I have a lovely new email address which is less than 10 months old and already I am receiving spam emails. Working in data protection means that I want to find out where the spammers are getting my email address so I can stop it. It also provides some insight into how little some companies understand the Data Protection Act.
Recently I have received emails from two different companies. Lets call them Good and Bad.
The first company, Good, sent me emails about advertising in the Daily Mail. They are registered with the Information Commissioners Office as a Data Controller. I contacted the company director to ask where they had got my email address and I was told they had bought my email address as part of a mailing list. To be fair, the emails they sent me did have an unsubscribe option, which I have used, and when contacted said they would remove me from that list and put a block on the email address appearing on other lists. The company director also told me that the list they buy they can use for a year but if a recipient doesn't open an email for 6 months they remove them from their list. Really good response and the company director could not have been more helpful.
The second company, Bad, sent me emails every week for 5 weeks at the same time of the same day each week, they also sent the same emails to my colleague at the same time. They are not registered with the Information Commissioners Office. In their emails, they claim that one of their colleagues mentioned my company and they think they can help me (yeah, right). They provide IT staff. There is no unsubscribe on their emails (thereby breaching the PECR). The phone number provided on the email rings out and having rung it at various times is not answered. Really not impressed. After a bit of research on the internet (you have to love it) I managed to find an office number to call. Left a message, still awaiting a call back (not holding my breath).
So company Good responded really well to my requests and questions, very helpful and understand I don't want to be contacted again. Company Bad would "really like to work with me" according to their emails but don't answer their phone, handle my data poorly and think that sending me emails at the same time each week wouldn't be considered spam. I know who I would rather share my information with.
Update: Company Bad have responded to my call. Apparently he noticed my missed calls but he gets lots of calls from companies wanting to sell him something so doesn't follow up, (this from someone sending me spam emails, spot the irony!). Apparently they only have 5 emails that they send out, so as I have had my five there is nothing to look forward to on Tuesdays at 8.36am (shame). They don't know where they got my information from, it could be from a colleague or LinkedIn (really?). They didn't think the Data Protection Act applied as the email address belongs to a company (wrong, as soon as that email is addressed to an individual it becomes personal information). As for being registered with the ICO, he wasn't aware who they are and had not heard of PECR. This is a worrying state of affairs given this company provides CIO's and IT Directors. Company Bad really need to up their game and do some research to comply. They had better hope that the ICO don't take an interest in their lack of registration, abuse of the PECR and inability to record where they obtain information.
No comments:
Post a Comment