Background
Back in April I mentioned on another blog that I'd encountered a more extreme example of breach of DPA / PECR and would be taking the matter more seriously.
Now the dust has settled I can speak more about it and add details / guidance principals.
In most cases I'm more than happy to rifle through company details, back-check organisation structures and determine the actual origin of the spam. Often it reveals that someone somewhere is trying to make a fast buck from your personal information without consent - and without compensating you for the pleasure.
Usually a combination of ASA and ICO complaints ensure that you'll never hear from the spammers again but occasionally someone really takes the biscuit.
Hand In The Cookie Jar
Twitter is an enourmously useful tool as it can augment your own opinions on a brand, organsiation, person or fact with a vast variety of 140 character masterpieces. When I started getting unsolicited emails from MyJobMatcher in January 2015 I noticed that there was a large group of people in the same situation - having been emailed job adverts from a company we'd never heard of, never subscrubed to and never given any kind of consent for any of the above.So...no accounts had been compromised but personal information had. Maybe a recruiter got hacked or a jobs board?
Others have also blogged about the specifics of the privacy breach so I'll leave you to read their posts
Twitter's thoughts on new careers site @MyJobMatcher - http://t.co/vXFTrnWRkE
— Steve Higgins (@Higgypop) March 24, 2015
@ICOnews please investigate http://t.co/9ExEnG9ydb and http://t.co/GD3P1e1YIZ who passed @MyJobMatcher subjects' details w/o permission
— Tim Glynn (@thestigs_cousin) March 30, 2015
@DBMediaUK @officialjacwild They've been at it for a while. Claiming they bought data from "verified" offshore source outside of the EU
— Rex Lampier (@thread_puller) March 23, 2015
But simply search Twitter for MyJobMatcher from early January to April for more of the same.I got in touch with MJM with an initial Subject Access Request (SAR) to find out who they were and what personal information they had....And although I got an auto-response from their support system to say the message had been received (v. useful in DPA / PECR cases) I heard nothing for a week, yet continued to get spam about jobs that had very little relevance.
Before raising an ICO or ASA complaint it's better to check what details are involved and how they arrived at their destination. I can say with confidence that I don't subscribe to newsletters nor do I enter prize draws so know the usual flagrant response of "...you must have signed up for it somewhere..." won't fly.
First up someone on Twitter suggested getting in touch with Mandrill at help@mandrill.com - they were nice as pie and sorted out the spam straightaway. I coul dhit "unsubscribe" but it's better to hit the distributor so they know there are other issues with a particular client. In other cases I've been involved with companies have been banned from using marketing distributors entirely because of this.
I'm going to ramble on a fair bit so will break the posts down into chunks.
On to part 2
