I come rather late to this discussion but pass over the basic P1 and P2 issues about the exercise, save to pint out that it is of course not marketing but market research.
This looks to me as if it must be regarded as a DC/DP relationship with the company basically doing as it is told. If so there would be no reason not to include the suggested addition to the program, PROVIDING it would be OK if the exercise was being handled in house. Appropriate arrangements and safeguards should be added to the contract
Previous comments seem to have been focused on those who might be contacted and be upset that they have been located in this way. That seems to me to miss the point. If it is OK to contact those who already provided their numbers at point of contact then this does not seem to go that much further.
Surely the bigger risk in privacy terms is is the exercise goes wrong. You match a number which turns out not to be the victim / witness. The wrong person is then contacted in a way which may well compromise the status & info of the right person with unknowable consequences. So the exercise may be OK in principle ( if happy on the basic P1/2 issue) but need to be pretty close to 100% confident that there will be no mismatches.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|