"ComplianceSpeak"

I once sat in a bar and jotted down all the snippets of conversation that rose above the background 'gobbling turkey' noise.  I wondered if I could get a sense of people or place from those snippets.  It was a long time before the next flight!

I've decided to start something similar!  Just a list, but then the web is full of those, of ludicrous SPAM subject lines that are supposed to entice me to open unsolicited mail. Above all the email 'noise', could there be some genius out there?  These are all genuine SPAM filter catches, believe it or not.

Feel free to send me your best SPAM subject lines and append this blog.

THE LIST

spoonful brainwashing

good morning iamjustsendingthisletter

make your fat friends envy you

Blog crap smell

Wish could quietly dating Versace

Bet spiritually

Can’t stand sex all night long?

Please summarize your experience in the nuclear power field other than as a Fire Marshal if applicable.

He played some Christmas music and Howard said that they're going to hell for that.

Earth's Crust Missing in Mid-Atlantic

teleprompter then heinz

Well done Norwich Union!

Got a very speedy response back from NU, who clearly have got their finger on the pulse!

Here's what they said ...

"Further to your email earlier today thank you for bringing this issue to our attention so quickly.  We are extremely sorry for any upset this has caused to those who received it.

At Norwich Union we are committed to providing a first class service and we hate junk e-mail as much as you do.  We have a rigorous internal process designed to ensure that all our customer communications comply with advertising standards and the Law. Unfortunately, in this instance, the omission of our normal “unsubscribe” facility was not noticed.

We have discussed this with the company who broadcast our emails for us and as a result of this conversation and the recommendations received we have implemented the following actions with immediate effect:

1.    We have removed anyone who has complained from receiving any future email marketing communications
2.    All future marketing emails will include the opt out option.

We sincerely apologise again for any inconvenience this may have caused to those who received the email it certainly was not our intention to upset anyone. 

If any customers who received this would like to unsubscribe from future marketing communications they can contact us at the following e-mail address. They will need to use the e-mail address which they would like us to remove from future mailing lists and state ‘unsubscribe’ in the subject box."   webmaster@norwich-union.co.uk

Thank you, is what I said.

A word of warning to others

If you're going to outsource your electronic contact to an agency, make sure that your agency selection process includes finding out about their knowledge of current contact legislation. There are many agencies out there who really do know their stuff, but even the best will usually admit to being a 'bit rusty' when it comes to the law.  Try them out on Regulation 8 of the Electronic Commerce (EC Directive) Regulations 2002 SI 2013 or the recent changes to the Companies Act 2006; you have got a 'proper' footer haven't you?

Regulation 8 of the Electronic Commerce (EC Directive) Regulations 2002 SI 2013??

"A service provider [that's you the sender of the message] shall ensure that any unsolicited commercial communication sent by him by electronic mail is clearly and unambiguously identifiable as such as soon as it is received [in other words, no 'Hi message from Andy' in your subject lines].

iCompli's information law and privacy expert Duncan Smith gives talk to UK Charities

On February 21st, Duncan Smith presented a fast-paced presentation to UK Charities about the benefits of permission-based marketing and how key fundraising activities are impacted by both UK legislation and industry codes of practice.

The wide-ranging talk tackled some of the more difficult questions faced by fundraising managers, including donor database cleansing, re-consenting for expanded marketing and the vexed question of email opt-in versus direct marketing opt-out.

"Judging by the questions I fielded after the presentation, it was clear that the ideas I presented for re-consenting lapsed donors and how to stop donors from opting out of direct marketing struck a chord with many". Duncan Smith.

In conjunction  with the event, iCompli are running to charity focussed one-day workshops, to help fundraising managers and membership managers get to grips with the data protection act and the privacy and electronic communications regulations.

"With only 40 places available, we expect that we should have some packed, fun days!" Duncan Smith

More information about these workshops can be found here.

For the first time courts will be able to jail people who trade in - or deliberately misuse - the personal data of others.

The Department for Constitutional Affairs (DCA) today said it planned to lock them up for up to two years, along with anyone else who might spread other people's private business about for other reasons.

Lord Falconer, Secretary of State for Constitutional Affairs and Lord Chancellor, said:

"We are determined to do all we can to stamp out this intrusive and illegal trade".

The Government intends to amend section 60 of the DPA to increase the penalties available to the Courts. Currently section 60 provides for:

• On summary conviction, a fine not exceeding the statutory maximum; and
• On conviction on indictment, a fine (unlimited).

• On summary conviction, up to six months imprisonment (increased to twelve months imprisonment in England and Wales when s154 of the Criminal Justice Act 2003 comes into force); and
• On conviction on indictment, up to two years imprisonment.

As for when this will become law, the DCA says, "The Government will introduce this amendment when Parliamentary time allows".

"Thousands of doctors have had their detailed membership records wiped out following a huge computer failure in a new IT system built for the British Medical Association" : Guardian Friday February  2, 2007 ...

"the collapse of the system has led to huge numbers of members being removed from its records without their knowledge."


The question from a data protection perspective has to be whether this now exposes the BMA to compensation claims from doctors who suffer financial damage (and subsequent distress) as a result of the loss of their detailed records.

One source is quoted as saying "The worst case scenario would be where there was a major instance of unfair dismissal and they weren't supported - they can cost hundreds of thousands of pounds. It is worrying, and could definitely lead to problems."

If such a failure to provide support was attributable to the failure of the BMA to adequately protect the doctors personal data of the doctors, then a claim for compensation under the Data Protection Act 1998 would be  a likely next step.

A compensation claim of this nature could also have a significant element related to the distress suffered by the doctor.

This could turn out to be a very costly Ctrl Del!



Technorati Tags: bma, data protection act, compensation

Reported in - Computerworld Dec 14th 2006.

A laptop containing the personal information on 382,000 current and retired workers of Boeing Co. was stolen from an employee's car earlier this month, according to Boeing spokesman Tim Neale. 

The information included employees' Social Security numbers, home addresses, telephone numbers and birth dates, as well as salary information [D'Oh!], Neale said.

Although the laptop was turned off and was password protected, Neale said the data on it was not encrypted.

Want a good, cheap encryption solution?

Check out TrueCrypt.

First published in the Salisbury Journal here

Labour Councillors want information about Housing Association Stock transfers, Salisbury District Council (apparently) don't want to provide it.

The District Council cites Data Protection as the reason for not releasing addresses, but a similar disclosure has already been "approved" by the Information Commissioner in Mid-Devon District Council.

Despite the Mid-Devon ruling, Salisbury District Council is holding out, and is prepared to seek outside legal advice.

Seems to be some confusion here over whether it's the Data Protection Act or the Freedom of Information Act that applies, but either way it seems as though the legislation is being used as a political weapon rather than its intended purpose!

Up to speed on data sharing in the public sector? If not, take a look at these documents on the iCompli website.

Privacy and Data Sharing: Survey of public awareness and perceptions
Public sector data sharing: Guidance on the law

Where's the best source of advice?

I wish I knew the answer! How about where are the good sources of advice?

O.K. that one I can help with.  In researching the privacy issues relating to email marketing, we spend a lot of time immersed in the murky world of agencies et al. and we do come across good sources of advice and guidance.

Here'a a couple of pointers to sites that have proved valuable to us.

For a wide spread of information, particularly links to other sites, try the email marketing reports site at http://www.email-marketing-reports.com/

For a great combination email marketing knowledge combined with some great technology, check out the folks at emarket2.com.

And, last but not least, there's a wealth of resources on the iCompli site including the very popular flow chart to help you understand the opt-in opt-out requirements of the Privacy and Electronic Communications Regulations.

Theft of data from employee's house raises data protection issues

"As many as 26.5 million veterans were placed at risk of identity theft after an intruder stole an electronic data file this month containing their names, birth dates and Social Security numbers from the home of a Department of Veterans Affairs employee" Washington Post.com

This is the biggest single loss of current social security numbers, and puts millions of individuals at risk of identity theft.

In our work as data protection auditors, we often encounter offsite backup media being stored, unencrypted, in staff homes.

Just don't do it!  If the media must be stored in your house, make sure it's encrypted.

The legality behind the transfer of Passenger Name Records (PNR) from Europe to the US collapses today as the the European Court of Justice today ruled the existing deal illegal.

Under the previous PNR "agreement" European airlines had to provide the US authorities with 34 pieces of information on each passenger including names, addresses and credit card information, within 15 minutes of a plane taking off.

Civil Liberty groups have always opposed the agreement, and it now looks like they have the upper hand.  Interestingly, the ECJ did not annul the deal on the grounds of privacy, but on the technicality that the Data Protection Directive only covers commercial data and not personal use.

Commentators do not envisage that flights between the EU and the US will grind to a halt, but they are predicting a messy, time consuming (and expensive) road ahead.

Full story in the TIMES