Mastodawn

This may be fun.

Some may recall my battle with #NHS who refused to update my email address as only 6 characters. I sold the domain I was using and raised with ICO where literally someone else was getting notices about appointments and medications. ICO said NHS has “correct email address” (a lie). I even took to parliamentary ombudsman who said ICO did nothing wrong (another lie). #GDPR right to correct personal data is clearly ignored when it is the NHS!

I had given up. But …

Last year NHS login says that my email on NHS login is not the same as doctor’s surgery and would I like to update it. Oooh. I said no, and told my doctor’s surgery to update to my usual short address.

Now they have done again and I have said yes.

They say they have saved my details.

This could be fun.

I am hoping that this time is different on basis…

- they asked me to update my details
- they suggested that short email address
- they stated they have updated my details

I really cannot see that they can claim #GDPR does not apply yet again.

The last “accepted" (as evidenced by screenshot) email address is the short one. ICO cannot claim a different one is “correct”.

[sorry if too #sarcastic, I cannot help myself sometimes]

I should have worded it more that they offered to change contact details and *I* accepted the change they suggested.

I'll probably have to phrase it that way when they come back and say "we cannot accept short email addresses".

It is fair to say they offered, and I accepted, I think, and that is the end of the matter.

Alan Clifford 🏌️‍♂️🦈 📷4h ago

@revk
If they couldn't accept short email addresses I'd be tempted to go the other way to 64 characters. Then it would be, "we cannot accept long email addresses".

Tim Ward ⭐🇪🇺🔶 #FBPE 7h ago

@revk It's slightly surprising that anyone is letting you update an email address anyway ... all too often it's used as all of (a) user name, (b) primary key, and (c) second factor authentication key.

@TimWardCam Yes, but you have to allow email address update, by law, it is personal information. That has been my issue all along.

Tim Ward ⭐🇪🇺🔶 #FBPE 7h ago

@revk Interesting. How do web sites that use the email address as the account name handle that, I wonder.

Shaun McDonald 7h ago

@TimWardCam @revk do they use that field as primary key and have a separate hidden user id?

Tim Ward ⭐🇪🇺🔶 #FBPE 7h ago

@smsm1 @revk Well, that's the sort of thing they should do, but one does have to wonder how many actually work that way.

@TimWardCam @smsm1 On the rare occasions i have done it, I update the primary key on the record. *AFTER* validating the new email and emailing the old one.

@TimWardCam @smsm1 I have made and used many systems - the email as main key has been used a handful of times so as to avoid people having to also know a separate ID of some sort.

I think for *normal* people that helps.

NHS would cope if they had not made a system with min email length, but in principle that is legally no different to making a system that does not allow a 3 in a phone number. It is stupid and the consequence is you have to fix the system.

Tim Ward ⭐🇪🇺🔶 #FBPE 7h ago

@revk @smsm1 Certainly forcing people to remember a different account name is a pain.

One downside of using the email address as primary key is that it makes it difficult, or impossible, for one person to have two separate accounts. For example, one for themselves and one for the relative who doesn't do email and whose affairs they're managing under PoA.

Shaun McDonald 7h ago

@TimWardCam @revk luckily most places support plus addressing that deals with that issue.

@revk My husband kept getting NHS phonecalls to remind him to attend someone else's hospital appointments. It took us months of repeated contact by phone & email to finally stop them. We were worried about the patient, especially because it was a cardiac department involved.