Amazon accounts are hard to delete, Netflix is ‘impossible’
of London Police, suggested editing accounts so they do not include your current information before closing them down. “If the organisation is attacked, the hacker will just see your edited profile,” he said.
If you need help erasing your account, he suggested using justdelete.me, an online directory. The website also rates how difficult some companies make it to delete profiles. For example, it says Amazon and iTunes accounts are hard to delete and Netflix is “impossible”. Enter your email address on haveibeenpwned.com, which reveals if it has been involved in any breach and if so which companies are concerned.
“Once your information is out there, it’s out there. It’s better to take measures to protect your details before a company is hacked,” said Mr Freedman. “Just because a firm hasn’t been attacked yet it doesn’t follow that it never will be.”
He advised people to “compartmentalise” their information. For example, you can set up a number of email addresses to handle communication for different accounts, such as banking, online shopping and utility bills. Contact the firm directly. If you’re unhappy with the response you can complain to the ICO. This should be done within three months of the last contact with the firm involved.
The ICO will investigate the company and ask it to sort out the problem. It will not award compensation. If your complaint involves a regulated financial business, you may be able to seek redress from the Financial Ombudsman Service, which is free. The ombudsman’s role is not to decide if the organisation has breached data protection laws, but it can look at the impact any breach had on the customer and order the firm to pay to put things right.
In May 2018 the Data Protection Act will be replaced by the EU’s General Data Protection Regulation, which will take effect before Brexit and remain in force thereafter, the Government has said. The main changes include tougher penalties for breaches and tighter rules regarding when a firm must admit to a breach: they will have to inform the data protection authority within 72 hours of becoming aware of an incident. Customers will have to be told without “undue delay”.
The Government has said that consent given to companies that hold personal data must be explicit and easy to withdraw. Getting your data will be simpler and not subject to a charge. Parents will have to consent to information services for children under 13.