I guess I shouldn't have been surprised when a recently-added - since deleted - business contact on LinkedIn behaved in a way that I view as abuse of the networking site, and decided to use my e-mail address, and goodness only knows how many others, to test an e-mail engine.
Spam via LinkedIn is not anything new; I'm sure everyone with a profile on the site has been sent some useless, or offending, e-mails at some stage. I had one about changes to human resource policies in Australia, or some such.
When I had the temerity to complain, I was told I had - in fact - signed up; which would have been rather off behaviour for me, because I do not, as a rule, sign up for anything. After challenging the forthright personage, it transpired that because I'd left all the default tick boxes - contact me for networking, etc - ticked, she took this as me opting in for junk.
That contact has been deleted. As has another, who thought I'd be keen on whatever junk he was flogging.
Oh, behave
I cannot be alone in this, but I feel this sort of behaviour breaches the point of a business networking site. It's not there as a mass e-mailing tool - it's there to make connections.
LinkedIn agrees: "LinkedIn is a professional networking site and we expect members to keep all content professional."
What really angered me was when I received a mail thanking me for signing up to an e-mail list I had never heard of, and really wouldn't be interested in anyway. The mail even included my password so that I can manage my account.
Before I could investigate any further, an apology arrived in my inbox. Considering the abuse of my personal information, I don't think Ben from 5p grovelled nearly enough. At least he had the common sense to BCC everyone to whom the company apologised - I suppose that's a small mercy.
Simply, Ben said: "Please note that you are not subscribed to our mailing list. We were testing a mail servers functionality to add to our Web site. When we did a mass upload of e-mail addresses, it sent a welcome note to you and this shouldn't have happened. We are currently connected on LinkedIn and that is where i got your e-mail address from." (sic)
I've left the bad grammar in, because people who misuse your personal information and then send a badly written, nonsense apology, deserve to have their grammar showcased in public, even if I didn't tell you I was going to do so.
Not so sorry
But wait, it gets better. Ben offers the company's sincerest apologies for this misunderstanding, before adding that I will be spammed by this same company every few months with specials on Web site design and hosting. Nice.
Obviously, I demanded more information, and told the chap emphatically that I did not want anymore anything from them.
Ben concedes the "idea was never to send you a mail, we were testing the ease of unloading mailing lists as we resell and manage this. The only list we have of that size is our LinkedIn list."
I'm sure many other companies abuse personal information in this way, and stay schtum about it.
So, Ben and his company, 5p, scalped e-mail addresses off LinkedIn to "test" a spamming server, and inadvertently spammed goodness knows how many people. No, it's not the spam that got me, that is a daily argument. It's the fact that Ben, and his company, in their wisdom, thought it would be acceptable to scalp my e-mail address off LinkedIn and turn me into a virtual guinea pig.
Sure, they told me about it. They had no choice once the sign-up e-mail had gone out, and if not for that, they may never have revealed what they had done. I'm sure many other companies abuse personal information in this way, and stay schtum about it.
Clamping down
Alas, sorry for them and their ilk. Soon, I hope, we will have a law that will prevent exactly this sort of abuse.
The Protection of Personal Information Bill, currently in its 10th or so draft, is making its way through the Parliamentary process and may even become binding this year. The first consolidated piece of privacy legislation in the country, it dictates how and for what personal information can be used. It also stipulates how data must be stored securely, and forces companies to tell people if their information has been breached.
Non-compliance carries hefty penalties under the proposed legislation, with fines of as much as R10 million for breaches. In addition, information breaches have to be disclosed, which could cost companies more in reputational damage than the actual fine.
Although the Protection of Personal Information Bill will not stop people using Google as a source of personal information, it should stop 5p in its tracks. Obviously, Ben got my address because he asked me to be a LinkedIn connection, and not thanks to random Internet surfing. That puts what the company did under the scope of the pending law.
Sadly, Ben is well aware that what he did will soon be illegal, because what he did amounts to processing my personal information without my permission. Although, he seems a bit confused as to when the new law will actually be in effect.
"As far as that law goes, yes it is illegal, that is why we sent a mail to apologise, as our intention was never for anyone to receive this e-mail."
My translation: "We're so sorry we were bust by our software."
Sure, it's just my e-mail address, but Ben and his friends could have scalped so much more information off the Internet, or through various other methods, such as any data source for which one has to pay to get information.
Starting with what is available on the Internet, which is not subject to the pending law, people like Ben could run amok, searching paid databases for more and more information. That's a recipe for disaster, because it doesn't take much digging to have enough information to pull off identity fraud.
I can't wait for the law to come in. Its biggest stick will not be the fine, but that companies that break it will be ousted, in public. That will stop people from using those companies, forcing compliance. I guess that's a lesson Ben et al have already learned.
Share