Very Special "Data Protection" logic from Norwegian Cruise Lines

So NCL have some very special systems in place, and I use special in the most derogatory sense here.

I have a "latitude" account/login, as does my mate.

However, we have linked addresses. Not email, not name, not latitudes number, etc, but address and phone number.

But some of it is worse. I tried to log in an failed and found that my latitudes have my wife's email and my friend's address.

We have been playing ping pong all day updating our addresses. They also have some strange cache, so I make a change and I will not see for say 15 minutes, but my mate sees the change. And worse, we have seen it constantly get the phone number wrong. So my address and his number, or his address and my number.

How does this happen. How is this not GDPR waiting to happen with big guns.


  1. They are primary-keying on something stupid...? Rather than a real primary-key, i.e. a unique identifier? Guess they are using phone number as primary-key.

  2. I dread to think what the carbon footprint is for their gargantuan cruise ships. Oftentimes the people that go on these cruise ships (which have a carbon footprint the size of bigfoot's big brother) are the same people that get obsessive about turning off chargers that are left on standby (consuming 5mW or so).

  3. I wonder if a miscreant armed with someone's phone number could create an account and use it to obtain their address? It would be worth trying that out with a dummy account on a fresh browser.


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

TOTSCO 66 is guidance, optional

I feel I need to explain this. The TOTSCO call today, first I have been on, and wow! But a key point was TOTSCO bulletin 66, which is actual...