Railways – Page 2 – Mike's Twitter Overflow

East Coast data hoovering – an update

Before you get too excited, I’ve not heard anything back from the powers that be at UK railway operator East Coast about the data protection concerns I have after booking tickets online. It’s only been a week. Let’s give them some time…

However, I did make the train journey whose booking let me to be concerned about the excessive and irrelevant data they were collecting, which could only be stored for one reason, and that is to improve their market intelligence.

During the journey, I used the on-train wifi, for which it requires you to “register”, and asks you provide another stream of compulsory personal information. While they didn’t want to know my inside leg measurement this time, again they want to know who I am, where I live, what’s my nearest station, and what is my reason for travelling, again as “mandatory” responses, before allowing you to use the on-train wifi service.

I don’t understand how your nearest station, or why you’re travelling, are relevant to allowing you to access the on-train internet access service. Of course, I didn’t actually put any genuine details in this contact form.

This wifi registration page also presents the “opt-in” for marketing email as already ticked – so if you don’t notice and don’t untick the box, you’re opted in to their email marketing. While it complies with the letter of the law, it doesn’t really feel to be in the spirit of the law.

What’s your perception of East Coast’s data collection and retention policies based on what you’ve read?

Want to book a train ticket? Then we need to know how many children you have…

…at least if you’re UK train operator East Coast.

I thought nothing of booking some train tickets online. I even got a decent deal. I doubt I could have done the journey cheaper in the car. They wanted me to register with the site, but then, most train companies do. They gave you an option to opt-out of email, which I took.

So, you can imagine my surprise when the next day, I got an email from East Coast, which started with “Now that you’re registered with us, we’ll be able to send you exclusive offers by email…”

Erm. No, you shouldn’t be…

So, I thought I’d log into the East Coast website and check my communication preferences.

Not only did it show me as being opted in, but in order to untick the box and opt out, you have to complete some mandatory information in the “My account” page, before it will save the preferences and unsubscrive you from their mailshots.

What sort of information is it asking for?

My nearest rail station
My year of birth
How many children I have and how old they are
What the purpose of my journeys usually is
Who else I buy train tickets from

Now, having to fill this irrelevant information in just to change your preferences and unsubscribe from a mailing list, seems a bit excessive, don’t you think?

Note that you don’t have to give any of this information when ordering the train ticket itself (otherwise I’d have gone to an alternate online ticket seller, if I’d have known), just if you need to change anything in your account.

Yes, it’s very obvious that they are harvesting this information to build market intelligence, but this should not be collected on a mandatory basis.

I also tried the “Unsubscribe” link in the marketing email they sent, however that seems to have no effect on the preferences shown in the account on their website, which still show me as opted in.

Such an attitude to collection and retention of personal data seems a bit cavalier, doesn’t it?

I very sensibly used a + sign and token in the email address I used when signing up with East Coast, which makes the email address they use to reach me unique to them. So if they are seriously cavalier (i.e. stupid enough to sell it on to a third party) then I know whodunnit.

(Another irony is that the input sanity checking in their email contact form won’t accept a + sign token, of course, while their website will as part of a username.)

It seems East Coast may find themselves foul of the Email Marketing Regulations and the Data Protection Act:

Sending marketing email which has not been asked for.
An unsubscribe mechanism which appears to be ineffective.
Mandatory collection and retention of irrelevant and excessive data.

I had a quick chat with a very helpful person from the ICO helpline yesterday, about how to approach the complaint, they agreed that it didn’t seem right that one had to provide such personal data in order to change one’s email marketing preferences, and told me to conduct all communication with East Coast in writing and keep copies of everything.

I’ve written (yes, snail mail!) directly to a suitably senior bod at East Coast explaining my concerns, and I’ll let you know what I hear.

Detrain or not detrain? That is the question…

Those of you who live in London and the South East likely saw the chaos that was caused by a bungled cable theft to South West Trains commuter services yesterday.

After over three hours stuck going nowhere, and with little or no information about how longer they would be involuntarily detained on the train, a number of passengers on a train within walking distance of a station decided to self evacuate, seeing as the railway appeared, at least from their point of view, to be making no attempt to help them.

Evacuating a train to track level is not a decision which is taken lightly. It’s no easy task, regardless of whether passengers are able to sit at step level and drop down, or come down an evacuation ladder. It’s still a long way down for most folk, a slow process, and once you’re on the floor, there’s lots to trip over and fall on. Oh, and in this case, add in a high voltage electric rail, just to build the excitement.

Like the initial attempted cable robbery, the response from the railway operator seemed to be bungled too. From detaining people for excessively long periods, to the local Plods threatening to arrest and prosecute those who self-evacuated for trespass, adding to their distress, the whole thing seemed to be a mess of confusion and frustration.

(SWT have since decided that although the original cause for the problem was vandalism, they do want to compensate delayed passengers.)

The basic fact is that there doesn’t seem to be a best practice for rail staff which says, “Okay, you’ve been trying for too long, you should give up trying to move this train (or trains), and now make it safe to detrain these people to track level and walk them in.”

Right now, local staff (the driver, the station staff) can’t make that decision, unless it’s more dangerous to be on the train (i.e. it’s well alight). They need the decision to come from on high.

The decision is fractured – between the train operator, Network Rail, and the BTP. In itself it’s a problem, you’ve got to stop all other trains in the area of the train you’re evacuating (though this seemed to have largely been done for them on this occasion!). It’s also a last resort. It’s admitting defeat.

People faced with a failure situation will always want to “try one last thing”, usually several times, before saying “Okay, there’s no more we can do” and stopping. It’s human nature. Who we are and what we do. The best thing to do is give these folk some guidelines, to help them make the decision to throw the towel in, and to show them that it’s not wrong when they finally do.

There needs to be some best practice for dealing with stranded passenger trains. There needs to be some timelimit recommended, which is longer than an hour, and less than three, upon which the white flag is raised and passengers are evacuated.

Then the folk in charge can actually make a decision, with the confidence they aren’t getting fired tomorrow.