PGP Advisory Board
Email Marketing Gaffe
Tuesday, March 24th, 2009
As you may have read in John Leyden’s article in The Register, “PGP email marketing gaffe creates message storm,” one of our Business Development people sent out an email to some 290 customers who are evaluating PGP Desktop.
The person in question pasted all the email addresses in the To line of the email, thus revealing the email addresses to each other. This was in violation of our policies about customer information and customer communications.
In his article, Mr. Leyden asks, “Aren’t you supposed to be experts at this stuff?” to which I can only answer that yes, we are. We are very sorry about this. Mortified might be a better word. We are proud to be held to a higher standard than other companies as The Register says we are, and we are very sorry about this lapse.
First and foremost, we are a company committed to privacy and information security and as such we understand the magnitude of this mistake. We are not only examining the mistake itself, but the root causes of the mistake. We are actively re-examining our training and processes to prevent an incident of this kind from happening again.
To live up to that higher standard, we are setting up a special phone line and e-mail address so that the affected customers can speak to our CEO personally as well. If any of our customers would like to speak to us with their questions, comments, and concerns, please do not hesitate to contact us through our support lines or me personally at jon@pgp.com.
As a company and as individuals, we are committed to safeguarding customer information and we again express our sincere apologies for this unfortunate event.
I hate it when people do it to me. Mostly when it does happen I find the mail is from someone who not only has never heard of bcc but also cannot understand why cc is a privacy problem in the first place. At the end of the day though it’s hardly a career-ender that you have to fall on your sword over.
Joe Harrison
Wednesday, March 25th, 2009 at 1:36 am
When you actively re-examine your processes, please consider hiding all customer data from your “non-techies”, ie marketting and sales departments. They don’t need direct access to a list of customer email addresses in order to send them email.
It’s also prevents the age old problem of staff members taking customer contact data with them when they leave a company to start their own.
Mike
Wednesday, March 25th, 2009 at 1:41 am
First of all, may I say I am impressed with your speedy and honorable response to the matter.
It’s rare indeed that we see such candidness.
Secondly, I would like to say this might be an embarresing incident for yourselves, dashed with more than a little irony, but that I have seen much, much worse gaffes, from organisations and individuals who should have known much better.
At least it was only a harmless marketing email. Anyone got the latest tally from the MOD?
290 email addresses Vs 600,000 peoples passport details, NI numbers, family details, medical records…
Simon
Wednesday, March 25th, 2009 at 8:11 am