According to a recent survey by the National Cyber Security Alliance, more Americans are concerned with the risk of losing their online privacy than losing their own income. Of the 68 percent of those polled who feared for their cyber security, it was noted that their main source of fear was about companies passing their data onto third parties. It was also noted that only 16 percent of people actually read the privacy policies of the sites which have access to their details – an unsurprising figure, though one which doesn’t match with the 33 percent who are actually aware they have this option.
Recently, there has also been controversy in the United Kingdom over major charity organizations who have admitted to purchasing other charities’ mailing lists. With so many people expressing the same concern about where their information goes, it begs the question – just because we think our data is “safe”, should we start accepting that it doesn’t always stay in one place?
Mailing Lists For Sale
The buying and selling of mailing lists remains a legal way for businesses to get data, whether it be on a business-to-business (B2B) basis or about their customers. Where B2B is concerned, the transactions of “list brokers” are heavily regulated, be it how they acquire these lists, or what they are allowed to send in the first place. Companies who engage in this activity transparently are generally aware of what they’re doing when they get involved in this practice, and it is more commonplace (and less frowned-upon) than most people think.
The rules are different when it comes to customers, and the method by which consumers agree to their information being shared is changing. Every sign-up or registration page you access must legally include a box to tick, to consent to receiving further information from the company, or to your details being passed on to others. However, there is no regulation on how this tickbox is labelled, which can be deceptive for anyone not paying attention. Often, the box comes pre-ticked, and you need to click again to opt out, rather than clicking to opt in – both of which are legal ways of consenting to pass on your information.
Data Privacy Laws Around the World
In the US, marketing emails are kept in check by the appropriately named CAN-SPAM Act, which came into force in 2003. The rules include: making sure a postal address is included in each marketing email – failure to do so results in a $16,000 fine per email – and a clearly-visible unsubscribe option at the bottom of each message.
Rules around this in the United Kingdom seem comparatively relaxed. Emails sent to generic company addresses are regulated much less than personal or firstname.surname business addresses. An EU-wide legislation on data protection was only finalised in December 2015, after a survey showed that 90% of European citizens wanted consistent laws across the continent.
By comparison, the Canadian Anti Spam Legislation (CASL), which came into effect in July 2014 after being agreed to four years earlier, may be the world’s strictest. Companies such as MailChimp have had to radically alter their platform for use in Canada, and some commentators have noted that it has had an inverse effect on small businesses who may be scared of inadvertently breaking the law. As the head of one Canadian not-for-profit noted, “Instead of cutting out spam, it’s cutting out communications and it’s going to inhibit commerce and enterprise.”
It’s one thing to weed out the frustrating amount of spam and unsolicited emails which find their way into your inbox on a daily basis. However, if new laws, such as CASL, which can stop legitimate companies from doing business are coming into play, perhaps a rethink is in order.