Data Protection breach by ETIHADBack to Forum
Anonymous15 May 2014
I received an email the other day confirming flights on Etihad, Auckland to Heathrow return in business.
At first I ignored it but then as the reminders came through, thought better of it and called Etihad, in case of fraud.
Speaking to Etihad, I gave the flight details and was concerned at the silent reaction, I could hear the yes, you do have 4 seats in business, perhaps you ought to check with your credit card company…
I had not purchased or booked the tickets, but they were in my name and confirmed status OK…
After a period of time, the agent came back to me and explained the tickets are genuine, but by a chance in a million, the airline had got the email address wrong, by one digit – the passengers names really was Martyn Sinclair and he had a Hotmail account, but had included a middle initial, which Etihad had left out.
Ok – a mistake, I had let Etihad know and I thought Etihad would have relayed the message to their passenger.
A week later, I am now getting email reminders to check in for “my flight home to Auckland”..
Naturally, Etihad would not provide any further details, except to say, they got the email address wrong by 1 digit.
So, if anyone knows a Martyn Sinclair (besides me) travelling Auckland – London and back (via Abu Dhabi), in the next few days, please let him know, that despite having full access to his booking, I have not altered anything and it seems, Etihad have not taken away my access either……15 May 2014
That is appalling. If this has occurred in the UK then I’d strongly recommend reporting it to the Information Commissioner. Although mistakes do happen, UK companies must have procedures in place to confirm and rectify them once they’ve been alerted. For Etihad to continue sending you emails for another passenger after you’ve alerted them isn’t acceptable.
1F15 May 2014
Likely to have come from the other passengers booking, and them making the mistakes themselves with their email on their own booking.
Most Airlines simply computer generate emails for reminders to check in etc. Sure, you alerted Etihad, but do they have the right to change the passengers details on the basis of a phone call? They could contact the passenger but if they do not respond by phone etc, what can they do?
I am sure my emails have a very near similar, but are usually countered with matching FFP details that go in for say my Gold Flying Blue, or Etihad Gold Guest cards. Good to have these as long as they remain accurate.
So much is done automatically these days and dependent upon what we put in our own bookings. We seem to have all the responsibility, and when mistakes happen Airlines tell us “but you made the booking?!”
I would not be so worried, as should the other passenger.15 May 2014
Marcus – I totally agree that people make mistakes but when a company is notified from a member of the public of the situation, they have a duty to try and rectify it.
I had a situation a year ago where someone put a job up on Rated People and made a one digit mistake in their mobile number, so I kept getting calls and text messages from tradesmen trying to quote for the job. I ended up calling Rated People’s number and explained the problem – giving them the job number – and they changed the job details on the system so I stopped getting the calls and texts.
Similarly, in my day job we put internal procedures in place to deal with situations where we got notification that we were contacting the wrong people for appointments. The reason is that we got legal advice warning that failure to do so could put us in breach of the DPA because by holding and actioning the wrong mobile number (for example) we could be held to be wrongfully processing personal data. It’s really just a matter of good industry practice.
TBF though I do tend to be a bit conservative on this issue because I’ve seen what happens when you’re on the wrong side of the Information Commissioner and the damage to reputation can be difficult to rectify.
1F16 May 2014
This is not good and suggests that the airline really has not taken the matter seriously…..
Marcus, I thought defending the indefensible was the sole perogative of VK/SM on this Forum?
Edited: Martyn, maybe you should try checking in and turning up at the airport……16 May 2014
Who’s to say that Etihad hasn’t contacted the passenger, and they have acted on the request from Etihad.
I don’t know how ICO legislation works in the passengers originating country (NZ) or the company’s country (UAE) , but under UK legislation Etihad can’t change the probably wrongly inputted information by the wrong Martyn Sinclair until they can verify that they are talking to, or in contact with the gentleman who originally inputted the ticket.
In this case if Etihad were stupid enough to try and re-contact via e-mail rather than phone then I can see the argument that their not taking their responsibilities, being the guardian of data seriously enough .16 May 2014
I think Etihad need to upgrade there IT system. I have had passengers on flexible tickets get email asking if they want to upgrade. Not planning to travel we change the dates through the GDS (for example from Jan to May this year) but the client kept getting upgrade emails and check in emails for the Jan date that had been changed! Client thought I hadn’t bothered to change dates which was frustrating when I had!
So I guess even if Etihad have changed the email address there is some bug in there system that keeps sending to an old email address as well perhaps?16 May 2014
When I spoke to Etihad, they did confirmed that they had the correct email address. However, they confirmed they could see they sent an email to an address where one digit was incorrect.
Whether this means the passenger sent the wrong address or the airline entered the wrong address…. I haven’t a clue.16 May 2014
MrMichael, it may or may not be a mistake, either way, it is a breach of data protection laws.
As Etihad told Mr Sinclair that they had the correct address, but sent to a wrong address, it is their fault the details were sent to the wrong Mr Sinclair.
Mr Sinclair was simply warning other members of the forum about this, your comment was unnecessarily rude.22 May 2014
Apologies, but i did not mean to blame Martyn and say Etihad have no responsibility.
I merely made the point that with us all having to make our own bookings, enter the details, so much is computer generated on that basis.
Data protection provisions, just mean that on one phone call, an Airline can cancel or change a booking or the passenger details or contact numbers. How many times have we each been called claiming someone if from the bank, or Airline etc, and immediately ask us who we are and go through very private security information?
We never really know who we are talking to.
I have always found Etihad very responsive so perhaps a call to The Manager at the local Office or by letter, would be much better for them to act on than thousands of emails or calls they get each day.22 May 2014
NMH, I am sorry you felt my words rude. I was trying to convey that in all walks of life mistakes are made. The data commissioners are not usually interested in one off errors, more the principle and systems in place to protect data. Although clearly Etihad may have made a mistake in this instance , it is not a common occurrence nor a system failure. It was an error, they happen.24 May 2014