The clues in the name
We were doing some work recently which caused us to look at captured email addresses in detail. We noticed something that had us scratching our heads.
What do you do if you have a supporter record in one person’s name – Barbara Smith for instance – but the email address is obviously for another person – John Smith for example?
Now I’m of an age where most people I know have their own email address. Personally I think it’s weird when a couple share an email or social network presence, but it’s quite common, so there are always plenty of firstname.lastname@example.org email addresses. However, the scenario I’m talking about is less of a share and more of a hijacking of someone else’s email address.
Trusty Sidekicks Mum doesn’t have an email address, so if the need arises, online shopping for instance, she uses Dad of Trusty Sidekicks address. It’s not her email address. They do not use it as a joint email. The question is, has TSM got the right to opt-in TSD’s address to ongoing communications or contact?
We’ve been debating this for over a week now and just don’t know the answer. If it’s a joint email, then we feel that either party has an innate right to use and opt-in. But if you are using someone else’s does that right still exist; after all email addresses aren’t policed in any way?
As a problem we have pushed it, pulled it, turned it on its head but can’t see a way of making sense of it. For instance, what do you do about non-specific addresses? Barbara.email@example.com is easy to identify but what if she was BMS3682@myemail.com? There’s no way we can know if it’s hers or not.
We also started asking questions about the use of work emails. I’m sure at some point I’ve had this discussion but in light of recent events I feel a little lost and cast adrift from common sense. Business email addresses don’t attract quite the same level of protection, under Data Protection legislation as a personal email address, unless the business is that of a sole trader, in which case the individual has no Limited Company status and is afforded the same protection as an individual. But how can we tell if Bob the Plumber who has a bob@RSmithPlumbers.com address is a sole trader or is limited by guarantee? And then you have to ask, if the company that own the domain are limited, how do you treat the individual using their business email address for personal use; as a lesser protected business or a more substantially protected individual?
To be clear on this, I’m not looking for loopholes around the ever narrowing of legal compliance. What I do want is some clarity of this issue so that I can make informed decisions. What I don’t want is to find that in six months’ time the ICO have decided that charities should have segmented their email addresses according to a perceived right to opt-in, which then leaves many vulnerable to prosecution.
If anyone has any ideas on how to navigate this then please share what you know, as I can’t believe we are the only ones that are asking these questions.