Fridays are great for trivia

I finally figured out how to add the "Digg It" code to this blog. Actually I mean someone had to show me. Of course you have to edit it to get the background colour right! I deleted that parameter.

Designing a presentation?

I came across this Don McMillan video the day before my wife was subjected to some fool reading every single word on her slides at her and her colleagues.



This is just an excerpt. Watch and weep.

Data Breaches Undermine Consumer Confidence

Yes, it's official!

But, seriously, and though we didn't need a study to know this, we did need a study to show this. That's where the Ponemon Institute and Vontu come in. Their study, released on Monday this week, shows the following figures:

A majority of respondents are changing their purchasing behavior due to heightened security concerns:

• 62 percent of respondents have been notified that their confidential data has been lost.
• 84 percent of those respondents reported increased concern or anxiety due to data loss events.
• 62 percent of respondents said that they would be more upset with a company that lost their information due to negligence than if that company lost their information as the result of theft.
• 36 percent of respondents stated that they would not use their credit or debit card to make a purchase with a Web merchant they don’t know.
• Respondents who have received notification are more cautious when sharing their credit card (43% vs. 32%) and debit card (44% vs. 32%). In other words, findings suggest that breach notification may affect consumer behavior.
• 45 percent said they would not provide their Social Security number on a website.

In addition, the 2007 Survey on Consumer Privacy identified the following as the Top 5 Data Privacy Concerns of consumers:

• Medical Records
• Pharmaceutical History
• Credit Card Number
• Debit Card Number
• Social Security Number

In addition, most respondents stated that they would be most concerned if their healthcare provider, pharmacy or employer lost their information.

This makes interesting reading, and you can read more at ComplianceAndPrivacy.com where there's also a link to the report itself.

Spam, Scam, phishing trip, or the genuine article? You be the judge

My colleague, Bernard Jones at HaveBalls.Net received this by email:

THE ASSOCIATED  SOCIETY  OF  FOOTBALL AGENTS
PROFESSIONL, SUMMER FOOTBALL TRIAL
info@tasofa.org
www.tasofa.org


We are football Agents based in Asia with our head office in Thailand 204 Sathong Rd. Patunum Bangkok. It is affiliated to numerous top professional football clubs in Europe, Asia and America. It was founded in the year 2004.Our job is to scout for talented football players that would like to play professional football career in
Asia, Europe and America.
Many great players have been late starters in life So it's how to get spotted in the first place. How do you get that first foothold on the ladder? The introduction the of the football trial has opened the doors to hundreds of footballers, and clubs have a plethora of scouts ranging all over the world looking for boys to add to their squads.This program has been set up to help people realise their dreams. We will never promise that we can make dreams come true but we can certainly help by presenting people with the right opportunities. We want to help all those talented young men  that don't ever happen to be in the right place at the right time. If you are serious about your talents and you want to put yourself in the best situations then we really can help! We love talents and we want to help those of you who love
football as much as we do.
Please we would like to inform you that the first 180 applicant will be invited for the trial program and their ticket through and from including feeding and shelter will be taken care by us. Your football kits will be provided by Adidas our partner
in this program. We shall also secure visa to Thailand for you in the name of our organisation. More so, our selection for professional football career will not be based on ethnic origin, color, race, nationality, religion or sexual orientation but
your ability and skill in the field of play which will be determined by technical crews of the clubs who will be present through out the trial period. We would not allow racial discrimination or any misconduct during the period of this program.
More importantly we also do not want people to abuse this gesture and use it as an avenue or opportunity to come to Thailand for any other purpose other than the proessional football trial program. However at the end of the one months trial program which will commense on 25 JULY 2007 and end on 25 AUGUST 2007 the unsuccessful ones will return to their country with their return ticket. while the successful ones who were picked by clubs will sign a one year agent- player contract with our organization. Therefore making us the organization your agent for the period of one year.
To participate in the trial go to www.tasofa.org and fill in the form at the contact page.
Please be informed that the organization will make a background check on all the information you provided.
Mr. Chai Khapaw
(Information department)
The formatting is preserved.  This looks very much like a posisble advance fee fraud to me, but you be the judge.  What do you think?

Carnival of the Mobilists #79

How fitting that Jag is hosting this 79th carnival at route 79! I contribute to some, and read all. Mobiles are taking over the world, especially if you watched Saturday's Dr Who for the way to deliver a mass hypnotic message to elect a new prime minister!

The Tea Trade is unsuited to eCommerce

Thinking of the Tea Clipper 'Cutty Sark' (do, please, sign the petition to restore her as a fully working, floating sailing vessel, by the way if you live in the UK), and the Tea Trade and the way it made Britain great, I was amazed that I could not buy tea to ship to a friend in deepest rural Florida with any degree of ease.

She loves Twinings English Breakfast Tea. She tries other teas, but it always comes back to that one. So I send her tea.

I can buy tea in the UK, make a parcel and ship it to the USA, doubling the price of the gift.

Or she can buy the tea in the USA on www.twiningsusa.com and pay for it herself, thus making the gift and the surprise an irrelevance.

The problem is the eCommerce setup, and this was confirmed to me by the Twinings UK Customer Service line (no criticism of the customer service line at all; this one understands that it has a marketing role). Twinings expects each individual who buys its tea to live in the country where the tea is to be delivered.

It also expects people in rural USA to have street addresses for parcel delivery. But many people in rural Florida, while they obviously live somewhere, only have a PO Box number for deliveries. And I certainly don't want to spoil the surprise by asking for the street address.

So I can't, however hard I try, use Twinings and their eCommerce system to send tea to my friend.

I've emailed Twinings, both in the UK and the USA and asked them how to do it. I'll brief you if they tell me how. Or, I suppose, when they tell me that I can't do it.

And this is the Tea Trade!

Bluetooth - Good or bad for Marketing?

I've been discussing Bluetooth Marketing with Troy Norcross over the past few weeks. He and I hold similar views, though I'm sure we disagree around the edges, that Bluetooth could become intrusive if deployed as a marketing tool in the highstreet (for example).

A while ago I wrote about the possibility of high street stores blasting out a bluetooth message to all and sundry who pass by, and the concept of a sex shop advertising the latest adult toys to passers by, including minor children. You'd actually be amazed after that post at the number of search engine hits on this blog using the phrase "Daddy, what's a vibrator for". Or perhaps you wouldn't, knowing that this is, after all, the internet.

Many people have said to me "It's ok. Bluetooth has to be set to be visible, and you have to accept the message."

At first sight that looks good. Only it is not good. Any kid can change any setting in their phone far easier than any adult! If you want your VCR programmed you ask a three year old, right? And show me a kid who can resist accepting a message? This is the SMS generation and beyond. They text instead of speaking! "Wow, a bluetooth message! I'm having some of that!"

Bluespam is self limiting. The transmitters have a limited range and they have a limited number, per transmitter, of simultaneous pairings with remote devices. It's probably not, at least currently, cost effective to provide the infrastructure, and it probably isn't cost effective to rent transmission time because of that. But people are experimenting, and that's reasonable provided there are safeguards in place.

The question I am throwing open is "What safeguards are needed, and how should they be implemented?"

Answers in comments here would be great, as well as feeding back on other people's comments. So drop by often to see what's happening.

Market research to an "individual Subscriber" by email

For some reason "market research" has some sort of legitimacy that "marketing" does not. There is some hallowed ground for the market researcher that means that, once stepped upon, the law is different for them. The ideal of permissioning does not seem to enter their heads.

I received this email the other day:

Holden Pearmain is a UK based market research agency (www.holdenpearmain.com). We are contacting you today to ask you to take part in a short on-line survey on behalf of a major financial services organisation.

As a thank you, we are entering everyone who completes the survey into a prize draw with a first prize of £1000, two second prizes of £500 each and ten third prizes of £100 each.

This organisation is committed to continually improving the services offered to their customers and potential customers. In order to do this, they need to have a good understanding of your preferences and opinions. It’s a chance for you to directly influence the types of products that you will be offered in future.

The survey is about credit cards and some related issues and will only take about 15-20 minutes to complete. You will be made fully aware of which financial services organisation has commissioned this research towards the end of the survey.

To take part in the survey, please click on this link http://www.gmi-mr.com/survey/s.phtml?E_76547_e740b69afbdba001ab8c57714bfd21eb

All the surveys we carry out are conducted within the Market Research Society’s Code of Conduct (you can find details of this at www.mrs.org.uk). This code guarantees:
• the confidentiality of the information each respondent provides,
• that respondents are not coerced or misled when taking part in a survey,
• that findings are only ever reported back to the client anonymously and at an aggregated level, and
• that no sales communications will result from your taking part.

We are only interested in your preferences and opinions and you will not be asked to divulge any account security information at any point in the survey.

I do hope that you will be able to take part. Thank you.

With best regards,

Penny Orpwood
Research Director
Holden-Pearmain

And I replied to them thus:

From what source did you obtain my email address?

For what purposes do you hold it?

No reply, so I started my own research today. I clicked the Holden Pearmain link and got to a fancy-schmanzy website that just runs a repetitive presentation, or so it does in my browser, Firefox (but, in IE, it runs all the way through to the corporate website). More on that later, because I have just spoken to Penny Orpwood who really exists, and is part of a decent sized and ethical company.

I checked the whois record. Interesting. No phone number, but an address of a different organisation. BT.com says "unlisted number" for Martin Hamblin Research, so my hackles were even further raised. I also checked the domain that the email is from, globaltestmarket.com to see a US address. Further hackles rose.

However I hit the jackpot with a Google search and clicked the "Contact Us" item.

Bingo. Penny Orpwood is real and answers the phone. We had a pleasant, professional conversation. I mentioned the Firefox issue with their website. That had been the thing that really got me annoyed. Websites optimised for Micro$oft's non standard, all pervasive, market share losing browser that exclude standard browsers are a pet hate of mine.

She is finding out where my email address come from and what permissions came with it. I fear the survey is for Sainsbury's Bank! I'll find out shortly by completing it.

But the point is that I do not expect my private email address to get this type of "invitation". You see, research or not, I perceive this as spam. Perception is reality, so, for me, this is spam, whatever the regulations say.

And the lack of a decent way of tracking these people down (Missing because of the website problems) made them look like a cheap, fly by night, shoddy organisation, something they are not. Interesting, isn't it, that the webmaster is a key element in brand protection, too. And would it not have been far better of the email had complies with the new regulations that mean in the UK that such emails have to have the registered address and VAT registration number of the sending corporation? And included a phone number?

This weeks Carnival of the Mobilists is live.

As usual it is wide ranging and thought provking.

What is a Data Protection Audit and why do I need one?

A large part of my consultancy work is providing corporations with Data Protection Audits. I just wish the UK law were called the Data Privacy Act, not the Data Protection Act, then people would understand the need more easily.

We need to start with the individual's rights when their personal data is processed. Anyone who processes personal information must comply with eight principles, which make sure that personal information is:

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection

The individual has the absolute right to know that the person processing their data complies with these eight principles, and may, where inappropriate processing is performed, require that processing to cease forthwith.

I've worked with both B2B and B2C in this. And the objective of the audit is to show the corporation where they are at risk with respect to the eight principles.

Let's be clear at once: There is no corporation that can easily comply with every aspect of the law and continue to trade economically. In the same way that you choose to obey or break the speed limit when driving, corporations assess the risk of breach versus compliance and choose the level of risk to accept. And compliance across Europe is impossible because the laws are drafted differently, which implies that global compliance with the ever emerging legislation is impossible.

The solution is to adopt a set of best practices which demonstrate sufficient compliance for the regulators to decide not to get the drains up.

That's where the audit comes in.

An audit does absolutely nothing except provide a datum point of the current state of compliance, and a map of the risk areas. It provides precisely no missing policies, no missing contractual terms, and no advice. It's a starting point, pure and simple.

An audit addresses all the databases in use, highlighting where the auditor is concerned that extra data may exist that has not been vetted, and looks at touch points with the outside world, data flows between internal teams, and data flows across national boundaries. Each of these areas carries risk if the law is not followed.

The most common objection I get is from the sales director and the marketing director. It runs along the lines of "If we do all this we'll have to close the business down. We might as well not be trading." And they have a valid point at first sight. But the challenge they face is that the law is the law, and they are duty bound to trade within the law.

This is where risk acknowledgment and acceptance comes in. Note that my advice is not "you can break the law here, here and here." It is instead "Once you understand the risk then we can work together to put in efficient processes that mitigate it." After all, sales must be made before anyone gets paid.

The audit, a good audit, should present a simple management overview of the risks, prioritised into Breaches and Advisories so that the business managers can address the true business impact of each, and can plan ways of mitigating the risk.

Is Google's new, shorter, 18 month data retention period good news?

"New Google Policy Means Less User Data" says Michale Estrin's article in iMedia Connection. Matt Cutts also refers to it when he offers highly valid criticism of Privacy International in his blog.

As the lead paragraph says:

"Google has offered the first olive branch in its battle with European Union regulators concerned over user data retention. Yesterday, the search leader said it would store data for no more than 18 months, amending a policy that kept private information for up to two years. EU regulators welcomed the move, according to a Washington Post report."

The thing about this is that it is not really significant. Look at Google's data collection for a moment. It collects data from at least these sources:

• Google Toolbar
• Google Desktop
• Gmail
• Google Groups
• Google Searches
• Google AdSense
• Google AdWords
• Google Earth
• Google Documents
• Google Chat
• Blogger
  

And there are loads more.

Now, let's ignore the oft used argument of the Daily Mail reader of "Those with nothing to hide have nothing to fear." That's the argument of the naive who have been duped by the oppressor. We'll also ignore the current populist, media driven fear that there is a paediatrician (oops, paedophile) lurking behind every bush waiting to abuse our children, and we'll set aside as mostly an urban myth the concept that dirty old men use the Internet to seek out and groom our kids for sex.

We'll look instead at the necessary human right of privacy, and the concept of being innocent until proven guilty. If we want to search for "teenage vixen sluts" then we have the absolute right to search for them. Provided the images are lawful images then we commit no crime by searching for them and by viewing the sites. If the images are not lawful, frankly the owner of the website should be the one prosecuted.

Of course, this privacy invasion has been caused by the USA being suddenly surprised that it was attacked on its own soil by a very simple and easy to implement stratagem of wrecking four aircraft in a rather nasty attack. The Department of Homeland Security and the very astutely name "US Patriot Act" have enabled massive attempts at intrusion into the lives of the majority in order to (allegedly) track down the anarchic minority.

Search engine companies, with the notable exception of Google, have kowtowed to officialdom and provided records of search information which has not been anonymised sufficiently to protect the ordinary citizen. Government uses the standard excuse that "it must intrude into the lives of citizens in order to protect them," and good upstanding citizens fall for it.

Google has stood up tall and said it will not provide this information. Now it says that it will not retain the information for longer than 18 months.

We know why it retains it, of course. It needs to provide marketing people with details of how effective their AdWords campaigns are, and to isolate click fraud. But does it need 18 months' worth?

Look back at all those sources of data.

Let's imagine that I have just searched for that explosive that is alleged to have been planned to be used in the "Alleged plot to bring airliners out of the sky" in 2006, the one you just can't make in an aircraft toilet because it's technically impossible. I've just emailed my friend Zaheer with details of my planned trip to Nice in August, and I've searched for a rucksack because my son is going hiking this summer. Google Desktop shows that I blog, sometimes with controversial matters as my topics, and I publish this in Blogger.

While I do have variable IP addressing, I use the same ISP, and my IP address is recorded in so many places. My name, from Gmail and Blogger at least is easy to associate with the data held by Google, and I am easy to trace through the Whois records of the domains I own.

All I have to do now is to mention AK47, terrorist plot, aircraft, and, presumably, George Bush, Tony Blair and Gordon Brown in the same paragraph and I can now expect that I will get a knock on my door in the wee small hours by someone who has interpreted my anonymised data by associating it all together and decided that I am a dangerous terrorist.

So Google has now cut its retention period by six whole months. You know what? Big deal. It's part of the "Do no harm" PR message, not a real act. It's a gesture. And it would not matter of they cut it to 6 months, or one month.

The data's still there in government monitored files anyway, still capable of bizarre interpretation, and still a total distraction from real police work in prosecuting real terrorists and real criminals instead of the extraordinary government announcements of plots that are so far fetched (New York fuel oil pipeline) as to be easy to label as PR to keep the government in power by frightening the populace.

So, it's an empty gesture, and not even newsworthy except in its emptiness. It will probably satisfy the gullible, just like planting a tree is meant to assuage guilt about carbon emissions, but that is as far as it goes

Safe Harbor - Why be confused any more?

I've answered a sudden rash of UK enquiries along the following lines:

"We're about to outsource our database handling to a US corporation. They are signed up to the Safe Harbor protocol. Does this mean I can just pass my data to them?"

The answer is a resounding "no!"

The Safe Harbor self certification means that the certifying corporation is declaring that it will protect its own data under the Safe Harbor rules. It says nothing at all about the data it processes on someone else's behalf.

If you are outsourcing your data, you need a Data Processor Agreement - a full and formal contract between you and your outsourcer, stating the contractual terms between you, and the penalties for non compliance.

You remain responsible, as Data Controller, of the data at all times. You are thus responsible for breaches of the law by your outsourcer.

Safe Harbor is as irrelevant in this relationship as would be Model Contract Terms, or Binding Corporate Rules when deployed within the outsourcer.

Ask not for whom the bell tolls.....

This "Sponsored Link" (or Google Advert, as we know it better) is hilarious:

I searched using Google for "Jail sentences for data protection fraudsters", and good old Ask.com turned up with this belter of an advert. Somehow it makes their geeky TV campaign all the more relevant. I wouldn't ask them the time after this!

Bluetooth broadcast IS BlueSpam - Update by UK Information Commissioner

As regular readers may remember, I have been speaking (emailing) with the UK Infomration Commissioner about Bluetooth marketing. Today I received a reply:

Dear Mr Trent

Thank you for your email regarding Bluetooth marketing.

Please accept my sincere apologies for the long delay in being in a position to respond to your query.

Your original emails referred to recent reports about the use of Bluetooth technology for marketing purposes by two well known companies, and asked if such use of this technology falls under our jurisdiction.

As you will be aware Regulation 22 of the Privacy and Electronic Communications Regulations 2003 applies to the transmission of unsolicited, direct marketing communications by means of electronic mail to individual subscribers.

I can inform you that we have been considering whether the scope of this Regulation extends to Bluetooth marketing and have recently been liaising with Ofcom, the DTI and members of the advertising industry on this issue.

Following this research and consultation we are reviewing our position and hope to be able to update and clarify our guidance shortly.

I am sorry not to be in a position to offer you a more conclusive response at this stage, however I am conscious that it has been some time since you submitted your enquiry and I did want to let you know that this is an issue we have been addressing. The updated guidance will be available on our website.

Interesting that their earlier advice says that the PECR does apply, but good to see that they are flexible. I imagine we have a long wait, now

Lack of Permission wastes time, costs money and causes anger

I think my colleague from the data protection list must attract idiots!

She sent me this one today:

I've just received a letter from a double glazing refurbishment & maintenance company

Nothing remarkable in that you might think. Except that it was addressed to

[named person]
[North Borsetshire] County Council etc (full address, but no job title or room number).

I was about to bin it when a second letter arrived to my head of office (the Director of Law & Personnel) offering the same invitation to quote for glazing service contracts.

Thought I'd ease my way into a Monday morning with a nice conversation with the "Marketing & Sales Assistant".

I introduced myself and asked where she had got my name and address. Was told "A and D Databases". She didn't know the contact details, and I didn't push her for anything, but she offered the name of Simon Broadhurst. I politely suggested that she might wish to check the quality of the information they were buying, as neither I nor my head of office were interested in purchasing a glazing contract - nor indeed did we actually have the authority to do so. I also pointed out that if this was the quality of data that they had bought, they seemed likely to be wasting a lot on misdirected letters and postage - and of course badly addressed mailing isn't actually very good for their business image. The next I heard was an aside to someone else at the glazing firm along the lines of "this lady's saying she didn't give consent for her name on the mailing list". Not quite what I said, but it may at least have alerted them to the potential problems with the quality of the information.

A quick google found what I suspect (though cannot guarantee) to be the source http://www.adhost.demon.co.uk/lists/lists.html

See for example the entry for "Public Sector Data"

"The definitive list for the Public Sector in the UK. The list is incredibly detailed and offers some amazingly detailed selections. Over 32,500 contacts - 5057 organisations covered - All records are named expect where a position is vacant - currently just over 30,000 named records. All records come with a full address and phone number plus functional, organisational and seniority information. Comprehensive coverage of all"

If the glazing company wants to keep wasting money by mailing me at my office that's fine (apart from the waste of paper). I guess they may start to learn though that you get what you pay for.........

You know, that list vendor's url is one I would never go to anyway. A domain name from GoDaddy costs flumpence thee farthings a year. A hosted server is about threepence more a month. And they expect people to buy from them if they don't invest in themselves?

Well, obviously double glazing companies buy from them! And then send a load of letters out. The most expensive way I know of throwing paper away is to put a stamp in it!

See also The R’s of e-mail marketing success. I know this isn't email., but the non "e" principles apply just as much.

As a Webmaster I look at Matt Cutts and his blog about things Google

Today Matt caught my eye with this item:

Sigh. Google as a company takes privacy very seriously. I personally feel strongly about protecting our users’ privacy. So I’m frustrated by a recent study that Privacy International did, and I want to know if I’m off-base in my reaction. I got back home from SMX and I’m surfing the web when I see this AP article entitled "Watchdog group slams Google on privacy"

I am a supporter, in the main, of Privacy International. I think they perform a worthwhile role. But they do seem to have fallen down on the job here. They are a political pressure group, but this report does make me feel that they have lost their way, as does the whingeing on their site about Google.

Google has stood up against delivering logs of its queries in any manner, should it be forced to disclose them, that identify an individual. One can criticise Google for several things, but not, I think, for this area of their business.

Under different management I can see how Google's huge databases could be used to identify individuals, and to silence "those who are not with us, and thus against us", and I can spot the danger of one corporation inside the most powerful nation on earth being conscripted by a corrupt government to identify enemies of the state. That is a thing to seek to ensure never happens, but this report is missing the point, surely?

Very like the UK's doorstep energy change "marketing"

A long video, not necessarily hilarious, but very good.



"Switch"

Domain Names can be very annoying things to manage

As most regular readers know, I own the domain complianceandprivacy.com. I have, for ages, been going through the process of first transferring legal ownership to me form the prior owner. Netnames made this hard, and charged me an arm and a leg in the process.

Paperwork was lost 4 times between us and Netnames, a corporation in whom I now have no confidence at all

I also want to move away from them to GoDaddy because Netnames charges £35 per annum for the domain and Godaddy charges $8.95.

This is, fortunately, free for .com domains, though they charge an arm and a leg for .co.uk.

It is also impossible.

Eventually, and after phone calls to ask what was taking so long, Netnames sent me an "Auth code" for the transfer.

Godaddy requires a Transaction ID and a Security Code.

Now the "fun" thing is that Netnames sets itself as the administrative contact so GoDaddy;s email with those in went to hostmaster@netnames... never to me, so I had no idea these existed. And, would you believe it, Netnames charges £15 to set the administrative contact to my email address despite the domain transfer being free.

All I want to do is to ensure continuity of service at a price that makes sense. And I am now stuck in the middle, wrangling again with my pet hate - Customer Service

Hidden terms and conditions are sharp marketing practice

I am sitting in front of a Dickinson & Morris Melton Mowbray Pork Pie. As you see from the picture it has 2 for 1 entry to English Heritage Properties with this pack. The idea is excellent. Tomorrow I am going with my wife and one of her friends to Dover Castle. I recommend Dover Castle as a place to visit, and do so especially this weekend when the Drop Redoubt is also open on one of the rare occasions that they open it.

I was to Sainsbury's to buy the picnic, and I was drawn to the pie. After all, I had to shell out £2.99 and get a ticket worth £9. That's a great promotion, great marketing, excellent value. The marketing worked. I have not yet eaten all the pies, but I was thinking about it as I drove home.

My wife was delighted. She obeyed the instructions instantly, went to www.porkpie.co.uk/eh and entered the barcode - 5028889001005 - and carried on to print the voucher. She did see a "Terms and Conditions" button before pressing submit, and she absolutely rejected any marketing uses for the data, but didn't read the terms and conditions because, frankly, you have to accept them to get the offer, so why bother?

You may not use the voucher to visit, among other places, Dover Castle.

The pie itself does have a limited set of terms and conditions. You can phone to get your entry voucher and also to leave a comment. I left a comment. But, and this is the point, nowhere on the pie itself does it tell me that I may not use this to visit Dover Castle. So the pie which I bought, partly to eat and partly as an entrance ticket, is only any use as a comestible.

I called the Sainsbury's customer careline. The lady I spoke to there agreed with me that she, too, would have felt ripped off by this cynical marketing, and she would also have felt like inserting the pie in places where processed pies are meant to leave the body. She did ask me if Dover castle was worth visiting. It is, and I said so. We agreed that it was even more worth visiting at half price!

But neither she nor I will ever buy a Dickinson & Morris product after this promotion. I wish I could now boycott English Heritage as well, since they are complicit in the promotion, but they run the properties I want to visit, and no-one else does.

This limited set of terms and conditions is a cheat. Who calls the number from the store, especially at the stated rate of £0.19 per minute? Who goes to their website in the store? Who actually checks these things until they try to take advantage of them.

This marketing campaign backfired on Dickinson & Morris. I don't mean that this blog is so important and widely read that they will forever feel embarrassed by this article. But Google has a long memory, and, in years to come, when "Dickinson & Morris Melton Mowbray Pork Pie" is searched for, this article will be up there, like all the other articles that praise and blame them.

We'll eat the pie. Of course we will, though I feel much more like travelling to Leicester to insert it where the sun don't shine. I expect it's great quality, unlike their marketing campaign, and easy to digest, unlike their marketing campaign. The castle is on a very steep hill. I expect we'll use a pie's worth of calories as we walk around the place.

But it rankles. The question I have for their marketing director is "What did you expect the reaction to be?"

This is cynical marketing, with hidden terms and conditions that they can attempt to argue are in plain sight, but the truth is that such an argument is weaseling out of a commitment.

I wonder if the Advertising Standards Authority covers pie wrappers? I'll ask them on Monday. Meanwhile, see you in Dover!

And I'll let you know if we liked the pie!

Sometimes even the best marketing gets ruined by an ego

I have just recently had two different guests from abroad. I often take guests up the river Thames from Westminster to Hampton Court on one of the several vessels that sail under the WPSA flag. The WPSA seems to be a loose booking co-operative for five different vessels.

The marketing is good enough. After all, the market is pretty captive. Tourists looking for a day out. The major shortfall is the fact that you need real money, not plastic. And yet that hardly matters unless you're at the ticket window with no money.

The vessels are all old, except the Cockney Sparrow. They have style. Though I've never liked the lines of the Clifton Castle, I still see it as having style. I'm still ignoring the Cockney Sparrow - far too new for my taste.

The skippers are Watermen, deserving the capital letter. They've served a full apprenticeship and are skilled at their job, which is to skipper the boats, with up to 200 or more passengers, safely and broadly to time on the tideway and then upstream into the non tidal reaches above Teddington. And Watermen tend to be 'characters'.

Each trip was different. The Connaught's skipper gave us a non intrusive commentary for the first 30 minutes or so. He gave us facts and amusing snippets. He left gaps so we could relax and enjoy the tideway. The commentary was wholly in keeping with the ethos of the vessel, and the laziness of the trip upstream

Yesterday I was on the Kingwood. The wheelhouse held two souls for the trip and we received, or rather were subjected to, a highly intrusive commentary which held the political opinions of the man on the microphone. We had the lot. There were facts about the river and the views, of course there were. And those facts were different from those presented by the Connaught's skipper in many ways. There were good opinions, exemplified by the suggestion that all riverside building should have its materials shipped in by barge, not by road. But, and this is the ruination of the marketing, there was a political tirade interwoven with the facts all the way from Westminster to Kew.

We got under way at 11am, and arrived at Kew at 1pm. That's a lot of harangue. And that ruined a good part of the trip for me. I was embarrassed to be aboard, and embarrassed to be the host of my small party. If a shopkeeper did that to me while I was buying meat I could leave his shop. But the vessel is a self contained world and leaving is impossible.

All the careful promotion prior to the trip was undone by the harangue artist. Marketing was unmade by an ego. That trip's passengers are unlikely to recommend it to their friends. And that is a major point for this kind of marketing - word of mouth spreads. It means I may think twice about suggesting such a trip myself next time I have guests from abroad, which is a huge shame.

However, I have suggested to the WPSA that they review this particular commentary, so I suspect that it may be toned down some. I will risk it. But I may try to discover which vessel is on duty on the day I choose!

I hate it when good marketing is ruined by people who fail to understand what they are doing to their business. And, with this loose co-operative, he is ruining other people's business as well.

The Batphone and the older person

The old rotary dial telephone was very complex compared to the old, operator serviced, 'pick up the earpiece and rattle the bar' phones that preceded them. The mobile phone, even a simple one, can be a bewildering item.

When first using a small housebrick, laughingly called a mobile phone in those far off days when we had analogue and only analogue, I was surprised that I had to use the entire dialing code. Logic says "of course you do", but custom and practice when using a landline said "but it's local". It took a leap of understanding to see that there is nothing local to cellular telephony. Today I see this as normal and natural.

When my mother, 88 years old, and in full possession of her faculties, albeit currently hospitalised, said to me "I think I need a mobile phone," I gave it only enough thought to get me to the store for the network where I can call her free, and buy the cheapest, least functional, longest battery life and talk time, small pay as you go phone. It needed no other thought.

At the hospital I presented her with the phone, preloaded with the numbers of her nearest and dearest, with a PIN on 'switch on' to protect her prepaid minutes. And, good son that I am, I showed her patiently how to work it.

The PIN had to go. That was too much to handle. The on/off switch is the red button, so closing a call has the ever present danger of switching the phone off each time. Thus a PIN was a negative benefit, one more thing to go wrong.

The programmed in numbers were confusing. The scroll button on this phone is very simple to use - it's a 4-way joystick thing, and you can navigate easily. That is, you can if you are used to 4-way joysticks. If you are used to pressing the buttons on your home landline phone and only that, then having functionality in a phone is an alien concept. And scrolling through the numbers it was apparently easy to get confused about which number was highlighted.

Even answering the phone was hard. The green button is so tiny that elderly fingers miss it easily. And I can't find the menu option for 'any key answer', so that helps not at all.

And the fact that calls were "local, so we don't need to use the full dialing code" came up almost at once. That one caught me too, once, so I was sympathetic.

We're back to ease of use, here. The current handsets are so packed full of functions that most people ignore that they are hard to understand and use. The buttons are tiny little things and are unsuited to elderly fingers. The displays are tiny and not suited to elderly eyes.

"You should have got the old person's phone," I was told.

"There's a phone for older people?"

"Yes. It has large buttons and a big display. It's perfect."

I should have got the old person's phone. But how was I to know that one existed in the first place? There was nothing in the store to offer a geriatriphone, so how on earth woudl I have found it. I just experimented with the Vodafone UK site, and, under 'disability services' there is some hope:

We know that people can be put off by the thought of having to use complicated bits of technology. But using a mobile phone needn’t be daunting, and we’re committed to making our services easier to use for everyone.

In particular we’re determined to make phones and services more accessible to the elderly and to people with disabilities.

OK, so far so good. 'Find out more' says:

As well as specialist phones for people with disabilities, we have phones and devices designed to make it easier to communicate via email and the internet, including BlackBerry® and our Mobile Connect Card.

Then, unless I am deaf, I run out of help. Where, oh where, is a limited functionality, big buttoned, understandable phone?

The marketing just runs out. There are no signposts on the web site for geriatriphones. Pouf! Gone. Even Hercule Poirot's little grey cells would be bewildered.

Unless, of course, you know different!

Update on mobiles and hospitals

Mobiles are both welcome and unwelcome. It depends, probably reasonably, on individual ward policy, and (I am guessing) the intrusiveness or otherwise of the ringtone for inbound calls. And that depends on the ability of the patient to answer the phone.

Outbound calls seem fine, but inbound are deprecated.

Unbelievably naive? Or plain irresponsible and stupid?

The company that failed to prove permissioning has replied to my data privacy colleague. She and I are mutually speechless. Well, almost!

They said to her:

We never buy in lists of email addresses and can assure you we did not obtain your details in this way.

We do obtain information in various ways and our system does not record the particular method used for each person added to the database (this may be a fault in our system).

As you are aware we run seminars on various aspects and ‘Freedom of Information’ is just one. When we run a marketing campaign we try to obtain details of those people who we think would be interested. One of the methods we use is to check websites of companies, groups and organizations like that of [blanked out] County Council.

If we can find the name of a local authority officer then we can guess the email address since throughout the whole country they are in the same format: Forename.surname@localauthority.gov.uk. Your name is on the Council website as the Freedom of Information Officer and I strongly suspect that this is how your details were added to the database. As my colleague advised earlier you have only recently been added to the database.

We are a relatively new company and we are still developing our database and marketing and booking system. I accept that we should have sent you an email asking if you wished to opt into the system and receive emails on relevant seminars. It is as easy however (particularly from our point of view because of the way our system is presently designed) to send you details of the seminars and to give you three very easy ways to opt out of our future email service.

As a small matter in our favour we know that our existing and prospective new customers do not want to be constantly bombarded with email so we make it a rule not to send more than one piece of marketing email a week and wherever possible only to send details of seminars which we believe are relevant and of interest to each individual customer.

I cannot add any further information to the above and if you are not satisfied then I can only apologise again and of course if you wish to report the matter to the Information Commissioner then you must do as you will.

If you are happy to remain on our database and would like to receive information on future seminars then for the sake of completeness would you please let me know and I will mark our database accordingly. At the moment we have ‘unsubscribed’ your details so that you will receive nothing further from us.

So, unfair processing of data, and in breach of the Data Protection Act 1998, and that is the least of their sins.

He says "I accept that we should have sent you an email asking if you wished to opt into the system and receive emails on relevant seminars."

Well, no, he should not. Using email to gain permission is also Spam. He has no clue, and is, simply, a spammer. He also signs himself as "director". Of course it could be a she, but somehow the letter is masculine

I think this is a great example of probably the worst data acquisition practices that I have seen. You do not, repeat not, trawl for email addresses nor do you clone them if you want to have any credibility in running professional seminars to FoI or Data Protection people. This is imbecilic, or very possibly a "We won't get caught" attitude. In either case it needs to be stopped.

I feel that practices like this should be exposed for what they are - Spam - cheap and shoddy marketing by cheap and shoddy spammers. I have a very strong dislike of spam and spammers.

If they ever email me like this I will not be as kind as my colleague (the email is reprinted with her permission). I will name and shame them. And I'll start registering them with databases of spammers.

Carnival of the Mobilists #76

The many varied items are well worth a read. It's here, wide ranging, and hugely informative.

Proving Permissions - Source of Data Record

A colleague on the JISCMail data protection discussion group was emailed recently by a self styled professional purveyor of training courses and seminars. She wondered to them about the source of her data record. They said:

"We have several lists for sourcing our mailing list but unfortunately I am unable to confirm exactly where we sourced your name from. I can confirm that your name was only added recently and you have received this communication as someone who we believed this seminar would be relevant to. We only email people with courses that we think will be relevant to their professional development and professional standing."

Please accept our sincere apologies for any inconvenience we have caused. I assure you this will not happen again"

There is a very great deal wrong with this:

1. They show total lack of concern for the person they are marketing to. This is a self centred, not prospective customer centred reply
2. Recently added records are the easiest to track. This is a lazy reply
3. "We believed" says it all. It says "We never had permission, we just rented a list and blasted our stuff to it. You really do not matter to us"
4. No permissions to market seem to be recorded or referenced
   

It gets even more fun with the potential theft of data. When you rent a list for marketing use, you rent it for:

• Single use
• Limited (and counted) uses
• Multiple use
• Perpetual use

If you are regularly renting lists and are unable for many reasons to do this on a net names basis, then you will rent the same name more than once in many cases. If you don't record all the sources of the record and the number of times that record has been used and the date of expiry of the right to use the record from that source then there is a large risk to you as the marketing organisation that you will overuse your lawfully rented quantity. Overuse is theft.

So this organisation has not only told my colleague that they don't care about her at all, they've told her that, potentially, they will be stealing records from their suppliers. And they have said that they really don't care about her permission.

I hope they emailed her at her private email address and that she can thus show they also broke the Privacy and Electronic Communication Regulations. Shoddy marketing should never go unpunished.

There's more!