Your mailing list I mean.....
There is lots of talk
of how big your mailing list is and this can be a wonderful addition to
your business but only if you have collected the information in the
right way. I have been talking to a couple of companies recently who are
growing their mailing list by adding people to it, without asking their
permission.
Generally they are people who have done business with the
company before so have some history with them but the company didn't ask
the individual if they wanted to receive further information. This
usually boils down to a couple of reasons; the company thinks its OK to
add people, they think the person might say no but they want the numbers
on the list to increase or they didn't understand the benefits of
asking the individual.
I would always advocate asking someone if they want to receive further information from you. Firstly it opens the discussion as to how staying in touch can help them keep informed of new events, etc. It also tells them that you will be adding them to a list and they can expect an email at some point in the future. Gives them something to look forward to! Also asking whether you can stay in touch indicates some thought for the persons privacy.
Finally it is always useful to show whether you intend to share the personal information with other companies, I always look to see, when I am providing my information, who it is going to be shared with. Lots of companies now state that they will not sell or share your information with other companies. (Good for them)
Monday 25 May 2015
Monday 18 May 2015
I am being spammed - the good and bad
I have a lovely new email address which is less than 10 months old and already I am receiving spam emails. Working in data protection means that I want to find out where the spammers are getting my email address so I can stop it. It also provides some insight into how little some companies understand the Data Protection Act.
Recently I have received emails from two different companies. Lets call them Good and Bad.
The first company, Good, sent me emails about advertising in the Daily Mail. They are registered with the Information Commissioners Office as a Data Controller. I contacted the company director to ask where they had got my email address and I was told they had bought my email address as part of a mailing list. To be fair, the emails they sent me did have an unsubscribe option, which I have used, and when contacted said they would remove me from that list and put a block on the email address appearing on other lists. The company director also told me that the list they buy they can use for a year but if a recipient doesn't open an email for 6 months they remove them from their list. Really good response and the company director could not have been more helpful.
The second company, Bad, sent me emails every week for 5 weeks at the same time of the same day each week, they also sent the same emails to my colleague at the same time. They are not registered with the Information Commissioners Office. In their emails, they claim that one of their colleagues mentioned my company and they think they can help me (yeah, right). They provide IT staff. There is no unsubscribe on their emails (thereby breaching the PECR). The phone number provided on the email rings out and having rung it at various times is not answered. Really not impressed. After a bit of research on the internet (you have to love it) I managed to find an office number to call. Left a message, still awaiting a call back (not holding my breath).
So company Good responded really well to my requests and questions, very helpful and understand I don't want to be contacted again. Company Bad would "really like to work with me" according to their emails but don't answer their phone, handle my data poorly and think that sending me emails at the same time each week wouldn't be considered spam. I know who I would rather share my information with.
Update: Company Bad have responded to my call. Apparently he noticed my missed calls but he gets lots of calls from companies wanting to sell him something so doesn't follow up, (this from someone sending me spam emails, spot the irony!). Apparently they only have 5 emails that they send out, so as I have had my five there is nothing to look forward to on Tuesdays at 8.36am (shame). They don't know where they got my information from, it could be from a colleague or LinkedIn (really?). They didn't think the Data Protection Act applied as the email address belongs to a company (wrong, as soon as that email is addressed to an individual it becomes personal information). As for being registered with the ICO, he wasn't aware who they are and had not heard of PECR. This is a worrying state of affairs given this company provides CIO's and IT Directors. Company Bad really need to up their game and do some research to comply. They had better hope that the ICO don't take an interest in their lack of registration, abuse of the PECR and inability to record where they obtain information.
Recently I have received emails from two different companies. Lets call them Good and Bad.
The first company, Good, sent me emails about advertising in the Daily Mail. They are registered with the Information Commissioners Office as a Data Controller. I contacted the company director to ask where they had got my email address and I was told they had bought my email address as part of a mailing list. To be fair, the emails they sent me did have an unsubscribe option, which I have used, and when contacted said they would remove me from that list and put a block on the email address appearing on other lists. The company director also told me that the list they buy they can use for a year but if a recipient doesn't open an email for 6 months they remove them from their list. Really good response and the company director could not have been more helpful.
The second company, Bad, sent me emails every week for 5 weeks at the same time of the same day each week, they also sent the same emails to my colleague at the same time. They are not registered with the Information Commissioners Office. In their emails, they claim that one of their colleagues mentioned my company and they think they can help me (yeah, right). They provide IT staff. There is no unsubscribe on their emails (thereby breaching the PECR). The phone number provided on the email rings out and having rung it at various times is not answered. Really not impressed. After a bit of research on the internet (you have to love it) I managed to find an office number to call. Left a message, still awaiting a call back (not holding my breath).
So company Good responded really well to my requests and questions, very helpful and understand I don't want to be contacted again. Company Bad would "really like to work with me" according to their emails but don't answer their phone, handle my data poorly and think that sending me emails at the same time each week wouldn't be considered spam. I know who I would rather share my information with.
Update: Company Bad have responded to my call. Apparently he noticed my missed calls but he gets lots of calls from companies wanting to sell him something so doesn't follow up, (this from someone sending me spam emails, spot the irony!). Apparently they only have 5 emails that they send out, so as I have had my five there is nothing to look forward to on Tuesdays at 8.36am (shame). They don't know where they got my information from, it could be from a colleague or LinkedIn (really?). They didn't think the Data Protection Act applied as the email address belongs to a company (wrong, as soon as that email is addressed to an individual it becomes personal information). As for being registered with the ICO, he wasn't aware who they are and had not heard of PECR. This is a worrying state of affairs given this company provides CIO's and IT Directors. Company Bad really need to up their game and do some research to comply. They had better hope that the ICO don't take an interest in their lack of registration, abuse of the PECR and inability to record where they obtain information.
Wednesday 13 May 2015
Sending emails - Will the ICO be sending you to the naughty step?
On one of the forums that I belong to, a question was recently asked about what is considered a spamming email? The responses were very interesting.There was a lot of discussion about whether you can just add people to your mailing list because they gave you their business card. This really split people into two groups along the lines of "they wouldn't have given you their business card if they didn't want you to stay in touch" and "Just because I gave someone my business card, I wouldn't then expect to be out on their mailing list".
So here is the boring legal bit. Under the PECR (Privacy and Electronic Communications Regulations) people must give permission for you to add them to your mailing list, unless they have bought from you previously and the product you are promoting is something similar. If you don't do this and someone complains to the ICO, they could review your data protection practices and send you to the naughty step.
So how do you end up with spam emails? Well, someone you have given permission to have your email address has sold on their list. Yes they should have asked you first but many websites are unclear as to what they are going to do with your information and some companies have no idea that they should be getting your permission first. Many companies are now aware that we hate having our information sold to others and will make a declaration on their website that they never sell or pass on your information. My advice is always be aware when you are providing your email address what it is going to be used for and if it is used for anything else, either unsubscribe or make contact to correct their information.
So back to the business card discussion. Unless at the time you handed over your business card they asked whether you wanted to be on their list (yeah right!) and they noted your permission down, then they shouldn't have added you. More interesting is that the majority of people on the forum said they would unsubscribe immediately if someone did this. Would you?
So here is the boring legal bit. Under the PECR (Privacy and Electronic Communications Regulations) people must give permission for you to add them to your mailing list, unless they have bought from you previously and the product you are promoting is something similar. If you don't do this and someone complains to the ICO, they could review your data protection practices and send you to the naughty step.
So how do you end up with spam emails? Well, someone you have given permission to have your email address has sold on their list. Yes they should have asked you first but many websites are unclear as to what they are going to do with your information and some companies have no idea that they should be getting your permission first. Many companies are now aware that we hate having our information sold to others and will make a declaration on their website that they never sell or pass on your information. My advice is always be aware when you are providing your email address what it is going to be used for and if it is used for anything else, either unsubscribe or make contact to correct their information.
So back to the business card discussion. Unless at the time you handed over your business card they asked whether you wanted to be on their list (yeah right!) and they noted your permission down, then they shouldn't have added you. More interesting is that the majority of people on the forum said they would unsubscribe immediately if someone did this. Would you?
Subscribe to:
Posts (Atom)