;void(0);)
In which TfL spam me, consequently revealing a leak at O2, and prompting a formal complaint to the Information Commissioner's Office.
Spam and leaks, but no pie
It's coming to something when a government entity starts buying in commercial mailing lists to spam people. This morning I received a piece of junk mail from TfL (Transport for London - formerly known as London Transport) exhorting me to try a Boris bike - sorry "Barclays Cycle Hire". TfL is a government department. The fact that every time I am up in London for every bike being ridden there are 20 still in the racks, and that they are having to resort to commercial selling methods suggests to me the scheme is one massive flop.
But that is almost by the by. The mailing list they have bought in comes - ultimately - from dubious sources. How do I know this? Because that e-mail address should not be getting general mail. I never authorise companies to "share" my details, or add me to mailing lists except those I explicitly sign up to. And unlike most people who have maybe two or three e-mail addresses at most, and therefore cannot pinpoint a leak when one happens, I have several hundred e-mail addresses each dedicated to a single task. Companies whose customer I am, national and local government departments, agencies, mailing lists, web sites, you name it - almost every single one has a separate dedicated e-mail address. And this spam arrived on an address I use exclusively for my dealings with O2. OK, if you know some of my other addresses, and also that I am an O2 customer you might make a stab at sending something there, but why would you if you already have another address?
No, it is pretty clear that O2 have had a leak of customer data. This is the second spam I have had to this address. And there have been a few "interesting" calls from 'phone touts who knew my name and address. Perhaps O2 filtered their records improperly when farming them out to an affiliate, although the people that called me sounded far from legitimate and would not, when pressed say outright that they had legitimate access to O2's records. Maybe a disgruntled employee helped themselves to a few thousand records and sold them on for some pocket money. Bottom line - they have not fulfilled their duties under the current data protection laws.
I tried to call O2 customer services to get to the bottom of this, but since being taken over by Telefonica their service levels have slowly corroded to the point where the only way to contact someone about a generic query is to select something totally inappropriate from the menu and then moan at the poor bugger that picks up the call. They will eventually put you through to somewhere. But it doesn't help in this case. O2 are hopeless. The Customer Service people have no means of escalating a complaint of this nature. All they could do was mutter platitudes, and assure me it couldn't possibly happen, and offer to put me through to the fraud team (because they "do not have a data security department", apparently).
So, immediately after getting off the telephone I filed a complaint with the Information Commissioner's Office. Ok, so the IC is pretty much a toothless wonder, but it is better than taking no action at all. Maybe O2 will get a slapped wrist; maybe not. But at least the complaint should reach the right quarters, and if someone has been dipping into the database they should get their come-uppance.
To close on a lighter note I did some quick looking into the data agency that supplied the TfL mailing list. It wouldn't surprise me if the were one of uncle Boris's pals, running shady deals on mail harvesting. Several pages of their web site are broken. Not just "doesn't quite display right" broken, but "PHP throws a fit" broken.
