I love it! But that is also forced consent, since you have absolutely not
been given the chance to object!
I am in process of using their website to serve a Section 10 notice on them
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Howarth (RGC)
Interim Information Governance Manager
Sent: 03 February 2006 11:26
To: [log in to unmask]
Subject: Re: [data-protection] BT SMS service
Well BT have got back to me saying that they understand I wish to be removed
from their SMS alerts - which was not what my e-mail said!
Interestingly has anyone else noticed this paragraph in the sms terms and
conditions?
"24. We exclude all liability of any kind (including negligence) in respect
of any third party information or other material made available on, or which
can be accessed using SMS text services."
Including negligence? Surely this can't be right? They appear to be trying
to say "Don't blame us if we give away all your information".
Bizarre. It must be Friday.
-----Original Message-----
From: Tim Trent [mailto:[log in to unmask]]
Sent: 03 February 2006 10:56
To: [log in to unmask]
Subject: Re: [data-protection] BT SMS service
The reason I extend it to "part of a policy" is to make sure that the
defence is formal. It is far easier to be able to refer to a set of
retention periods in a retention policy that you can back with documentation
of the decision process than to pull the retention period out of thin air
when challenged.
Equally it is clear that different data has different retention periods. A
marketing campaign has a short life. A customer relationship, including
that of past customers has a longer one. One size truly does not fit all
BTW Simon, since it is Friday, do you govern Interim Information ;)?
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Simon Howarth (RGC)
Interim Information Governance Manager
Sent: 03 February 2006 10:26
To: [log in to unmask]
Subject: Re: [data-protection] BT SMS service
Defensible is the key. I have always found that if you request a view from
the ICO they (usually) will agree to what you propose so long as you are
justified.
This is also an issue with breakdown companies. I did some training for a
well known one and they were interested in retention. When a person rings up
and says they no longer require brakdown cover because they have a new car
with cover included, the company was aware that they would like to contact
the customer again when their warranty was running out (or breakdown cover).
The possible solutions were very interesting and innovative too, but it was
solved for all concerned in a reasonable way.
Any company should be allowed to do this, otherwise you are just tying them
up in knots.
Simon.
-----Original Message-----
From: Tim Trent [mailto:[log in to unmask]]
Sent: 03 February 2006 10:13
To: [log in to unmask]
Subject: Re: [data-protection] BT SMS service
Provided the retention period is defensible, part of a policy, and
reasonable I am in complete agreement with you, unless by "any" you mean
"for ever", when I disagree.
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Nigel Roberts
Sent: 03 February 2006 10:08
To: [log in to unmask]
Subject: Re: [data-protection] BT SMS service
In my opinion, there is no fair reason for preventing any company (even a
large one like BT) from retaining data on former customers for ANY
reasonable length of time.
It is historical commercial data of relevance.
Your argument seems to be based on more on competition considerations than
Data Protection. In that regard, bear in mind that until extremely recently
BT was prevented (by the price cap) from offering lower prices than its
competitors . .
Nigel Roberts FBCS
(ex-BT software developer)
Simon Howarth (RGC) Interim Information Governance Manager wrote:
> In the main I agree with Tim here, it's the context of the information
> that is important. I had a chat about this with a colleague who
> immediately thought about checking the phone bill of her friends
> estranged husband who says he never has any money for child support
> and can't afford to pay his bills. You have to rememember that
> potentially any piece of information is personal information if it can
> be match with other data to identify an individual, the fact that I
> can find out when the bills have been paid for all the phone numbers I
know, makes that personal information.
>
> It's this ability that could lead those with the time/energy/lack of
> ethics, to garner more information and use it.
>
> Martin is wrong in saying that the enquiry appears to relate to a
> phone bill, yes it does, but a phone bill is paid by someone. Utility
> companies have spent a lot of time and money moving their information
> management from a "household" to a person for this very reason. IN the
> same vane as the anecdote above, one company I worked for, often got
> calls from one of a seperated couple trying to find out this very fact
> -
how much was owed.
> Whilst BT haven't gone this far (you need an account number to do that
> - and that has implications all of its own) it's still not right or
ethical.
>
>
> On the subject of BT keeping old customer's (not customer's who are
> old)information, I do not see the problem in that so long as there is
> a strict retention policy. For example I helped to put in place a
> mechanism for a mobile phone company that allowed (with a nod from the
> ICO) contract data for two years. The argument being that a customer
> will have left more than likely for another contract to which they
> will be tied into for 12 to
> 18 months. The company would then contact them after 10 months to ask
> them to come back, then again at 16 months and finally at about 22
> months. If they have not come back after that, then the main details
> are removed and only basic account data is kept for legal and
> management reasons. I believe it has served them well.
>
> As for new market players I don't think that is relevant. As a new
> player you buy your contacts (legally), or generate them yourself. If
> a company already has this information through their own endeavours
> and have the permission of the individuals to use it and they use it
legally then fine.
> The new player will get there eventually....
>
> Simon.
>
> -----Original Message-----
> From: Tim Trent [mailto:[log in to unmask]]
> Sent: 03 February 2006 07:31
> To: [log in to unmask]
> Subject: Re: [data-protection] BT SMS service
>
>
> Now that gets more interesting.
>
> Let us assume that the data is "debatably personal" but definitely
> confidential.
>
> Data must be processed fairly and lawfully.
>
> My private phone number (foolishly) appears on my private web site
> (OK, it doesn't, but it could), and my private web domain is
> registered correctly so a "whois" search can find who I am. I live
> alone with my 27 cats. It says so in my web site. (Please keep real,
> here, I only have two cats, my neighbour's greyhound killed the third
while he watched).
>
> We now have the conditions where breaching confidentiality is unlawful
> (surely?) and my phone number is capable of identifying me as a living
> individual together with the other information which is easy for
> anyone to posses. There will be a short survey about how anally
> retentive I am shortly, plus the colour of the anorak I wear while
> spotting trains at Clapham Junction. That makes both unlawful
> processing and not keeping my data safe and secure.
>
> Add to this transfer of data to arbitrary third party, and also to
> arbitrary third country (coz they have phones in darkest Swynthia, and
> it is not a safe haven
>
> So, civil issue for tort over confidentiality. DPA complaint re lack
> of security, unlawful processing, transfer to third party and transfer
> to third country.
>
> I fully expect the UKIC to take precisely no action, because BT will,
> by then, have ceased processing in this manner, and, as we know, he
> does nothing about offences after you stop committing them. {I am so
> glad you have stopped killing your patients, Dr Shipman. Please carry
> on, you are an excellent GP; you have such youthful and fit patients,
> too; it's a pleasure to visit your surgery.]
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Martin Hoskins
> Sent: 03 February 2006 00:26
> To: [log in to unmask]
> Subject: Re: [data-protection] BT SMS service
>
> I'm playing the Devil's advocate this Friday morning! In a post-Durant
> world are we really certain that the information that BT is sending by
> SMS really is "personal data"?
>
> BT might argue that the information was confidential, but that it was
> not sufficiently "pesonal" to fall within the ambit of the DPA. After
> all, the account could be a corporate account, or it could be used by
> someone (or the bill paid by someone) other than the individual to
> whom the account may have been registered. The information being
> released by BT appears to relate to the phone bill, which seems to be
> some way from the Durant test of personal data, which is that the
> material needs to be biographical or about someone, rather than about
something that has a less precise link with an individual.
>
> I agree that BT appear to have acted foolishly in allowing "anyone" to
> learn of the date that a particular phone account was paid. But I
> would suggest that BT is closer to breaching the tort of confidence
> than
it is of the DPA.
>
> Just a few thoughts to stimulate the debate!
>
>
> --------------------------
> Sent from my BlackBerry Wireless Handheld
>
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> To: [log in to unmask]
> Sent: Thu Feb 02 20:34:07 2006
> Subject: Re: BT SMS service
>
> Remember the friend whose bill I checked? Well he called 150 and then
> pressed 9 to get straight through to the customer service team.
>
> After telling him that this was a matter for his mobile provider, O2
> and hanging up on him he called O2 and found that the short number
> belongs to "SSSN" a subsidiary of BT. He called back and suggested he
> might be about to unleash the hounds of hell upon them. He has a
> sense of
the absurd.
>
> This crew had heard of the problem. Apparently they'd had another
> call about it this evening. I wonder who that was?
>
> They are referring it to the Data Protection team and senior
> management in the morning. My friend is referring it to the UKIC and
Ofcom.
>
> And he is passing the baton to a few friends of his.
>
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Ian Welton
> Sent: 02 February 2006 20:05
> To: [log in to unmask]
> Subject: Re: [data-protection] BT SMS service
>
> Given that BT consider the service of such importance it apparently
> warranted a SMS message to all its SMS subscribers (with perhaps other
> marketing material yet to come) I wonder if they will consider the
> security issues created sufficiently problematic to report any
> breaches that occur to the data subjects affected thereby allowing the
> data subject to decide if they constitute a serious enough offence
> against
them to take action?
>
> Or maybe subscribers will be left in the dark and reliant upon subject
> access to try and find details of how any experienced compromise was
caused.
>
>
> Ian W
>
>
>>-----Original Message-----
>>From: This list is for those interested in Data Protection issues
>>[mailto:[log in to unmask]] On Behalf Of Tim Trent
>>Sent: 02 February 2006 17:31
>>To: [log in to unmask]
>>Subject: Re: BT SMS service
>>
>>
>>I am in the middle of "150" at present and listening to "elevator
>>music" between talking to a very pleasant lady who has a colleague
>>with her who "knows about the service"
>>
>>She has asked me if I had my friend's permission to enquire about his
>>bill payment. I explained that I did not, but that I would tell him
>>this evening, and that he would be angry and would doubtless make a
>>formal complaint as well. She did suggest that my enquiry may be
>>fraudulent! I was very polite and did not laugh at all.
>>
>>This is an odd one. I believe that it is Data which, "with other data
>>in the possession of..." is capable of identifying a living
>>individual. Others may disagree
>>
>>Terms and conditions are at
>>http://www2.bt.com/static/i/btretail/panretail/sms/Terms_condi
>>tions.htm
>>
>>Been on the call 20 minutes so far. I am glad I am not in the smelly
>>call box in the village!
>>
>>We do have BT's data protection guru on this list by the way!
>> She's a very nice practical person. I bet no-one asked her about
>>this service though.
>>
>>More when I get the call concluded
>>
>>
>>-----Original Message-----
>>From: This list is for those interested in Data Protection issues
>>[mailto:[log in to unmask]] On Behalf Of Tony Bowden
>>Sent: 02 February 2006 17:13
>>To: [log in to unmask]
>>Subject: Re: [data-protection] BT SMS service
>>
>>On Thu, Feb 02, 2006 at 05:00:33PM -0000, Tim Trent wrote:
>>
>>>>I phoned BT to complain, but neither of the two people I talked to
>>>>seemed to even be aware of the service, and certainly
>>
>>didn't know how
>>
>>>>to handle enquiries about the privacy implications of it. I'm
>>>>currently waiting for someone more senior to call me back.
>>
>>>How on earth did you find a number to call?
>>
>>On the www.bt.com/sms page there's a "terms and conditions" link.
>>
>>Buried in that page (para 10) there's mention of their "Customer Care
>>line on 0800 800947"
>>
>>That doesn't really seem to be a Customer Care line though, as the
>>first person I spoke to said he'd have to pass the enquiry onto
>>Customer Care.
>>
>>And of course, 45 minutes later, I still haven't received my
>>"15 to 20 minutes" response ...
>>
>>Tony
>>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>>Any queries about sending or receiving message please send to the list
>>owner
>> [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> All archives of messages are stored permanently and are
>> available to the world wide web community at large at
>> http://www.jiscmail.ac.uk/lists/data-protection.html
>> If you wish to leave this list please send the command
>> leave data-protection to [log in to unmask]
>> All user commands can be found at : -
>> http://www.jiscmail.ac.uk/help/commandref.htm
>>Any queries about sending or receiving message please send to the list
>>owner
>> [log in to unmask]
>> (all commands go to [log in to unmask] not the list please)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 267.15.0/248 - Release Date: 2/1/06
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> All archives of messages are stored permanently and are
> available to the world wide web community at large at
> http://www.jiscmail.ac.uk/lists/data-protection.html
> If you wish to leave this list please send the command
> leave data-protection to [log in to unmask]
> All user commands can be found at : -
> http://www.jiscmail.ac.uk/help/commandref.htm
> Any queries about sending or receiving message please send to the list
owner
> [log in to unmask]
> (all commands go to [log in to unmask] not the list please)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
