It’s quite simple. You’ve just bought a product and the company who just sold it to you asks for a friend’s email so they can market to them. If they buy then you (and them) get a cheque for £25. What a great idea!
Unfortunately they seem to have chosen to breach some regulations. To market electronically by email requires prior consent or consideration of the soft opt in option as defined in Section 22 (3) of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
To market by email three conditions should apply.
a) You must have obtained the email address in the course of a sale or negotiations for a sale
b) You should only market similar products
c) You should offer an opt out with every message.
They clearly miss the first one as they have made no sale nor negotiated with your friend. The second one falls by the wayside for the same reason as your friend won’t have bought anything from them, so there is no “similar” test. Finally, we’ll credit them with offering an opt out (although based on their understanding of email marketing so far that’s being generous).
There is a safety valve. If your friend, after being sold down the river does not buy from the company, then their email will never be used by the company. In fact it will be destroyed securely within 30 days. And of course it will never be passed to any other organisation or sold to a list broker.
Unfortunately the company doesn’t offer any of the guarantees in the previous paragraph. They may well do so but they don’t bother with any concept of a fair processing notice. How do you feel about sending your friend’s email to this organisation? If they’re happy to pay £25 to buy an email address that makes a sale what price do they put on a prospect?
I’m not a hacker. I’ve started an online course to learn how to be one. There is no course literature or reading list. The exam which can be taken at any time has one task. “ Your grade is held in a secure area at Hacker’s University. Change it to Pass and email yourself a PDF of your certificate”.
But if I was a hacker I’m sure I could find a way to flood this business that’s trying to buy email addresses with a few long lists of emails. All those on JISCmail data protection list; All people with NHS.net; I have many lists that people have sent me by accident.
Paul Simpkins is a Director and trainer at Act Now Training Ltd.
No time to attend our PECR courses? Try our on demand PECR webinars. One hour of learning for only £39 plus vat.