Mastodawn

This may be fun.

Some may recall my battle with #NHS who refused to update my email address as only 6 characters. I sold the domain I was using and raised with ICO where literally someone else was getting notices about appointments and medications. ICO said NHS has “correct email address” (a lie). I even took to parliamentary ombudsman who said ICO did nothing wrong (another lie). #GDPR right to correct personal data is clearly ignored when it is the NHS!

I had given up. But …

Last year NHS login says that my email on NHS login is not the same as doctor’s surgery and would I like to update it. Oooh. I said no, and told my doctor’s surgery to update to my usual short address.

Now they have done again and I have said yes.

They say they have saved my details.

This could be fun.

I am hoping that this time is different on basis…

- they asked me to update my details
- they suggested that short email address
- they stated they have updated my details

I really cannot see that they can claim #GDPR does not apply yet again.

The last “accepted" (as evidenced by screenshot) email address is the short one. ICO cannot claim a different one is “correct”.

[sorry if too #sarcastic, I cannot help myself sometimes]

I should have worded it more that they offered to change contact details and *I* accepted the change they suggested.

I'll probably have to phrase it that way when they come back and say "we cannot accept short email addresses".

It is fair to say they offered, and I accepted, I think, and that is the end of the matter.

Alan Clifford 🏌️‍♂️🦈 📷1d ago

@revk
If they couldn't accept short email addresses I'd be tempted to go the other way to 64 characters. Then it would be, "we cannot accept long email addresses".

Tim Ward ⭐🇪🇺🔶 #FBPE 1d ago

@revk It's slightly surprising that anyone is letting you update an email address anyway ... all too often it's used as all of (a) user name, (b) primary key, and (c) second factor authentication key.

@TimWardCam Yes, but you have to allow email address update, by law, it is personal information. That has been my issue all along.

Tim Ward ⭐🇪🇺🔶 #FBPE 1d ago

@revk Interesting. How do web sites that use the email address as the account name handle that, I wonder.

Shaun McDonald 1d ago

@TimWardCam @revk do they use that field as primary key and have a separate hidden user id?

Tim Ward ⭐🇪🇺🔶 #FBPE 1d ago

@smsm1 @revk Well, that's the sort of thing they should do, but one does have to wonder how many actually work that way.

@TimWardCam @smsm1 On the rare occasions i have done it, I update the primary key on the record. *AFTER* validating the new email and emailing the old one.

@TimWardCam @smsm1 I have made and used many systems - the email as main key has been used a handful of times so as to avoid people having to also know a separate ID of some sort.

I think for *normal* people that helps.

NHS would cope if they had not made a system with min email length, but in principle that is legally no different to making a system that does not allow a 3 in a phone number. It is stupid and the consequence is you have to fix the system.

Tim Ward ⭐🇪🇺🔶 #FBPE 1d ago

@revk @smsm1 Certainly forcing people to remember a different account name is a pain.

One downside of using the email address as primary key is that it makes it difficult, or impossible, for one person to have two separate accounts. For example, one for themselves and one for the relative who doesn't do email and whose affairs they're managing under PoA.

Shaun McDonald 1d ago

@TimWardCam @revk luckily most places support plus addressing that deals with that issue.

@smsm1 @TimWardCam @revk still frustrates me the number of places that won’t accept + addressing but it is getting less and less thankfully

@staustellsimon @smsm1 @TimWardCam I use a domain with wildcard local part. Still some places get upset with theirowncompanyname@...

Tim Ward ⭐🇪🇺🔶 #FBPE 11h ago

@revk @staustellsimon @smsm1 My ISP no longer supports a catchall mailbox. I can set up any email addresses I like on my domain but I have to do each one manually.

@TimWardCam @revk @smsm1 that’s the issue I have hence going the + route

@TimWardCam @revk @smsm1 yeah I’ve had a few companies caught confused with mail+theircompanyname@ 🤭

Tim Ward ⭐🇪🇺🔶 #FBPE 10h ago

@staustellsimon @revk @smsm1 Just tried sending myself a plus-addressed email. Didn't arrive, and no bounce message, so looks like my ISP just silently drops it.

@TimWardCam @revk @smsm1 😔

Hambone Fakenamington 9h ago

@staustellsimon @TimWardCam @revk @smsm1 I'm yet to report a gdpr messup with one of the three manor UK mobile networks sending me their own customer opt out requests! I opted out with [email protected] and somehow they've ingested it into their processes and now I get sent opt out requests from other customers!

Shaun McDonald 8h ago

@CenturyAvocado @staustellsimon @TimWardCam @revk that's impressive. Has it been done AI doing it automatically.

@smsm1 @CenturyAvocado @TimWardCam @revk 🫣

@staustellsimon @smsm1 @CenturyAvocado @TimWardCam IIRC we had a bt@ or something and they left it in the Cc list in discussions that followed about our complaint, and how they were going to deal with it, which was highly interesting, and rather revealing.

@revk @TimWardCam it’s surprisingly hard to get this stuff updated. Ditto your name. I have spent so much time and energy getting some companies to update my details it is unreal. So many arbitrary “rules” and “procedures” and companies utterly clueless on GDPR obligations.

Tim Ward ⭐🇪🇺🔶 #FBPE 11h ago

@vikki @revk Oh, and for PoA use case, some financial institutions, including high street banks, can't cope with more than one *physical* address being associated with an account - "this is my address, I'm the attorney send all correspondence here, and that is their address, that's where they live, send new cards there".

@revk My husband kept getting NHS phonecalls to remind him to attend someone else's hospital appointments. It took us months of repeated contact by phone & email to finally stop them. We were worried about the patient, especially because it was a cardiac department involved.

samir, an unknown quantity 1d ago

@revk Good luck!

I just found out that my email address “doesn’t look right” so HMPO rejects it.

It’s the same as my Mastodon handle. I get a lot of emails on it. But these vanity TLDs, new concept, right?

Then they tried to auto-correct my fastmail.com-generated one to fastmail.co.uk, which is just dangerous.

Who comes up with these rules?

Simon Zerafa 1d ago

I have registered a three.two letter domain, is this likely to cause me trouble if I actually use it? 😕

@simonzerafa @samir probably not IMHO

Simon Zerafa 1d ago

I'll test it first on a few less critical services but having a very short email domain (and total address) seems very cool 😄

@simonzerafa @samir @revk I have the format [email protected] and haven't had any issues yet.

@glaringanomaly @simonzerafa @samir yeh, this is [email protected] format

Colman Reilly 1d ago

@samir @revk fucking idiots.

So my wife is an accountant and does payrolls for 30 clients. There’s a new sort of obligatory pension thingy in Ireland so she has to deal with that online system now. When the system sends an email alerting to an issue there is no identifying information so she has to start logging into each in term and check the account.

I thought the “[email protected]” pattern would save her. Not accepted as a valid address. 🙄🙄🙄🤦🤬

samir, an unknown quantity 1d ago

@Colman @revk How… helpful. Gotta love it when these things are shipped without testing them on anyone who actually uses them.