Want to book a train ticket? Then we need to know how many children you have…

…at least if you’re UK train operator East Coast.

I thought nothing of booking some train tickets online. I even got a decent deal. I doubt I could have done the journey cheaper in the car. They wanted me to register with the site, but then, most train companies do. They gave you an option to opt-out of email, which I took.

So, you can imagine my surprise when the next day, I got an email from East Coast, which started with “Now that you’re registered with us, we’ll be able to send you exclusive offers by email…

Erm. No, you shouldn’t be…

So, I thought I’d log into the East Coast website and check my communication preferences.

Not only did it show me as being opted in, but in order to untick the box and opt out, you have to complete some mandatory information in the “My account” page, before it will save the preferences and unsubscrive you from their mailshots.

What sort of information is it asking for?

  • My nearest rail station
  • My year of birth
  • How many children I have and how old they are
  • What the purpose of my journeys usually is
  • Who else I buy train tickets from

Now, having to fill this irrelevant information in just to change your preferences and unsubscribe from a mailing list, seems a bit excessive, don’t you think?

Note that you don’t have to give any of this information when ordering the train ticket itself (otherwise I’d have gone to an alternate online ticket seller, if I’d have known), just if you need to change anything in your account.

Yes, it’s very obvious that they are harvesting this information to build market intelligence, but this should not be collected on a mandatory basis.

I also tried the “Unsubscribe” link in the marketing email they sent, however that seems to have no effect on the preferences shown in the account on their website, which still show me as opted in.

Such an attitude to collection and retention of personal data seems a bit cavalier, doesn’t it?

I very sensibly used a + sign and token in the email address I used when signing up with East Coast, which makes the email address they use to reach me unique to them. So if they are seriously cavalier (i.e. stupid enough to sell it on to a third party) then I know whodunnit.

(Another irony is that the input sanity checking in their email contact form won’t accept a + sign token, of course, while their website will as  part of a username.)

It seems East Coast may find themselves foul of the Email Marketing Regulations and the Data Protection Act:

  • Sending marketing email which has not been asked for.
  • An unsubscribe mechanism which appears to be ineffective.
  • Mandatory collection and retention of irrelevant and excessive data.

I had a quick chat with a very helpful person from the ICO helpline yesterday, about how to approach the complaint, they agreed that it didn’t seem right that one had to provide such personal data in order to change one’s email marketing preferences, and told me to conduct all communication with East Coast in writing and keep copies of everything.

I’ve written (yes, snail mail!) directly to a suitably senior bod at East Coast explaining my concerns, and I’ll let you know what I hear.