Bizzby Privacy

Update 21st August
Having spoken with Bizzby, I'm confident this is an isolated incident and that my concerns about how jobs are allocated to their service provider partners are unfounded. I expect a formal statement from Bizzby to be issued in due course.

I received this eMail today (obviously, with some redaction to protect the individual's privacy) from the online "Handyman App" Bizzby which exists to match service providers with jobs that need done.

There is just one (well, several) issues here.

  • I am not registered on the Bizzby platform
  • I'm not a plumber or electrician
  • I live about 300 miles away from the location

Unfortunately, it seems Bizzby sent this to almost everyone who's ever registered with them for anything (I looked at the app years ago) – this has since been confirmed by several friends, who all received the same eMail.

Firstly, no-one respects people's privacy.

Within minutes of this loads of people had posted it on Twitter without any redaction, so the guy's address was quickly 'in the wild'

Secondly, why am I even on their system?

I looked at Bizzby around April 2016, but never used the service.

The fifth principle of data protection is

Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

So, having never been a supplier or customer of Bizzby, why do they even care who I am now?

Finally, why would this be sent to ANYONE?

Update 21st August
My understanding is this is not the way jobs are normally allocated to Bizzby suppliers, and that this was an isolated incident.

The app is a great idea, but the eMail to individual suppliers to Bizzby doesn't need to include personal details.

This eMail should have been;

Hi Ross

Someone needs a qualified installer to fit their single zone Cosy thermostat for their gas boiler in Hartlepool on Tuesday 22nd Aug at 10:30am.

-Bizzby

Then the personal information can be revealed if - and only if - the contractor receiving the eMail accepts the job and, ideally, over a secure channel (e.g. within the app, or an HTTPS web site)

If Bizzby operated in this way then, whilst embarrassing, today's incident would not have resulted in some private individual having their name, address, and enough information to enable a scammer convincingly pass off as a legitimate visitor plastered across the internet.

Bizzby, you're doing this wrong, get someone involved who has an understanding of privacy, or stop processing personal data.

Bizzby, you get a lot right, there are lessons to be learned here but I'm confident you will :)

« Back to home