Tesco have now responded to our data protection request. They’ve sent through a 13 page letter which includes printouts and screen shots from their various systems. Unfortunately, they haven’t provided me with an electronic copy of anything, so I’d have to retype everything in order to use the data for anything useful. We will be requesting that the data is re-sent in electronic format in our next request to the company. We believe that this shouldn’t really prove too difficult as the data of course resides on Tesco’s computer systems.
Interestingly, while they do seem to have a fair amount of information about me – including my lifestyle profile (“Commonplace Brands” / “Mainstream”) and my lifestyle affluence (“Mid-Market”), they have not provided me with anything really detailed.
I was hoping that I would be sent a list of the products I’d purchased, or at the very least a list of my favourites. Tesco should hold this data as it is referenced in the event of a product return and is used to build up my favourites profile when shopping online at Tesco.com. Unfortunately, all I’ve received is my basic marketing profile, a list of how much I’ve spent since 30th July 2007 and some printouts from the customer service system that recorded the data protection request.
We’re going to follow all this up with Tesco. We will also be reminding them that they have still lost some of my personal data (a photocopy of my driving licence) while attempting to process the request – which is very concerning.
More broadly, we shall be seeking a public guarantee that future requests will be handled quicker and more simply than mine has been.
In the meantime, you can take a browse through the wonderful Tesco screen shots below. Please note that I’ve blurred out anything that I’ve classed as personal data (both mine and those of Tesco employees).
[...] We’ve continued to chase Tesco with our data protection request. They have finally responded and sent some of our data to us – although it isn’t quite what we were expecting. I’ll be posting some more details about this on our data blog shortly. (Update: You can read the response from Tesco here). [...]
I wish to nominate this for worst UI ever.
And mention that on Page 4, they spelt Teatotal wrong.
Brilliant work! Keep it up.
You mean they didn’t prodive you with the password to your online account! – see jemjabella.co.uk/blog/plain-text-passwords-at-tesco
and who did the blurring of the peoples names’ – was it yourself or tesco, as it would seem to be that Julie and Ewan on the screendumps are probably the same people who have sent and signed letters to you where you didnt blur out their name/signatures
T,
Thanks for your comments. I was the one who did the blurring on the screen dumps, obviously I didn’t make the connection between the 2 names on the letter and the names in the notes when going through everything. Thanks for pointing the inconsistency out.
With regards to plain text passwords, I have unfortunately come across numerous web services over the past few years that store passwords in plain text. I mentioned the issue in an earlier blog post (http://www.consumerfocuslabs.org/datablog/data-protection-requests-done-right). Thank you for providing us with the link above – it is an interesting read and worthy of some thought.
Dafydd