UKC

Data Retention

New Topic
This topic has been archived, and won't accept reply postings.
 FesteringSore 28 Dec 2016

I went into a branch of a major retailer today to get a refund on a returned item. During the transaction the assistant asked for my post code. I told him I was reluctant to let him have it as, in the past I have been subsequently inundated with unsolicited advertising. He said he needed it in order to authenticate the refund to my card and showed me the computer screen where he had "unticked" the option for being sent mail shots. I did notice however that his data base had my address on it along with my name. There were similar entries for many of my neighbours.

I personally object to retailers being able to retain(apparently indefinitely)such information.

Does anyone know what rules retailers are bound by on this matter and can I ask for my details to be removed and NOT entered during subsequent transactions?
Post edited at 20:40
 The New NickB 28 Dec 2016
In reply to FesteringSore:

It was quite useful when I got burgled last year. The major electrical retailer that had sold me quite a lot of what was stolen was able to resend me receipts for everything I had bought from them over the last 7 years.
 Big Ger 28 Dec 2016
In reply to The New NickB:

I use it when electrical goods give up the ghost, our local "Good Guys" are dead handy on the replacement front as they have your details and purchases on their system
 BnB 28 Dec 2016
In reply to FesteringSore:

You have the right under the data protection act to request what information is held that pertains to you, and you may ask them to delete the data and they must comply unless it is held for electoral or public safety reasons.
OP FesteringSore 28 Dec 2016
So, if I go on to a retailers web site without entering any personal information(name, address) but merely to see if they stock a particular product are they able to glean any data from things like my IP address?
 Big Ger 28 Dec 2016
In reply to FesteringSore:

They may glean something from your tinfoil beanie.
Removed User 28 Dec 2016
In reply to FesteringSore:

No. That's not how an IP address works. The only way an IP address can be resolved to a subscriber (the person that set up the account mind you, not the person currently USING the address) would be for a court order to be sent to your ISP from some sort of police force.

IPs can't be used to find a person by name or address. They don't point to a house, just the geographic location of the local exchange that serves the connection to your address.
1
 Lurking Dave 28 Dec 2016
In reply to FesteringSore:
Seems excessively paranoid when it comes to mail shots... but if you want to limit IP addresses (more likely cookies) being used then in order...

1) use incognito mode
2) VPN
3) ToR
4) TAILs

The further down this list the more secure... and less convenient.
LD
Post edited at 23:46
1
In reply to FesteringSore:

Not so much from your IP address. But they could get a fair bit from the cookies on your computer.
 Phil Anderson 29 Dec 2016
In reply to tom_in_edinburgh:

I thought sites could only read their own cookies. Is that not the case? Genuine question.
 wintertree 29 Dec 2016
In reply to FesteringSore:

> There were similar entries for many of my neighbours.

That you know this rather suggests poor data protection training for the store staff, poor information security and a breach of the Data Protection Act...

Not surprising really, but disappointing.
 JoshOvki 29 Dec 2016
In reply to Phil Anderson:

> I thought sites could only read their own cookies. Is that not the case? Genuine question.

This is perfectly correct. The problem is some sites add in a script from another site (say facebook like UKC does), and if this is on enough sites they can trace you like that.
In reply to Phil Anderson:
> I thought sites could only read their own cookies. Is that not the case? Genuine question.

If you look at the page source for the average commercial website you'll see several places where it is loading script from other websites. Some of these will be from services like Google AdWords which will be setting up cookies owned by Google Adwords on your PC. Because millions of websites are in Google's network those cookies can cross reference activities across a lot of websites even though the cookies are only accessed through Google Adwords. This is how they can do things like if you look at a product on one website adverts for that product follow you around when you browse onto other websites, it also lets them count 'unique' visitors and see if someone has come back more than once.

Some of this data is available to advertisers on Google for demographic targeting based on interests or rough location. They don't give advertisers access to addresses or anything as specific as that, however, since most people will have a Google account (which will have involved providing your name and address) I'd say it was likely they could cross link a cookie to an address if they wanted to and possibly would if the cops/a court asked them to. Facebook and Microsoft could have a good go at it too.
Post edited at 12:22
 Phil Anderson 29 Dec 2016
In reply to tom_in_edinburgh:

Thanks for the detailed response Tom (and also Josh). That makes sense.
 JoshOvki 29 Dec 2016
In reply to tom_in_edinburgh:

Much better explained than my attempt.
 Rob Exile Ward 29 Dec 2016
In reply to FesteringSore:

'I personally object to retailers being able to retain(apparently indefinitely)such information.'

I personally object to the government holding data about me other than the bare minimum that is absolutely necessary to enable me to obtain the legitimate benefits of my citizenship.

Retailers, I couldn't give a toss. What are they going to do? Beat me to death with emails?

All this DP business is quite ironic in some ways, back in the 50s/60s towns used to publish the personal details of inhabitants, together with their address and telephone number. People used to object if they weren't listed or the details weren't correct. Very handy no doubt I was too. (I can't really remember this but I have a copy of a directory with my Dad listed in it.) Why have we become so paranoid now?
 aostaman 30 Dec 2016
In reply to FesteringSore: I am not a techy but it sounds like they were looking at a PAF (postcode address file) which brings up every house address under the postcode you provided. See below link

http://www.royalmailgroup.com/royal-mail-unveils-improved-access-postcode-a...

My solution to the junk mail problem is to have a second email address which I give only to retailers. I check it once a month or so.



New Topic
This topic has been archived, and won't accept reply postings.
Loading Notifications...