Tuesday 31 March 2015

Dodgy Data Distraction



You have to love the Daily Mail. They do love a scare story. Yesterday it was your pension data being sold for 5p to unscrupulous cold-callers by allegedly dodgy data companies. Shock horror, we will never be safe in our beds again!

I caught up with the story on the Today programme and heard Chris Graham, the Information Commissioner himself, living up to my nickname for him of Genghis Khan. He was threatening immediate investigations into B2C Data, the company the Mail outed, with his usual £500k fine and a bit of decapitation if the guilty were found guilty.

But just hang on a cotton picking minute. The accusation here was that personal financial information was being passed on (sold) without the knowledge of the individuals concerned. Well the B2C website isn’t exactly hiding its activities under a bushel, Mr Daily Mail. Their website boasts of their 38m strong database and suggests that it has been compiled from a large number of syndicate partners.

So this is not necessarily dodgy and that is what the Daily Mail, the Today programme and the man in the street fail to realise. Every time we apply for something...a mortgage, a phone, a credit card or even a holiday...we freely give lots of information, and somewhere in the small print will be a box to either tick or untick talking about sharing that data.

It’s the junk mail box if you like. You are opting in if you tick it to agree and opting out if you tick it to disagree. And whether you opt in or fail to opt out matters.

All email data to consumers ought to be opt in, by law I believe. Genghis will know this. If you agree to receive emails, lo and behold you will receive emails. Your address will be sold to all and sundry for a few pence. Mine seems to be sold to Viagra salespeople and purveyors of gentlemen’s entertainment but that might just be spam. There is a difference between unsolicited marketing communications and spam you see. One you have agreed to, the other you haven’t.

So, just what are the Daily Mail objecting to here? If B2C are selling data without the required permissions/opt-ins from their syndicated partners, everyone will be in trouble. I am not saying it doesn’t happen, because it does, but the real charlatans are not trumpeting their wares on a web site in my limited experience.

I am afraid the much more likely scenario is that this is all essentially above board. Companies like B2C amalgamate data from a variety of sources and if you as an individual appear on their database it will be because you gave your information to one or more of those sources. If those sources are legitimate they will have asked you a question about selling your data on and you will, perhaps unwittingly, have given them permission to do so. It may have been asked sneakily, it may have been an auto-ticked box on a web form that you failed to notice, but it will have been done.

So what data are they likely to have? Well, basically anything you have ever filled out on a form applying for something. Name, address, phone number, spouse, number of kids, email, mobile and middle name for sure. Salary, job title and number of years in your job. Probably. Nothing startlingly private. Ok, I know it is not stuff that you want published in the Daily Mail, but it is not really doing you any harm appearing on a database, and remember, this information is really only going to be used to select you to receive a phone call or email.

A marketing database is a prospect list, and someone trying to get you to unwisely take your pension now in cash (the threat the Mail was highlighting) will have used your salary to bracket you. He/she earns above X so he/she will likely have a pension of X so is worth a call. Or he/she is this age and earns that, so he/she is a target. Every piece of information they have on you is a selector, and really nothing else. And companies like B2C charge by selection.

The 5p the Mail quoted probably won’t get you a lot more than email, name and postcode. If you want the detailed information, you would pay more. And this information has been on the market for years, both legally and illegally. No doubt, as the Mail says, some of this information ends up in the hands of criminals, but I am not sure you can necessarily blame B2C for that.

This needs investigating of course, but if the accused company have been aggregating data from multiple sources legally, making sure that the opt-ins and outs were all done properly by their syndicate partners and then cleansing and managing their database correctly, I hope they sue the backside off the Mail.

Data is a very misunderstood commodity. We all create it and give it to people without really thinking about what we are doing. As a marketer, I want your email address and your permission to use it. In B2B, my field of expertise, there is much less regulation on this sort of thing but I still want your permission, tacit or proactive, because the communication is more rewarding that way.

The aggregation of business data is every bit as sly as the consumer stuff. For instance, Companies House happily sells its data on every business registered with it for a nice fat fee. Then the data companies start adding to this basic registered address and directors info by overlaying directory data to get trading addresses and phone numbers. Maybe some research will be done at some stage to pick up some contact names and bingo, you have a list.

You may not realise that you gave your data away. You may have been slightly tricked into not noticing the box which would have stopped it all. But you have done it dozens of times. We are all on hundreds of different lists. Just one example you probably do not realise, the Bounty rep who called on you or your partner whilst you were recovering from the birth of your baby. They gave you some nice freebies and took some information off you, and that information is one of the most valuable data sets in the country. New parents are an easy touch you see, like prospective pensioners. I wonder if the Mail will investigate that?

The moral of all this is that it is never good to give your data away. Find the box if you are filling out a form and find a responsible data security and recycling professional if you disposing of any old computers! Simples.

Monday 30 March 2015

One of our laptops is missing!



If you lost your laptop this morning what would you be worried about?

It is a good question, isn’t it? Inconvenience springs to my mind. How long would it take to get a new one sorted out? In the office, IT could probably sort me out with an old desktop. I could log on to the network but most if not all of my documents are on my own hard drive. I am not great at saving to the shared drives. 

So it is going to be a mess.

Not to mention the embarrassment of admitting it. And reporting it. And just how am I going to do that presentation on Thursday with no laptop? Which incidentally I have to re-write because the file was only saved on the laptop. No backups.

And then I realise something else. Lots of things are on that laptop. The staff budget for a start. A lot of salary information, even National insurance numbers. That big confidential contract. I saved that to the hard drive so that I could go through it one last time over the weekend. Oh and I used it to do my personal banking...what about my own account details?

Scary isn’t it? I have never lost a laptop or had one stolen but I know lots of people who have. And of course many a data breach has been caused by this sort of thing. Stolen laptops give up their secrets in the wrong hands.

And yet, guess what? When we change our laptops, do you give a second thought to the old one? I have given mine back to IT loads of times, and never worried about it at all. It was safe, in the hands of the professionals.

Redundant things are forgotten about. You have your new toy and the old one gets tucked away somewhere. In the old storeroom with that broken chair, 3 old desktops, that old server, the table that used to be in the conference room, an old projector. When we replace the accounts PC’s in April we will think about having a clear out.

And so the risk calculator rises up into the red right there. We have company assets, all neatly recorded in a register by the financial controller, but he has no idea where each one is. It is just within the company somewhere. He will only be told if it is disposed of. And the person responsible for company data, the nominated data controller, is not worrying about stuff in the IT store. It is safe enough. No one ever goes in there.

So life goes on. You replace the accounts PC’s and a fax machine in the sales office dies. The store is quite full but everyone is flat out rolling out Windows upgrades. Clearing out the storeroom is not a priority.

And then the board approves the new budget and you can replace all the laptops, get those new servers and upgrade the mobile phones. The whole team are flat out on procurement, working to a deadline, and young Damian is told to clear out the storeroom. Get someone in Damian; recycle like it says on the company website. ACME Widgets PLC support the environment.

Damian is a willing lad, of course. Bright too. He had his NVQ in IT and everything. He has a word with the boss to check his brief and does some research. There are rules. You cannot just dump this stuff, and you need to think about the data.

And this is where it all goes Pete Tong of course. It is now down to luck who Damian rings and what he is told. If he is the conscientious sort, he might do ok, but if he is just a box ticker, and if the boss expects to get his storeroom cleared for free, ACME Widgets could be about to lose more than one laptop. They could be about to help the criminals load them into the van. And they would be none the wiser until they hear the Mongol hordes ride into the car park and see Genghis Khan leap out of the saddle, scimitar in hand.

Ironic really. Leaving one laptop on a train is careless, giving 20 to Arthur Daley is negligent. One allows you to claim on the insurance, the other gets you a £500k fine. But which do we actually worry about most?

I once had an employment contract which stated that I must not leave company property in the boot of my car. They meant the laptop. Now you could add in the Smartphone I suppose. They were intent on taking disciplinary action if negligence allowed a theft. I am sure someone in HR is writing a clause or two about bringing your own devices into work these days, and using the company wifi to do all sorts of things that might cause a data breach. Meanwhile, down in the storeroom, Arthur Daley is picking up another load of redundant IT equipment for free.

It’s not as if people have not been fined for this sort of thing. The deterrent is there. But it does not happen enough to worry anyone. The threat is not as ‘real’ as someone breaking into your car and stealing your laptop.

We all carry our data around with us and theft or just plain misplacement is a daily problem if, like me, your brain is addled with age. I can barely remember my name, let alone where I put my phone so you can see the problem. But what has to happen to raise the awareness of what can happen when we throw things away?

For you sake, I hope it is not a £500k fine.

PS
Did you hear Genghis on the radio this morning? The Daily Mail have done an expose on pension data being freely available on the dodgy deals front and Chris Graham rolled up on the Today programme threatening beheadings and £500k fines to all and sundry. There was a huge assumption made that all the data involved had been collected illegally. 

That may well be true but the story the journalists should be following up is how this data is collected and what permissions are being granted by the consumer at the time. For instance, a lot of the data was allegedly mortgage application data. If a box has been ticked (or not unticked) to say the data can be used for marketing purposes, it is not illegal data and it is just another Daily Mail scare story.

More on this subject another day.

Friday 27 March 2015

Spock says it is not logical



Hoarding is easier. I think every man knows that deep down, but most of us live with women who do seem to get an extra chromosome...the tidy gene. At home that means the remote control does not live on the sofa and that newspaper from last Wednesday is not going to turn into a fixture...if you want to live. But at work, we have rather more power and I have never known a store cupboard or room yet that is not a male preserve.

I am not being sexist here. I am all for equality and have personally never craved storeroom control but it is just a fact of life. Where there is a growing pile of junk a man is involved. He naturally sees the effort and potential problems involved in getting rid and has never yet derived any real pleasure in seeing any space clutter free. It only a member of the fairer sex who can spend countless hours cleaning a room and then declare that it was all worthwhile because it looks so clean and tidy. A man would much prefer to close the door and watch the footie.

So the storeroom tends to fill up over time. There are the stores of course...the paper, maybe some toner for the printers, a bit of stationary...but the most interesting stuff is the waste. You know what I mean. The stuff we all know we are finished with but getting rid of it completely would take some real positive action. The broken chair, those old filing cabinets, that fax machine no one was using anymore, the accounts printer that only prints when it feels like it and that old desktop that crashed last month.

This is the stuff you cannot put in the bins round the back of the office. It’s easy to get rid of waste paper and discarded coffee cups and milk cartons. You have bins for that and the collection is all arranged on a bi-weekly basis with that nice man in the hi-viz jacket, but he does not take broken chairs and he does not take old computers. And the old computers are tricky. Dimly in the back of your mind, you remember that it has a hard drive. You cannot just throw that away. So putting it in the boot of the car and slipping it down the local tip is not really an option. You know you are not supposed to do that with business waste anyway but the hard drive worries you, a little. Not enough to do anything else but stack it in the storeroom though. Because it is safe there. Out of sight and out of mind.

Except that is not the answer. Not forever. Eventually the storeroom gets full. Eventually someone with influence suggests that it looks like a tip in there. Sooner or later you are forced to face up to the fact that this stuff has to go.

Ideally at this point you realise that your first priority should be data security, closely followed by the demands of sustainability. In other words, get it data clean then recycle it. And herein lies the problem of course, because it is at this point where some people get the impression that someone will clear their storeroom for free, whilst meeting their various priorities.

Let’s recap. This is waste. You know it and I know it. Not only has it been in that storeroom since Clive Sinclair last had a glint in his eye but it was put there because it is BROKEN. Your list of stuff includes a few bits of IT equipment, a few bit of general WEEE and some broken down old office furniture. And yet you expect someone to come and get it, give you all the right paperwork, erase your data and recycle the kit for...nothing.

Sorry Jim, this is not logical. And the problems are all caused by people not understanding what we are doing here. This is about the data and the planet. We all have a legal responsibility to protect the data we hold that concerns other people. That sounds reasonable to me. I do not want any business or organisation that has my personal details risking any sort of breach thank you very much. And the government and the European Union take it seriously enough to pass laws making it illegal, with very large fines. Quite soon directors will be held responsible, and could end up going to jail if they are found guilty of some seriously nefarious data related disaster.

So before you hand your entire database over to some free collection service, be bloody sure that they are going to do things properly....for nothing remember. Of course sir, your data will be rubbed out using a J-cloth and some white spirit, when old Joe gets around to it. Well if old Joe gets around to it. Nothing really to worry about, because we will be sending it to Africa anyway...

Which brings us back to the planet. Tossing your data away might cost you £500k, which turns a free collection into a very expensive mistake. But not ensuring that your equipment is properly recycled is quite literally a crime against nature. I am relatively new to this industry but I have come to hate landfill, and the idea that we can countenance so many people cheating the regulations to make a profit, or in our example’s case save a few quid.

I am beginning to resent losing orders to these free services. Part of that is my natural inclination to compete. I like winning you see, and therefore hate losing. I am not and never have been a good loser. I make Arsene Wenger, Jose Mourinho and Alex Red-Nose Ferguson look positively cheery by comparison with me. But that is because they usually play on a level playing field.

£100 to get rid of a pile of junk legally, morally and responsibly is not a bad deal. Nothing to get your database on eBay and your old equipment into landfill in Ghana is a terrible deal.

Thursday 26 March 2015

African Roulette



I am 53. I am also a cynical old git. I understand Murphy’s law and appreciate irony. Nothing much surprises me anymore and almost everything annoys me. I mean it. Everything. I have even been known to moan about cute kitten pictures on Twitter. But at the end of the extremely long day I do understand business and I realise that you win some and lose some.

Sales are like that. Getting a new customer is that perfect conjunction of proposition, need and timing all coming together at just the right moment, like an orgasm of sorts. Make the first call a day later and you might miss out. Call too soon and the need might not be front of mind and the chance will never come. So there is no point in beating yourself up about a loss. If you did your best, you just dust yourself down and move on, perhaps allowing yourself a rueful grin.

Every business should have values. There should be lines that we will not cross no matter what. Sales people do not like lines, rules or boundaries, but we need them, to keep us honest and to make sure that the bills get paid. Here in eReco land, we have some values. We are passionate about sustainability and very against anything unnecessarily ending up in landfill, for instance. We are uncompromising about data security because the consequences of being slapdash are so appalling. And we firmly subscribe to the theory that there is no such thing as a free lunch.

Take our toner recycling service. We courier out a box that holds about 20 cartridges, bottles or whatever toner comes in these days, and you call us when it is full. Then we come and get it, give you some nice paperwork and charge you £34.50 for the privilege, whilst guaranteeing that nothing will end up in landfill to boot. Simples. And yet some people are horrified that we charge. Honestly. Other people do it for free.

No they don’t. Recycling the toner may come with your printer package, lease or whatever, but it is not free. You are paying for it in the price. Your stationary supplier may take your old stuff too, but only if you buy new ones from them, so again you are paying for it in the price. Don’t be fooled by the word free. It remains relative.

The same is true of the free IT equipment collections. You have to read the small print. You have to find out where they are cutting the corners to pay for their labour. Is it on your data? That data which could cost you a £500k fine if it all goes wrong? Free is turning into a bit of a gamble. But when I pop this little objection onto the table you would think that I had insulted some people’s intelligence. Of course they are removing the data. What with? Fairy liquid?

The next cliché that comes trotting out is the charity one. It’s for charity. We have donated it to children in Africa. Well let me tell you something mate, Africa don’t want it. They have said so. Their governments are starting to ban it. They would quite like some food, maybe some clean water and a few Paracetemol but they are fine for 8 year old desktops thanks very much. The odd Harrier jump jet would be much appreciated, but they are OK for battered LaserJet’s. And the only children who get to see most of this stuff are the ones working the acid baths trying to get the precious metals off the mother boards.

So a free lunch is a bit like playing Russian roulette. There are a lot of possible outcomes here, one of which is that you get exactly what it said on the tin. Don’t get me wrong here. I understand Murphy’s Law and you probably won’t be the one that gets caught out. That is why I always say that this game is about risk management. Using a free service and not really knowing what they are going to do with your stuff is taking an unnecessary risk.

Which you might think is fine. But I don’t like the other outcomes. If the ammunition chambers rolls round to the wrong place, someone gets hurt. Your company, financially. Maybe fatally if you cannot stand a large fine. It will not do the reputation any good either. The environment too. Some kids in Africa. It’s all just a little bit distasteful for the want of paying a few hundred quid.

And yet, I am a cynical old git, of course. So I write another post for this blog and hope that just one person reads it and changes what they do. I don’t expect to make a difference but I know I have to dust myself down, pick myself up and start all over again.

But stop it with the pesky kittens, ok?