High Street Stores and your Personal Data: Know Your Rights

data protection breach



Most of have been there. We’re in a shop, just about to pay for our purchases, or sort a refund, when the assistant asks for “a few details”; usually our full name, our home address, and our email. Even if we’re only buying a pair of shoes, or returning a scented candle, many of us will hand over this information without understanding why it is needed.


For some, it’s about not making a scene. The assistant is friendly, and they appear to be in no doubt as to why they are asking for our personal information. Also, there’s often a growing queue of people who aren’t going to be happy with a customer kicking up a fuss and holding up the line. So, what should you do?


Put simply; the shop doesn’t NEED your details. Even television retailers, who previously had to request these to send to TV Licensing when they sold or rented out equipment, no longer require this info from you.




If you’ve challenged why the shop needs this information, you might have been met with a vague response; “to process the return”, “for our records”…that sort of thing. However, we all have a statutory right to return faulty goods and, should you wish to change your mind about a purchase you simply need to do two things; keep hold of the receipt and check out the shop’s returns policy before you buy.  In fact, unless the return policy specifically states that you have to hand over this information (and most of them don’t), then they cannot force you to.




Stores use your details for different purposes, most often for security, for marketing, and to improve the customer experience. You might like the shop retaining information about your shopping habits to help improve their service to you. For example, if you buy a particular shade of lipstick but can never remember the name, with access to the right info the shop assistant can find out that your preferred shade is ‘Frosted Pink.’ Also, most of us like it when we are offered discounts on our favourite buys.


That’s fine. It’s your choice. But even if you are happy with this, to protect your sensitive information, you should still care about how your personal details are stored.




With more and more shops using computers to store and process personal information, The Data Protection Act sets out how it can be used; and how it can’t.


The eight principles of data protection are:


  1. Personal data should be processed fairly and lawfully
  2. It must be obtained only for a specified reason(s) and can’t be handled in a way that is incompatible with that purpose(s). For example, no company can sell or give away your information without your explicit consent
  3. The information held must be adequate, relevant and not excessive when compared with the purpose for which it is to be used
  4. It must be accurate and, where necessary, kept up to date
  5. It must not be kept for longer than is necessary for the intended purpose
  6. Personal data must be processed in accordance with the Data Protection Act
  7. To keep the data safe and secure, appropriate measures will be taken against unauthorised or unlawful processing of this information, as well as against accidental loss, destruction, or damage. This means that businesses must keep the information backed up and away from any unauthorised access
  8. The files may not be transferred outside of the European Economic Area unless the country that the data is being sent to has a suitable data protection law.


You can find out more about these principles on the Information Commissioner’s Office (ICO) website.




In most cases, we trust these retailers. Why wouldn’t we? They are high street shops, with familiar names, big shiny signs above their windows and friendly authoritative staff. So, it can be easy to assume that they wouldn’t ask us for our address if they weren’t allowed to do so. We also trust them to hold our information safely once given.


However, in 2015 the ICO warned shoe retailer Office to clean up its act after a data breach exposed more than one million customer details following a hack. In fact, British companies will be forced to publically disclose data breaches and face fines worth tens of millions of pounds in a crackdown on cyber security as the government is set to adopt strict European data protection laws despite the Brexit result


So, should you hand over your details? Well, as with most things, you have a choice. A choice to ask questions, and a choice to exercise your own free will based on the answers that are provided to you. While we have been increasingly content to hand out our personal information, with an estimated 1,266% jump in cyber fraud in 2016, it’s perhaps no wonder that consumer confidence is now lacking, and that data breach claims are on the rise.


Helping you to achieve the maximum amount of compensation, in the minimum amount of time, if a retailer that you have given your details to has breached that trust, contact Hayes Connor Solicitors today.  Our initial evaluation is always free of charge, and there’s never any obligation to take things further.


Alternatively, you can find out more about making a data breach compensation claim on our website.


With strict time limits in place for making most compensation claims, if you want to achieve maximum redress in the minimum amount of time, it’s important to act now.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *