Social Brands & The Information Currency: Myntra’s Faux Pas
Two months ago, I did an ecommerce shopping run to replenish my summer wardrobe. I checked out all the Indian sites I could find, with the most advertised ones at the top of the list. Of these, Myntra left me far from satisfied. Their courier was delayed, discourteous and told me ‘to keep exact cash ready as he didn’t have time’ and that I ‘would not be allowed to open the package before payment’. Suffice to say, I terminated that particular order.
I’ve continued to receive SMS alerts about sales, discounts and general reminders from Myntra ever since. Annoyed, I tweeted asking Myntra to stop since I had not bought from them and did not intend to, until they improved their courier systems. The response I received was the following:
“@ideasmithy Sorry about the inconvenience. Please confirm if XXXXXXXXXX is your contact number. We will get it off our SMS list very soon.”
Note that in the above tweet, the first, second, eighth, ninth and tenth digits were actually mentioned. I DM’ed them immediately asking them to take down the tweet. When I didn’t see a response immediately, I called the call center. The tweet has now been taken down.
I need to highlight this though. A mobile phone number is private. It is sensitive information, an intangible possession of its owner. Nobody has the right to make it public, except its owner. Brands, companies and other groups routinely collect people’s phone numbers at shops and in other ways such as forcing you to divulge it in order to register. This still does not give them the right to make your number public.
Myntra has my mobile number because it is required information to login to the site. The tweet contained 5 of the 10 digits in asterisks. I think this still constitutes a violation. I do not want any part of my private details shared. How has Myntra taken it upon itself to decide what is ‘okay’ and what isn’t?
I imagine that the tweet was posted in some kind of auto-response mode by someone who had not been trained to think about this. Would you trust your credit card details in the hands of someone like this? That’s sensitive information that is shared with the brand too.This may be one faux pas but I it’s a major breach. Would you trust a lock that was not secure? The tweet with my phone number has been taken down but it was in the public domain for at least 12 minutes. It’s knowledge, once shared it cannot be retrieved.
A social brand that doesn’t understand the concept of ‘private information’ is like a businessman who doesn’t know the currency that he deals in.