Oliver Moore sending email to PH members
Discussion
Fidgits said:
Hoofy said:
DonnyMac said:
Hoofy said:
Mistakes happen but I'm surprised you don't use something like MailChimp.
Because that would be breaking the Data Protection Act too (can't store EU data on US servers).Hold on, I get what you mean - they probably are.
Wait, is that an EU directive?
Data protection principal 8 states you cannot store personal information outside the EEA and is a UK law.
EU privacy directive reinforces the requirements to adequately protect personal data that you store or process.
I think
T'is my job as linked from my profile.
markiii said:
longshot said:
What do you guys do with our e-mail addresses?
It may be just a coincidence but a week or so ago I received a junk e-mail on a not commonplace subject I'd been posting about roughly 10 minutes earlier
You've seen the way their adverts work, and PH uses more tracking bots these days than any other website I've come acrossIt may be just a coincidence but a week or so ago I received a junk e-mail on a not commonplace subject I'd been posting about roughly 10 minutes earlier
Wouldn't surprise me at if they are monetising our email addresses
It's likely to remain forever a mystery.
Illforever said:
So it would seem escalating this to the ICO is the thing to do then?
The fob-off might have been weak (and used before), but it's hardly the end of the world (and I'm on the list of emails). Reports to the ICO need to include how it has impacted you etc and only after you have corresponded in writing with the company of concern. With very little regulatory power, a training need would probably be highlighted - PH nod politely, then it's forgotten about until the next time.
Might have been good to actually say what the breach was in that second email. The first one ended up in my junk folder so I didnt notice it. I saw the second email and had to come here to figure out what the breach was. Poor show.
petrolbloke said:
Not sure Data Protection has ever been PH's strong point, given that the login form is not https.
I wonder if our passwords are salted and use decent hashing algorithm?
Also I've never noticed this but not having https on the login page is unforgivable. This needs to be fixed asap. From what I gather you are using Thinktecture Identity Server as an STS which enforces https unless you override which should never be done in a production environment (this is made clear in documentation). Can you shed some light on what's going on here?I wonder if our passwords are salted and use decent hashing algorithm?
Ollie_M said:
We have looked into this and it was caused by a human error, it was a university student who is currently here on work placement
No, it's a gross failure of management to manage the business.So rather then blaming this hapless student, why not identify the manager responsible for this shambles.
What does the Data Controller at Haymarket actually do all day? It clearly doesn't involve controlling any data...
Ozzie Osmond said:
Ollie_M said:
We have looked into this and it was caused by a human error, it was a university student who is currently here on work placement
No, it's a gross failure of management to manage the business.So rather then blaming this hapless student, why not identify the manager responsible for this shambles.
What does the Data Controller at Haymarket actually do all day? It clearly doesn't involve controlling any data...
Here's a link to Haymarket's job vacancies in the UK. Nothing there yet for a new "Community Experience Manager".
http://www.haymarket.com/work-with-us/build-your-c...
http://www.haymarket.com/work-with-us/build-your-c...
PH,
Your email is an abortion. Why didn't you explain what the breech was, before using your "it was the new guy" excuse?
I opened it and am thinking- what data breech? OK my PH password is site specific, so no real danger there. H0wever, from competitions and adverts you have my name, address, telephone number, card details, the lot.
What did you expect as a reaction to someone receiving that? That we'd know instantly it was failure to BCC? Talk about creating a flap over something relatively small.
Oh, and FYI, it wasn't human error. It's your system at fault for having s
t controls. A correctly set up operation wouldn't let "human error" enter the fray, and a proper quality team wouldn't simply blame a student, they'd put controls in place to stop it reocurring. Guess you're not aiming for ISO9001 any time soon?
Your email is an abortion. Why didn't you explain what the breech was, before using your "it was the new guy" excuse?
I opened it and am thinking- what data breech? OK my PH password is site specific, so no real danger there. H0wever, from competitions and adverts you have my name, address, telephone number, card details, the lot.
What did you expect as a reaction to someone receiving that? That we'd know instantly it was failure to BCC? Talk about creating a flap over something relatively small.
Oh, and FYI, it wasn't human error. It's your system at fault for having s
t controls. A correctly set up operation wouldn't let "human error" enter the fray, and a proper quality team wouldn't simply blame a student, they'd put controls in place to stop it reocurring. Guess you're not aiming for ISO9001 any time soon?Gassing Station | Website Feedback | Top of Page | What's New | My Stuff