Are Local Internet Cafés Breaching Customer Confidentially?

[dropcap]I[/dropcap]t wouldn’t be uncommon to sign onto a computer at an Internet café, for what number of reasons might have led you there, to find that the person before you had forgotten to sign out of their email or other personal account. In fact, I remember forgetting to sign out of my Facebook account a few years ago only to find that someone with way too much time on their hands had taken the liberty of posting on my account on my behalf. They went so far as editing photo captions and other material, but fortunately I was still left with full access to my account.

It is less uncommon though for a person conducting business at a café, or perhaps even at a document supply shop offering these services, to have confidential information of a stranger fall into their lap, or more precisely, their inbox. I recently experienced just that at a café location in the north of the island. I’d gone there early one morning after my desktop printer at home refused to co-operate. I needed to have a document signed and scanned, and I wasted no time heading to Rodney Bay to get that done. I walked into the store, signed onto the computer with assistance from the store assistant, and proceeded to go about my business. After handing over my document, the woman manning the store asked whether I had a jump drive. I informed her that I did not, after which she said she would email it to me. I spelt out my email address, and waited for the email notification.

Moments later the scanned document was in my inbox. Or so I’d thought. I opened it and the words Money Laundering glared at me through the screen. I wondered if I had opened the right document. When I realized I had, I informed her that what I’d received was not my document, to which her calm demeanour faded. I was brief in my description of what she had sent me, and watched as her eyes widened, and her fingers fumbled across her keyboard. I could tell she was trying to keep her cool. She mumbled something about the document date on her computer being wrong, and blamed that for her error. She resent me the correct document, but not before asking me to delete the previous email.

She laughed weakly, “I don’t usually read the information customers come in here with anyway,” she said, and I wondered what had made that particular document so special that she’d kept it long after the customer had left the store. My brief glance had already told me everything I needed to know: judging by the content, the customer before me likely would not have wanted any one else having access to his information.

I immediately felt uneasy about my own information, and checked three or four times before I left to make sure I’d signed out of my email. I instructed the woman behind the counter to delete my information, and when she nodded in acknowledgement, I walked out of the store unconvinced. My information paled in comparison to that of the individual who’d had his information retained without his consent, but that didn’t make it any less personal.

Days before I’d gone to another Internet café in the area and I’d been told by the store attendant there that it was company policy to delete customer documents as soon as transactions were complete. The document I’d seen had been signed and sent off during the first week of March. Into the third week, I saw no reason why that company would still have the material in its possession.

It is questionable how much any of these facilities on island care about customer confidentiality, and how much of people’s personal information is kept post-transaction without their knowledge. More modern service centres and cafés on island have implemented systems whereby customer information is deleted when they log off, making the whole process safer, but still not impervious. One of the biggest issues here is that businesses supplying these services need to be properly regulated. They also need policies that are clear, to reassure customers that their information is safe when they come to conduct business. Moreover, staff in particular need to be properly trained in data protection as their ignorance can very well prove to be a liability to these companies and their customers.