Email Contacts
Discussion
Had this situation pop up the other day, I suspect I know the answer but it threw up an interesting few scenarios.
A couple of years ago I emailed a popular national dent repair company and gave my email address for a quote, the quote came back via an individuals emails address i.e. personsname@dentcompany.com. I declined the quote and that was the end of it.
Two years down the line the individual concerned emailed me directly saying they had set up their own business after x years at above company and was reaching out for work. from personsname@owndentcompany.co.uk
I felt like this was pretty poor process from national dent company, that clearly they had a process which allowed ex-staff to walk out with a list of email addresses. But then how could they stop him? I said to the chap he shouldn't be taking databases of names and then emailing them but he said as we had contact previously he felt it was fine to contact again - in a similar way if you worked at say in an office, met a customer, then moved to another business, contacting that customer again.
I guess blatantly copying a whole list of email addresses whilst at first company and then doing a mass mail out (using mail chimp) at his newly created company is bad, but if he had 'worked' with those people previously and had say memorised some of those email addresses it would be fine?
A couple of years ago I emailed a popular national dent repair company and gave my email address for a quote, the quote came back via an individuals emails address i.e. personsname@dentcompany.com. I declined the quote and that was the end of it.
Two years down the line the individual concerned emailed me directly saying they had set up their own business after x years at above company and was reaching out for work. from personsname@owndentcompany.co.uk
I felt like this was pretty poor process from national dent company, that clearly they had a process which allowed ex-staff to walk out with a list of email addresses. But then how could they stop him? I said to the chap he shouldn't be taking databases of names and then emailing them but he said as we had contact previously he felt it was fine to contact again - in a similar way if you worked at say in an office, met a customer, then moved to another business, contacting that customer again.
I guess blatantly copying a whole list of email addresses whilst at first company and then doing a mass mail out (using mail chimp) at his newly created company is bad, but if he had 'worked' with those people previously and had say memorised some of those email addresses it would be fine?
His contract of employment should state that it would be intellectual property etc I would think?
It's the second time in two days I've mentioned data breach (GDPR), you could ask him to remove you from his database and provide evidence to support this, likewise he should have asked for your consent to retain your details in the first place.
It's the second time in two days I've mentioned data breach (GDPR), you could ask him to remove you from his database and provide evidence to support this, likewise he should have asked for your consent to retain your details in the first place.
Freakuk said:
His contract of employment should state that it would be intellectual property etc I would think?
It's the second time in two days I've mentioned data breach (GDPR), you could ask him to remove you from his database and provide evidence to support this, likewise he should have asked for your consent to retain your details in the first place.
Yes I asked him to remove me which he said he did (and cited an IT team which is odd that a stand alone dent guy would have an IT team) - I suspect he lacks experience in data protection, thought he could take the contacts and do a mail out, he did have a section on the mail out headlined as GDPR saying I should reply to opt out, but I didnt get the chance to opt in which is the fundamental flaw in the first place It's the second time in two days I've mentioned data breach (GDPR), you could ask him to remove you from his database and provide evidence to support this, likewise he should have asked for your consent to retain your details in the first place.
But yes agree that all work, processes, etc. under employment are assets of the business not the individual.
petrolbloke said:
Definitely sounds like a breach of GDPR.
I think you should notify the company he obtained your details from - they should investigate and may need to report a breach to the ICO.
Yes I know, its what I thought, but then he is a chap trying out on his own, probably has a family to support etc. and didn't want to bring the ICO down on the dent company and him. Bit of a moral dilemma really as he is clearly using PII that he had no right to take from his previous business. I think you should notify the company he obtained your details from - they should investigate and may need to report a breach to the ICO.
coldel said:
Yes I know, its what I thought, but then he is a chap trying out on his own, probably has a family to support etc. and didn't want to bring the ICO down on the dent company and him. Bit of a moral dilemma really as he is clearly using PII that he had no right to take from his previous business.
The ICO are very unlikely to come down hard on a one man band dent company based on my experience of reporting things to them. They are more interested in big breaches and guiding people to be compliant. They don't have the resources to investigate and penalise for relatively small breaches.I would report it to the larger dent company - how they deal with it is up to them. If they hold their hands up and deal with it properly it's unlikely to do them any harm, but if they try to cover it up and something later comes out in the media that's probably something most companies would be keen to avoid.
Other customers that have had their details leaked by the dent company should be informed.
petrolbloke said:
The ICO are very unlikely to come down hard on a one man band dent company based on my experience of reporting things to them. They are more interested in big breaches and guiding people to be compliant. They don't have the resources to investigate and penalise for relatively small breaches.
I would report it to the larger dent company - how they deal with it is up to them. If they hold their hands up and deal with it properly it's unlikely to do them any harm, but if they try to cover it up and something later comes out in the media that's probably something most companies would be keen to avoid.
Other customers that have had their details leaked by the dent company should be informed.
I get that the ICO wont come down on one man band, but implications are that the dent company will ask me who it was, and then it harms him. In an ideal world simply report it, but it could be by doing so the chap loses his business and livelihood when he is just a guy in his late 50s who is a bit old fashioned who doesn't understand how it all works.I would report it to the larger dent company - how they deal with it is up to them. If they hold their hands up and deal with it properly it's unlikely to do them any harm, but if they try to cover it up and something later comes out in the media that's probably something most companies would be keen to avoid.
Other customers that have had their details leaked by the dent company should be informed.
coldel said:
I get that the ICO wont come down on one man band, but implications are that the dent company will ask me who it was, and then it harms him. In an ideal world simply report it, but it could be by doing so the chap loses his business and livelihood when he is just a guy in his late 50s who is a bit old fashioned who doesn't understand how it all works.
What happens if he then shares that information with someone else? What controls/processes does he have in place to ensure that this information cannot be obtained and leaked again?The fact that he stole this data in the first place should tell you what he thinks of data protection and how he is using it to better his own livelihood, but hey he's in his 50's and a bit old fashioned so that makes it OK.
Data theft.
It's quite common and particularly difficult to prove even when his previous employer might have access to printer instructions etc.
Becomes a worthless exercise to pursue much beyond leaking info to the thief that you (the employer) know what he has done in an effort to wind him up a bit.
It's quite common and particularly difficult to prove even when his previous employer might have access to printer instructions etc.
Becomes a worthless exercise to pursue much beyond leaking info to the thief that you (the employer) know what he has done in an effort to wind him up a bit.
Gassing Station | Jobs & Employment Matters | Top of Page | What's New | My Stuff