Re: UKNM: More viral stuff......

[Silas Denyer]

Has anyone any feeling as to the rights / wrongs of taking an email address

by way of referral, collecting the email address of the referrer, and

sending the referral email stamped with the referrer's email address in the

From: field - which should lead to any "click reply" complaints going

straight back to the original referrer? (obviously with the appropriate

information contained within the email itself to show who you are, what you

are doing with the data, and so on...)


Re the DPA, etc., if you do nothing more than pass the data you refer

straight into an application which generates an outgoing email address, and

do not store the referral information anywhere other than in your outgoing

mail logs, you're probably on much firmer ground. If, however, you actually

collate a database of those people you've been referred to for any other

purposes I would imagine you are on much stickier ground. It would appear

that the more steps you take to ensure that the data cannot be accessed or

otherwise used for any other purpose the better. Does anyone have any more

concrete information?


Debate on!


Silas Denyer



----- Original Message -----

From: "Mary Loosemore" <

MLoosemoreverticalneteurope [dot] com

>

To: <

uk-netmarketingchinwag [dot] com

>

Sent: Thursday, January 18, 2001 1:38 PM

Subject: RE: UKNM: More viral stuff......



> I'm not sure the DPA applies to how data is collected (othr than it being

> lawfully obtained), it focuses on how it's used once it has been

collected.

>

> >From http://www.dataprotection.gov.uk/principl.htm (always v slow to load

> btw, but at least it's now been updated to take account of the new Act):

>

> Principles of Data Protection - The rules

> Anyone processing personal data must comply with the eight enforceable

> principles of good practice. They say that data must be:

>

> fairly and lawfully processed;

> processed for limited purposes;

> adequate, relevant and not excessive;

> accurate;

> not kept longer than necessary;

> processed in accordance with the data subject's rights;

> secure;

> not transferred to countries without adequate protection.

> Personal data covers both facts and opinions about the individual. It also

> includes information regarding the intentions of the data controller

towards

> the individual, although in some limited circumstances exemptions will

> apply. With processing, the definition is far wider than before. For

> example, it incorporates the concepts of 'obtaining', holding' and

> 'disclosing'.

>

> As for emailing the friend, well, my gut feeling is that would be more of

a

> DPA issue - but given the amount of spam flying around these days, I

really

> can't see the DPCommissioner doing anything. The Act is so much wider than

> its predecessor and everyone is still trying to figure out how it

> applies/how it should be applied - widening the legislation to cover

digital

> data has opened up a bottomless can of worms. For their "current" take

(only

> a year old):

>

> http://wood.ccta.gov.uk/dpr/dpdoc.nsf

>

> Let the debate continue!

>

> Mary


[Sam says: msg chopped]