View Single Post
Old 14 Apr 2018, 05:34 PM   #19
lpn
Member
 
Join Date: Apr 2007
Posts: 72
Quote:
Originally Posted by brong View Post
...
Given that there was no timely element involved:

* the exposed data was an email address
...
Without going into a discussion whether GDPR is relevant or applicable to Fastmail, in many cases an email address is considered personal information under GDPR. What I am trying to say is that the email address is a sensitive information and should not be released to a third party.

Moreover in this case a survey could have technically been done without releasing any email addresses to the third party, e.g.
  • in-house hosted survey, or
  • creating temporary forwarding addresses that are to be given to the third-party and the one email from that company could have been forwarded to the real email address.
  • another option is for the survey company to create a list of links and these to be put by a script as email messages in the recipients' mailboxes or displayed in the web interface upon login.
lpn is offline   Reply With Quote