Originally Posted by
javabytes
Apples and oranges. The credit card company is simply processing transactions. Delta is actually a party to the transaction. Further, in your example, there is a clear delineation between the personal and business credit cards, and it would certainly be a breach of confidentiality to discuss details of the personal account with a representative of the business, who is certainly unauthorized on the account. There is nothing inherently confidential about an airline booking, especially among the airline itself and the person booking travel on that airline or those reasonably believed to be their agent.
I'm sorry, but you think the bank isn't a party to the transaction? They're
at least making a merchant fee on the transaction that they'll lose out on if it's fraud.
In the Delta situation, there's a clear delineation between personal and business. One transaction was performed by a "travel department" and one was performed by the individual himself. Further, the company's travel department is clearly not authorized on the individual's SkyMiles account, which is why Delta told the company that OP had until midnight to cancel, not "Would you like to cancel that second ticket now?".
If there's nothing inherently confidential about an airline booking, it's perfectly fine if a stranger calls up and gains access to know all the bookings on your account? That would be bad enough, but in OP's case, Delta actually called an unauthorized party and shared details about his personal SkyMiles account. They sought out to breach his confidentiality.