[LINK] govt misuse of personal information [was: Draft NSW ICT strategic framework]

Scott Howard scott at doc.net.au
Sat Nov 26 03:07:51 AEDT 2011

On Thu, Nov 24, 2011 at 3:28 PM, Jan Whitaker <jwhit at melbpc.org.au> wrote:

> There is another insidious thing happening that is even worse.
> Government agencies have outsourced their emailing lists to 3rd
> parties and not told anyone. I came across that with a major fed
> agency newsletter. If I hover on the links in it that come in an
> email, the address is routed via that mailing service. That means
> they can track user activity without the knowledge of the individual.

I'm a little confused.  Which part is the "insidious" part - the fact they
are using an ESP (Email Service Provider) for delivering their newsletters,
or the fact that the ESP is doing click-tracking on behalf of the sender?

Both of these are extremely standard practices for anyone sending
newsletter-style email - I'd guess well over 95% of all companies are doing
exactly this for at least some of their bulk email.  This is not in any way
a core competency of any part of the government, and I'd suggest that not
doing this would be irresponsible of them and probably far more likely to
lead to mistakes occurring and misuse of this data.

I complained with the agency and demanded that I be removed from the
> newsletter OR that they reveal the 3rd party OR that they expose the

The 3rd party will be collecting this data on behalf of the sender, not for
their own use.  It's information that can be used to tailor future
communications, not just in a general sense, but also in terms of reducing
spamming, and reducing the incidence of such newsletters being caught by
users anti-spam software.

Perhaps you're suggesting that the government should also never use a
publicly-owned courier company for delivery for documents - after all, the
courier company will probably ask for a signature from the recipient, and
who knows what they could do with that information!

They don't seem
> to understand the problem that they gave what may be a personal
> address to a 3rd party and that they are tracking behaviour.

They are tracking behavior, on behalf of the sender, no doubt with a very
good contract/NDA in place.  I suspect it's not a matter of them not being
able to "understand the problem", but much more them not believing there's
a problem to begin with - and I for one would have to agree with them.


More information about the Link mailing list