this situation has arisen twice now (I have only had 2 paying clients so far so that’s 100%). I’m therefore assuming that it will always come up and wanted some feedback on how to deal with it, law and best practice.
The issue is what happens to personal details entered into web forms and what they are used for afterwards. I have tried without success to explain gently to people that it’s at least good practice to include “opt out” links in emails sent out, or failing that have some instructions (email me at … ) or at least a policy of some sort.
The fact that they have options for one-click in the admin panel to delete people’s records (email, name, whatever) seems to mystify and annoy them. They find it inconceivable that this is in any way relevant or something they want or would ever do.
Latest situation arose when from the outset I was essentially told a form was just a kind of trick to “collect email addresses we can use later”. Getting down to the nitty-gritty of what should be on this form and what the wording should be, the client got quite angry when I made suggestions about how it could me made clear what the form was for, or having options so they didn’t get a newsletter etc. That sort of thing.
OK so there is a case where this is fine. I think I soothed them and talked them round so what we will end up with will be fine. Just a name and email box for “send me X things please!”. No confusion there. You want the stuff, you fill in the form. If you don’t, there is nothing else to use the form for anyway.
BUT it does give me the heebie-jeebies a bit thinking about things like:
-
they said from the outset something about it being a kind of email harvesting thing. So they can collect these emails “to use later”.
-
nobody seems to realise that spam is spam. People don’t like spam. You end up in the trash folder. They want to be able to opt out. They want to only get emails they signed up to get.
-
lastly and most important of all what about the law? I know there are various “good practice” issues, and I know there’s some formal document about Spam (can’t remember what it’s called but I know in theory you could get into some trouble with your web host, or be blacklisted by spam filter software. Not sure this amounts to a law of any sort, just a formal definition of spam - and one of the critical points is OPTING IN AND OUT).
-
I also know about the Data Protection Act. This is a UK law and for one thing you are supposed to keep all personal info secure for 5 years, AND you MUST destroy it on request. I’m not too sure how much it applies to the kind of data websites have about their users but I assume that if they don’t have at least a policy for destroying users’ email addresses on request then technically that’s breaking the law (say if they just never bothered).
This is an issue because obviously it’s coming up again and again. People think they can just use whatever excuse they can to get contact info and then use it forever for whatever reason they like. So far these are HARMLESS. But for all I know they could in theory sell all these email addresses to another company, or whatever.
Shouldn’t there be a written policy on the website, even just a short one? And how do you explain this sort of thing to a client without them getting cross about “I want it so what is it your problem?”
I should also add that this situation is complicated by clients not understanding that forms take a bit of coding to work, you don’t just pop them in and bingo it all just happens. I was trying to clarify the purpose of the form so that I could code its functionality properly. And getting hung up needlessly on this issue of an angry client who just thinks they don’t even need to explain clearly what the form does before people fill it in …
Maybe I am being oversensitive. But these ARE the nice clients. God help me if this is a sign of things to come - there are some shady characters about who WOULD be bullying me into doing dubious things. I need a bit more clarity on where the boundaries are and how to be diplomatic and explain simply why opt-out options are a really good idea …
Any help?