On 03/06/2022 10:10, Roland Perry wrote:
> In message <
jfrm8h...@mid.individual.net>, at 12:46:24 on Thu, 2 Jun
> 2022, Simon Parker <
simonpa...@gmail.com> remarked:
>> On 02/06/2022 11:21, Roland Perry wrote:
>>> In message <
jfphsv...@mid.individual.net>, at 17:19:43 on Wed, 1
>>> Jun 2022, Robert <rob...@invalid.invalid> remarked:
>>
>>>> You are relying on the security of the Royal Mail system.
>>>> Although the address tells everyone that there are stamps, under
>>>> £200 worth, in it , it is no different from sending something
>>>> Special Delivery or Tracked which indicates the item will have some
>>>> value.
>>> It's necessary to think through the point at which things are
>>> stolen, and by whom; plus the practical difficulty of laundering
>>> large numbers of stamps. *Especially* the barcoded ones, because if
>>> "lost in the post" is reported back by the public, they can be
>>> flagged as stolen.
>>
>> You seem to be suggesting that Royal Mail are keeping a record of the
>> specific serial numbers of barcoded stamps issued to a specific
>> customer as part of the swap out scheme.
>
> Why wouldn't they?
A number of reasons. In no particular order:
- the actual part of the system that will handle the "track and trace"
part of the new barcode isn't implemented yet and is a "Version 2
feature" so the ability to record the data may not actually yet exist.
- it would require collection and processing of data far in excess of
that required and some / many / most (*delete as applicable) would
consider it an invasion of privacy.
I have no issue in Royal Mail knowing that the stamp I just used to post
a letter to <recipient> came from book of stamps serial number <12345>
which was printed on <date1> and distributed to post office <ID> and
purchased on date <date2>. There's none of my personally identifiable
information there.
However, if Royal Mail are keeping records of the nature you suggest,
there are significant privacy concerns raised.
They would, for example know that stamp ID <ID> was issued to customer
<customer number> as part of the swap out scheme. <Customer number> can
then be used to obtain the customer's name and adddress.
Once the "Track and Trace" element is added, Royal Mail will know that
stamp <ID> was used to send a letter which was posted in post box <ID2>
on date <date> and the recipient's name and address <recipient>
They could build a database of people writing to each other and create
associations in the data which the ordinary customer might not have
consented to merely by swapping out some old stamps for some with barcodes.
>> Can you provide a cite to where such data collection and processing
>> would be permitted within Royal Mail's privacy policy?
>>
>> Can you further confirm whether you definitely know this to be the
>> case or are merely speculating that it is theoretically possible?
>>
>> Finally, given your background, do you have a view on how the ICO
>> might consider this data gathering exercise as it would allow data
>> processing and analysis beyond a point at which many people might be
>> confrtable.
>
> I will leave such questions to those who have a pressing need to know,
> but it does seem unlikely to me that RM would go to all the trouble of
> manufacturing and distributing barcoded stamps, and then have a privacy
> policy which forbids tracking them.
I have a "desire to know" rather than a "pressing need". And I don't
object to the tracking, per se. However, Royal Mail building a database
behind the scenes of people that write to each other does seem a little
Orwellian. (As stated above, anonymised tracking of data makes good
business sense, but knowing that Customer <ID1> writes regularly to
Customer <ID2> does strike me as a step too far.)
I've e-mailed Royal Mail's data protection officer to ask them to
clarify what data is collected with the new stamps, how it is currently
processed and how they plan to process it in the future once the new
system is fully up and running as designed.
> (Nor do I expect RM to have failed to get ICO approval for whatever they
> are doing; and in any event "preventing fraud" usually trumps most
> privacy law).
A good friend works in the ICO. (It isn't too far from where I live.)
I shall ask them informally if they know or can find out if RM did
undertake such an exercise and then make a FOI request for details
should they be able to confirm it happened.
"Preventing fraud" would only require recording the details of stamps
issued in the swap out scheme until they had been successfully
delivered. If at that stage, the recipient's data is anonymised, (the
same as it would be if purchasing from a Post Office counter and paying
by cash), then I don't have an issue.
Similarly, I don't have an issue with Royal Mail collecting data to
analyse to improve the efficiency of the business.
I draw the line at building a database behind the scenes containing
details of people that know each other.
I accept that YMMV and indeed that others may draw the lines elsewhere.
Regards
S.P.