Until/unless we can find and implement a workable way to make this a problem Amazon is financially on-the-hook for, instead of Amazon (et al) customers.
I wonder what the PCI implications are if it's true that Amazon gave away his last four cc digits over the phone?
I wonder if there are applicable PII laws in his jurisdiction that'd have Amazon able to be held liable for disclosing his address? (I think there are here in Australia(1), but that doesn't mean regular Amazon customers have any chance of prevailing in court against Amazon's in-house legal team...)
In the US, the relation Legal Name ~ Home Phone Number ~ Address is emphatically not private. It's in the phone book, it's in directories published by local school districts, it's on public property ownership records, in some cases voter registrations are subject to FOIA, it's on corporate registrations, amateur radio licenses, FAA pilot licensing (including small drones), all kinds of professional certifications and business licensing which is published on the internet, etc.
> I wonder what the PCI implications are if it's true that Amazon gave away his last four cc digits over the phone?
Absolutely none, unfortunately. Merchants are specifically allowed to store the first six and last four digits of a credit card number in any form they like.
I wonder what the PCI implications are if it's true that Amazon gave away his last four cc digits over the phone?
I wonder if there are applicable PII laws in his jurisdiction that'd have Amazon able to be held liable for disclosing his address? (I think there are here in Australia(1), but that doesn't mean regular Amazon customers have any chance of prevailing in court against Amazon's in-house legal team...)
(1) 6.67 of this says your address is "individually identifying data": http://www.alrc.gov.au/publications/6.%20The%20Privacy%20Act...