The idea of a Charlton email unsubscribe / marketing database boycott has been discussed on a few other threads but was sort of off-topic and not really followed up, so I thought I'd start a dedicated thread for it. Hopefully, the idea can gain some traction and we can get something organised.
The basic scheme is to mass request the removal of our personal details from Charlton's marketing database, which they will be obliged to do under Data Protection legislation. This will hopefully have the effect of damaging their marketing operation and devaluing their marketing lists for their corporate partners/sponsors, as well as causing the club an unwanted admin burden in dealing with the requests that have to comply with by law. It would also give those who are unable to attend protests in person at the ground an opportunity to participate in action against the owner.
I've seen mass email protests where a single website is set up for protesters to enter a few basic details (name/email etc.) and mailer software in the background mailmerges it into a standard format email and shoots if off automatically to to the target. I don't really have the IT/web design skills to put that together but surely it shouldn't be too difficult. If its a one-stop, two minute job to register a protest online it would be easy to facebook/twitter it all over the place just like successful Olympic stadium petition.
Standing in a car park shouting has its place, but its finished after a couple of hours. Hopefully a direct action like this can cause them ongoing, daily grief over weeks and months.
Any takers?
2
Comments
Please note that it is not asking for removal of data in the first instance.
There are a few omissions which I may need help with, especially the data manager at the club, but I have addressed it to Katrien as the overall final person with ultimate responsibility.
Dear Katrien,
I am writing to you as CEO of Charlton Athletic, and as the person who has ultimate and overall legal responsibility regarding any data you may have about me.
According to the Data Protection Act 1998, part 7, (subsection 1a) I am entitled 'to be informed by any data controller whether personal data of which that individual is the data subject are being processed by or on behalf of that data controller.'
I believe that I may have data about myself on your system because (add or delete where needed) I am a red card holder number ????/ I have in the past had a season ticket seat and number/I am at present a season ticket holder). I would like to check, as is my entitlement by law, what if any data you hold about me and if it is accurate or needs updating.
I would also like to know the system you use to monitor any data in order to keep it up to date, and the names of any individuals you share such data with, or any companies or organisations you share such data with. If my data that you hold is shared with a company or organisation I would like you to inform me of the name and contact details of the data controller of that company.
Subsection 8 of part 7 of the Data Protection Act 1998 says: 'a data controller shall comply with a request under this section promptly and in any event before the end of the prescribed period beginning with the relevant day.' I have dated this request (xxxxxxx) and therefore I expect the information to be supplied to me in full by (xxxxxxx) which is within the time frame of the Data protection Act 1998 of which I am sure you are fully aware.
If I find the data you supply to me to be inaccurate, or in need of change or amendment please also inform me of the method you use to make any changes.
I am also confident that you fully understand that failure to comply with my request is an offence under law.
In order to get you started my name is: xxxxxxx
My address is: xxxxxxxxxx
My landline is XXXXXXX
my mobile is XXXXXXXX
and my email is XXXXXXXXXXX
Yours sincerely
XXXXXXXXXX
That's the best I can do for now, but any suggestions or changes would be welcomed.
Seth's wording may be the way forward but I am no data security expert.
I'm afraid that I can't help with this one either but would happily forward the template to others and gladly comply myself.
When organised & confirmed as "hitting the spot" I'm sure AFKA would add this to his sticky closed announcement regarding current actions being taken.
I would suggest you don't make it too easy for them in the first instance, I would merely ask what data they hold on you/me to ascertain in the first place if it's correct (don't give them the chance to change it before they reply).
If it's inaccurate you can ask what processes they have in place for keeping it up to date and accurate, which is all part of the act. None, is my guess.
I think the idea behind this is to make it a long winded process and tie somebody up doing it at the same time, so it's a long game we need to play.
As said, we need enough requests to make it worthwhile, but I'm sure it can be refined.
Just a suggestion.
Found something and answered my own question.
http://www.itgovernance.co.uk/dpa-penalties.aspx
Something along those lines to begin with.
But....
How do people feel about Valley Gold ?
Do we all stop our money going towards that scheme ?
I have also read that some requests have to be answered without the £10 fee.
Ideally I would like to construct something that would have no cost, and would have to be responded to in 21 days. If anybody actually knows this stuff please post it on here because my online research is a bit convoluted.
Should have said.......
If we all agree to get our data removed (which I'm in agreement with), and not read their Facebook, Twitter, official accounts, would/should we still fund @ValleyGold ?
Thanks in advance.
[Your full address]
[Phone number]
[The date]
[Name and address of the organisation]
Dear Sir or Madam
Subject access request
[Your full name and address and any other details to help identify you and the information you want.]
Please supply the information about me I am entitled to under the Data Protection Act 1998 relating to: [give specific details of the information you want, for example
your personnel file;
emails between ‘A’ and ‘B’ (between 1/6/11 and 1/9/11);
your medical records (between 2006 & 2009) held by Dr ‘C’ at ‘D’ hospital;
CCTV camera situated at (‘E’ location) on 23/5/12 between 11am and 5pm;
copies of statements (between 2006 & 2009) held in account number xxxxx).
(in our case it would be mailing lists, computer records held of our personal details etc...)
If you need any more information from me, or a fee, please let me know as soon as possible.
It may be helpful for you to know that a request for information under the Data Protection Act 1998 should be responded to within 40 days.
If you do not normally deal with these requests, please pass this letter to your Data Protection Officer. If you need advice on dealing with this request, the Information Commissioner’s Office can assist you and can be contacted on 0303 123 1113 or at ico.org.uk
Yours faithfully
[Signature]
Data Controller details on the club can be found here: https://ico.org.uk/ESDWebPages/DoSearch?reg=65511
Just a thought but should the letter be sent by (whatever it's called) registered post or similar so they can't just claim they didn't get the letter?
And who is the person/department/email address responsible at the club?
If we can tie them up in rings responding to database enquiries, it has to be worth a go...but we need a consistent format for our letters.
Top work @seth plum and co with the templates, although I know nothing about the charges they could impose.
This is one of the few things I can get involved with from here, so will certainly support the final decision, even if it does cost £10.