DELETE * FROM tab_Members, we've all done it), but the flip side is that they're breaking the law, the data protection act allows the consumer to tell the company to remove their details if they're not specifically utilising a service or there is no need for the company to hold the details. The simple answer would be for Next to have a DELETED field, a full 1 bit in size containg a boolean, but then this would obviously mean that the data was still there so they'd be breaking the law, but if the login checked for this then it wouldn't matter would it? He wouldn't know that they'd shafted him if it didn't allow him to log in, of course it all goes tits up if you try to re-register because your details already exist. The short answer is either Next are utterly inept or their developers are because it's a transactional DB and you should be able to roll back if you're data is buggered, even if it's not, what's to stop you doing a SELECT * INTO tmp_Members_Old FROM Tab_Members WHERE Deleted = 1 SELECT * INTO tmp_Members_Current FROM Tab_Members WHERE Deleted = 0 CREATE INDEXES etc EXEC sp_rename 'tmp_Members', 'tmp_Members_bak' EXEC sp_rename 'tmp_Members_Current', 'tmp_Members' Schedule the whole thing for your quietest period and you're done, muppets.
  • ButterMan
    Maybe yous guys should read up on PCI-DSS?
  • Rob
    Next sell overpriced shite. Might as well go to George at Asda.
  • Jase
    Myspace is a complete nightmare. I get an e-mail once a month from Myspace Music, even though I've opted out of all promotional e-mail communication. I click the unsubscribe button, to be taken to an error page. There's an e-mail address at the bottom, along the lines of [email protected], to which you can e-mail to unsubscribe from things. You e-mail it, requesting to be taken off the list, and you get an auto-response saying that the Myspace privacy team has been disbanded and the e-mail address is no longer active. You are then told to click the unsubscribe button...which leads to the error page.
  • The B.
    He could always complain to the Office of the Ineffectual Minister.
  • Tom
    @alexandrov - I think that's correct. My issue was we bought 4 x pairs of shorts. They either didn't fit or looked awful. Returned via a Next store. The following statement showed them refunding all pairs, but still charging the outgoing delivery charge, which is in contradiction to DSR.
  • Paul
    Hi, I have had the same issue with the "priority club" (intercontinental) credit card, after taking almost 6 months and numerous phone calls to get my account (supposedly) closed in June 2009, in June 2010 I received a statement from them (obvoisuly with a 0 balance), but on calling their phone account servicing number they say that my account is closed, and they refused to reset the credit limit to 0 on my request. I have made a officical complaint with them, and if I can log on again with a high credit limit in a month or so, I will be lodging a complaint with the Banking Ombudsman.
  • yo
    talktalk are probably the worst offenders. far worse than any of the examples above.
  • Steve K.
    @alexandrov - retailers are obliged to refund outbound postage under the DSR (when returned within the cooling off period). They are not obligated to pay return postage however. Some useful reference on recent testcases: http://www.oft.gov.uk/news-and-updates/press/2002/pn_33-02 http://www.out-law.com/page-10919
  • ICO B.
    [...] ensure his details couldn’t be lost or stolen, which appeared entirely sensible – but Next categorically refused to. Eventually Next told our reader “your account details are held for Data Protection purposes [...]

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment