Monday 30 June 2008

o2's Market Research Data Protection Meltdown!




The story so far: My broadband supplier, o2 invited me to take part in an online market research survey. They promised not to use my email address for any other purpose.

I happily took their survey - they provide a great service but then o2 broke their promise. Since taking the survey I've been emailed by 2 more research companies.



Who else has o2 shared my personal information with?

When I first called o2 to complain that their market research company (TNS) appeared to have shared my email address with another marketing company (Valued Opinions) they denied even carrying out research, 'That's just spam' they said. Then I sent them the emails.

After investigating o2 put the survey on hold while they investigated the link between TNS and Valued Opinions. And I was happy about that.

But almost immediately after I put the phone down on my last conversation with o2's manager I received another email. This latest email invites me to take part in a focus group about my o2 mobile phone. o2 will pay me £60 to hear my feedback. Importantly the email wasn't from o2 - it was from a company called Indiefield.

When I called the person named in Indiefield's email I discovered she didn't even work for Indiefield. So I was interested in how she got my email address - especially as I had just complained to o2. In fact it turned out she hadn't sent out the invitations and she didn't know the email would give out her personal email address and phone number. All weekend she's been inundated by o2 customers hoping to claim their £60. That's not very professional is it o2?

So now o2 has shared my email address with 3 separate companies. Who else do they plan to share my details with?

I checked the privacy declaration I made when I signed up with o2 and was reassured to see that I had restricted access to my email address to o2 - for their use alone, no third parties. (o2's website also advises customers how to avoid spam by - keeping their email address private!).

I'm happy to take part in market research, after all that's how companies gain customer insight to help develop and improve their services. I took part in o2's broadband survey willingly. I was reassured that o2 wouldn't use my email address for anything else. If o2 want to ask me about my mobile phone that's fine too - but only if o2 has the courtesy to ask first. Don't just go handing out my email address o2 - if you make so freely with my personal information how can you be sure the people you give it to will won't do the same?

Today I've emailed o2's Chief Executive Matthew Key to ensure o2 is aware of its obligations both to its customers and under the Data Protection Act.

Of course I could type Mr Key's email address here in case o2 has been careless with your email address too. But I have more respect.

I'll let you know how o2 reply...

3 comments:

Unknown said...

TNS (Taylor Nelson Sofres) and Valued Opinions (owned by Research Now Plc) are both respected research companies, bound by the MRS code of conduct (MRS.org.uk). Would be surprised if they were doing anything dodgy (really surprised). Indiefield are a fairly well known data collection agency too (similarly bound I believe).
Possibly what's happened here is that O2 has you down as willing to take part in surveys and so are using their partners to contact you (though normally the best practice would be for O2 to send you the invitation and then for the research company to carry out the research and then "hand you back" to O2). This is normal practice and ensures that you a) get invited and b) do the survey and c) the research company does NOT have your email address as the invite came from O2.

There are no legal links between these companies that I'm aware of. Research Now will probably provide online sample to TNS. Not vice versa though - Research Now would almost definitely not be paying TNS for anything. So I can't imagine they are sharing your email address around.

Difficult to say what's happened here really but I would say all these companies are fairly respectable and bound by industry codes of conduct. Keep all the emails and contacts as they will have links in to identify the survey projects and so your email could be tracked via that.

Jerry Foulkes said...

Chouchou, thanks for sharing your insight.

I did research these companies and so I discovered they are legitimate.

I did agree to take part in the TNS survey - but I am not aware of having given my consent for TNS to pass my email address (or share the results of my survey) to Valued Opinions.

Similarly if o2 want to invite me to take part in mobile phone research that's also fine - but I'd rather they asked me personally (as you describe).

My understanding of the Data Protection Act is that the data holder should seek permission for each new use - the first TNS email gave an assurance my email address would not be used for any other purpose.

That's 3 companies o2 have shared my email address with now. They could easily have sent out the invites from the 02 servers which would have been much more professional (again, as you describe). This would also prevent problems when customers like me call to complain - and o2 respond that it's nothing to do with them!

Finally I'm very surprised that a respected market research company (Indiefield) would send out a mass email with a researcher's personal contact details without alerting them first.

None of this reflects well on 02 who should show more respect for their customer's personal data and privacy - especially as they hold so much data.

I'm very happy to take part in some market research, but I'm not happy to have my email address circulated without my consent.

Anonymous said...

Hello CE,

I'm Tara and I'm the MD of Indiefield. I stumbled across this article (great site by the way) and would love to help you and shed some light on what has happened here. I don't know the exact project off the top of my head but I can assure you we keep meticulous and detailed records of every study we work on and what you have described (person you called not knowing about the research) is absolutely not how things should work at all. Will you help me look at this, so if there is a process to improve I can improve it?

I'm saying this because we take our role as ambassadors for the market research industry very seriously. I represent what is literally the front line - whereas TNS, GFK, MORI etc are the high profile names, they often use the services of firms like us to “collect the data”. That means knock on doors, phone people, invite them to take part – we either interview there and then or “recruit” to a focus group or car clinic. I want the people we contact (you) to be assured that they will be cared for and to know that we’ll look after them. Further, the data we have is totally secure and not sold on etc etc. By the way, when I say “front line” this isn’t loaded in anyway. I’m not speaking for the firms you’ve mentioned. I’m speaking as the MD of a company who is tasked with ensuring people feel willing, good and safe about taking part in research events be they online, by phone or face to face.

Please can you email me? tara@indiefield.co.uk or call me on 020 8245 8000 as I want to know more and look into our process. We have a strict data security policy and I want to investigate this.
We run research events all the time. Take a look at www.indiefield.net.

Anyhow, please do contact me.

All my very best,

Tara Lyons
Director
www.indiefield.co.uk