Please call re ICO conference.

Working around the UK us Act Now speakers sometimes get messages or emails from the office staff.  If we can we pick these up and follow them up at lunchtime, coffee breaks etc.

Last week I received once such message and it looked promising. (See title of post). The ICO want to talk to me about his conference…    is it the invitation I’ve been waiting for to address 500 colleagues on the Data Protection joke book from A to B?  Is it an opportunity to run a workshop or maybe they want us to advise them on something.

My flying fingers could scarcely contain a feverish frisson of excitement as I dialed the digits.

It wasn’t the ICO. It was a company who to be truthful did identify themselves but did it so quickly that I missed it (but I have their number). Some gentle introductory questions about why we attended blah blah blah then they got to the main course. Who do we speak to in your company about encryption solutions? Head of Procurement? IT director?

I asked the obvious question and was told that they obtained my name and corporate details from the documentation given out at the recent DPO conference in Manchester. And to the obvious follow up question – yes they were ringing delegates to offer them Encryption solutions.

I ended the call using a well know technique and started wondering.  I wasn’t happy but had they breached any laws or regulations? DPA? Was it personal data? If it’s not personal then all the principle 6 rights disappear. Was it marketing?  A section 11 issue? That again specifies personal data.

Aha. They used the telephone. Isn’t that covered by PECR? And PECR is about subscribers not individuals. If we were registered with corporate TPS they’d be committing an offence wouldn’t they? Wouldn’t they?

What about the ICO? Should they have issued a list of delegates to all delegates? Was it not personal data but became personal data once it was worked on by another data controller? What schedule 2 condition applies to data collected at a conference and manipulated by the user to be used for marketing and selling.

I remember in the days when I spoke at conferences and the organisers would invite me to speak and they also invite me to email their flyer to all my colleagues in the sector. In those days it was routine to list email addresses of delegates in the conference documentation. Things have changed but dodgy practice still exists.

Did anyone else get this call? Were any offences committed?

This entry was posted in Data Protection, PECR and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s