Haupz Blog

... still a totally disordered mix

Know Your E-Mail Address

2021-04-02 — Michael Haupt

I have an e-mail address at a large e-mail provider. A lady somewhere in Mecklenburg-Vorpommern with whom I share some naming details accidentally misused my e-mail address to buy some clothes online. Now I have her address and phone number, because the company chose to put all of those into the order confirmation e-mail.

In fact, things like this happen a lot, and since we're talking about personal data after all, I normally take some steps to sort this out. In some cases, I'd use postal addresses to send those people a friendly letter. This lady, I gave a call - her reaction was quite bewildered but she immediately saw the point. I've deleted that e-mail now.

While is may be funny, it's actually quite serious: people can easily expose personal data just by mistyping their e-mail address.

Some guy in the Ruhrgebiet has a freakin' phone contract with Vodafone that runs through my e-mail address. While Vodafone hasn't shared any address details in e-mail and also not exposed other things, I've still called them about the matter, only to be met with utter incompetence. The call center agent didn't understand the problem. His supervisor, to whom I ended up talking, promised to see about things but nothing has changed.

I was also once sent the personal retirement data, including birth date, address, and SSN, of someone in the US. This kind of thing is scary.

The most recent incident of the sort is, you guessed it, Covid-19 related. Some student at a university on the North American continent had accidentally used my e-mail address to register for a vaccination slot. Obviously, it was me who got sent the confirmation, date and time, and more details about the procedure. Happily, the notification e-mail also contained the student's phone number, so I sent a text message with the details, and things were good. Still, the whole thing made me cringe.

It's OK when someone misspells their e-mail address and accidentally uses mine. However I do believe companies should take measures to make it very hard for such accidents to have data privacy consequences, or for the accidents to be remedied. If I have to send in a lawyer to sort such things out (this can be interpreted as impersonation, even though it's somewhat inversed), that's a pretty high threshold.

Tags: the-nerdy-bit