July 4, 2019
Square Inc. (“Square”), a San Francisco-based payment processing company, is being sued by a customer who claims that the company violated privacy laws by accidently sending a receipt detailing his medical history to a friend.
Square’s Point-of-Sale app allows merchants to process payments via smartphone devices. After a transaction occurs, Square sends a digital receipt by text message to the cardholder or authorized user of the credit card. The company issues hundreds of millions of electronic invoices a year, however, as reported by the Wall Street Journal, Square has reportedly experienced issues with misdelivered receipts.
Following a medical appointment, A. customer paid his bill using a Square device at his health-care provider’s office. Following payment, the customer’s digital invoice detailing his personal treatment information and medical history was sent via text message to a friend, instead of his own phone. Lawyers for the customer claim their client “has no idea how his friend’s contact information became associated with his credit card or this particular transaction and never consented to his medical information being shared.”
Unfortunately, Square’s mishap is not an anomaly. The company has been accused of misfiring several receipts including: payment for a divorce attorney, surprise gifts for friends and obstetrician appointments. As such, the customer’s lawyers are seeking class-action status for the lawsuit. They argue that such incidents breach the company’s promise to safeguard its customers confidential data. A spokesman for Square, however, attributes the misfire to consumers sharing credit card numbers, lending out credit cards, and human error on the part of purchasers or merchants.
Regardless of the outcome of the lawsuit, the incident serves as an example of the privacy-related issues faced by many technology companies, especially those that deal frequently with customers’ personal information.
Author: Madeline Warren