The answer is "Beware" How do you know you are not cloning addresses for a partnership (except in Scotland) or other individual subscribers? And perception-wise "Who gave you permission to email me and where did you get my data record?" The answer "Beats me!" is not appropriate. You may do it within the law, but you are unlikely to be within the recipients' perception of the law. Now, do you dare risk SPEWS? NANAE? And what will you say when your IP addresses are spam blocked and listed as such? Or when your ISP says "Time to kick you off. We don't allow spammers her" and closes down your email and website? Or when your domain registrar parks your domain in limbo? GoDaddy did this to www.gdscott.net for spamming. It has now expired, but they kept it in limbo until it expired. I'm sorry to say this fails the "Duck Test". Legality is the least of your concerns here. -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]] On Behalf Of Duncan Smith Sent: Friday, November 19, 2004 2:34 PM To: [log in to unmask] Subject: [data-protection] email append, lawful? I'm particularly interested in the legality of auto generating (corporate) email addresses. You know the thing where I know your first name and surname, and therefore a machine can have an educated guess as to your email address if the company domain is known too. Duncan Smith works for iCompli, therefore his email address is probably [log in to unmask], or [log in to unmask] etc etc. At an emotional level, there are of course many reasons why this is not best practice email marketing; but that's not my concern (in this thread at least!). I'm interested in the legality (DPA/PECR obviously) and whether or not there is a particular breach that prevents this type of email appending. Breach of the first principle is a prime candidate, but it appears as though Schedule I Part II 2 (1) (b), the bit about data not obtained from the data subject, gives the email appender a legal mechanism to carry out this process i.e. s/he can create the email addresses, and then give fair processing information to the data subject in the body of the message, along with all relevant opt-outs etc.. This is not about 'hard core v|agra spamming' by the way, but the very reasonable process of enhancing an existing customer database with a new channel of contact. Regards, Duncan Smith Director iCompli Limited Northampton UK t: 08707 70 48 66 f: 08707 70 48 69 m: 07775 56 81 80 Mailto:[log in to unmask] Web: www.icompli.co.uk <http://www.icompli.co.uk/> Ecademy: See me! <http://www.ecademy.com/account.php?id=34586> "Compliance in your language" ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^