Requesting Your Permission

I received an email last week. It was from someone I’d never heard of.

Email

Translating this into PECR speak

We have a list of emails. We don’t think we have your consent to email you which would lead to us breaching PECR so we’re writing to ask for your permission which in itself is breach of PECR. By putting Request for Permission in the subject line we’re hoping you’ll think we know what we’re doing and that we’re a nice company.

I asked them by email to tell me where they obtained my email. A week later they hadn’t replied. I know a week is a long time in politics but a week is a light year in emails.

I upgraded my request to a Subject Access Request and suggested they pass my request to their DPO. Less than 3 hours later I had a reply which appeared to come from near the top.

Dear Sir

Thank you very much for your email and for reaching out to us with regards to our recent emails to you. We have carried out an investigation into your complaint as we take this type of matter very seriously.

As per your inquiry, we have recently acquired a new supplier called “Latest Mailing Database” (latestdatabase.com) who provided us a list of customers’ email addresses interested in travel. They have contractually reassured us that those listed have expressed their consent to be contacted by selected third party partners for marketing purposes.

Upon receiving your inquiry, we have realised that the reassurances we received from this company is in question. While we investigate this further, we have subsequently ceased the use of that mailing list they have provided and all the e-mails, including yours, have now been deleted from our Databases.

We apologise for any inconvenience caused.

Best regards,

Spiros XXXXXXX

Head of International Marketing and Business Development

At least I received a reply but the phrase “They have contractually reassured us that those listed have expressed their consent to be contacted by selected third party partners for marketing purposes” started to worry me. Also a list of people who are interested in travel. Isn’t that a list of everyone in the world? We all travel. Now if they’d asked for a list of those interested in sex and travel we’d have a snappy answer.

Globehunters have a privacy policy which looks pretty good. Just for fun I looked up their company name and their postcode on the ICO Register of Data Controllers. The ICO doesn’t have any record of their name and there are only 2 notifications from their postcode both from the next door building.

I couldn’t resist looking at his source for the emails.

http://www.latestdatabase.com A quick scan through showed their address was Majira Bypass Sajahanpur, Bogra, Bangladesh and they sold email lists. Google maps zeroes in rapidly on a company called seoexparte. A touching review of the company is available.

 

Email 2

 

They had a privacy policy too. http://www.latestdatabase.com/privacy-security-policy/ which was last updated in 2009.

Their UK customer list boasted 2 million records or just $300

Listing Include:

* Frist Name (sic)

* Last Name

* Age

* address

* Email Address

* Ip address

* Phone number

They also have a blog (http://www.latestdatabase.com/appearance-adele-gaga/) and although it would be churlish to mock their poor English if they’re operating in a global marketplace and assuring their customers contractually of the quality of their product it might be a good idea to use a spell checker.

They also seem to run http://emailmarketinglists.bloggets.net. And http://buyemaillists.yolasite.com/contact.php and https://emaillistsforsales.wordpress.com and http://mailinglsit.over-blog.com and http://issuu.com/emaillistsforsale and I gave up at this point.

So where are we now? For £190 a start up company has bought 2 million customer emails. This means that my email is worth 1/100th of a penny. When prodded they realize that they may have bought in a dodgy list so apologise and take my name off their list. A good response but no mention of my Subject Access Request. No Notification for their business and a lead to a major list seller who may just not check their lists that well.

All in day’s work for a PECR vigilante. I’ll see if Spiros comes back.

Act Now Training is one of the UK’s leading provider of seminars and workshops on all aspects of Data Protection, Freedom of Information, Surveillance Law and Records Management. More details www.actnow.org.uk

This entry was posted in Data Protection, Personal Data and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s