Recently we have seen a fair number of problems arise from the misuse of data. One former chief privacy officer shows you how to avoid making some hefty business-critical mistakes.

Peter is a salesman who has recently moved companies. One day, he's discussing how to target potential customers with his new boss but finds out that the rules have changed. 'You mean I can't use this prospect list I used to use at ACME Widgets now I've joined you at The Great Big Corporation? How do you expect me to make my numbers? '

His boss says, 'I wish we could, Peter, but it's illegal. We'll get complaints. We'll get the U.K. Information Commissioner trampling all over us. He could even stop us working. And even if that doesn't happen, the bad publicity could hurt us. You're going to have to make your numbers properly, professionally and legally.'

Defiantly, Peter decides against the advice. 'I think I’ll use it anyway,' he states.

So what's the problem with using data in this way?
You know, the only thing that was unusual in that conversation was Peter's manager telling him not to use the list. It's still common to join a new company with your old contact lists. It's still common practice to call people on those lists. And actually it never was legal. It's just doubly illegal now! The list belongs to ACME Widgets, not to Peter. So Peter's stolen the list. That is theft.

So, if The Great Big Corporation uses the list, even if Peter as their newest salesman uses it without their knowledge, they're receiving stolen goods, and they're also breaking the Data Protection Act 1998's first principle -- the one about fair and lawful processing. Apart from any serious concerns about the fairness of using the data, it was not obtained lawfully and so therefore may not be used.

'But no one will find out' is always one of the most common misconceptions.
You see, I'm on Peter's prospect list. And when Peter calls me from his new job I'll notice that he has a new job. It's not that I think Peter's 'important' enough to remember. It's just that he stepped round me to try to make a sale. I remember stuff like that. I resent it. And I’m going to get some revenge.

So what about business cards?
'Thanks for the card. See you next month! ' We all get business cards. We all add them to our lists. Andrew's sales call didn't lead to an order. It was a new business walk in. He was really happy to get to see James, the new buyer at Boothroyds. As he left he was thinking about his campaign. First of all, James was going to be added to the marketing database so he could get all the newsletters and promotions.

And that's the part Andrew got wrong. James handed Andrew his card. They swapped cards in the usual ritual exchange of pasteboard. But Andrew never asked James what he could use his data for. And James wasn't expecting the email newsletter blast the next day. James didn't bother with the Information Commissioner. He could have, but he didn't. James decided it was spam and complained to one of the vigilante bodies that blacklist the Internet addresses of people who send spam. His complaint, along with those of four or five other people, was enough to get Andrew's employer blacklisted for email.

The upshot? Henbane, Andrew's employer, failed to get a major proposal through by email to their largest customer. Henbane made a loss that quarter.

What should Andrew have done? It's quite simple: 'Thanks, James. We have a regular marketing newsletter that goes out by email on Thursdays. I may be in time to get you on the list before tomorrow's letter. Would you like me to do that for you?'

Permission turns unsolicited emails, spam emails, into ones people want. And Henbane's emailed proposal would have got through.

'Hi, Bob. Listen, I forgot to ask when we met. May I make sure you get newsletters and other stuff from us? They come out by email, maybe every ten days or so?'

Not hard. Actually easier even to ask than 'Who else should I be talking to?' Come to that, it seems to be much easier than actually asking for the order.

If Bob agrees to this -- and who could refuse such a pleasant request? -- then our man just has to tick a couple of boxes on the database. He ticks 'newsletters' and he ticks 'stuff'. Well, OK, stuff may well be broken down into smaller stuff, but you get the picture. And this professional introduction means that Scranjits Incorporated can include Bob in its closed loop marketing scheme.

Scranjits has a policy that its entire team, not just its sales team, asks questions like this when they get a business card. And that policy has kept them safe from harm, not just from the various European Data Protection authorities, but also from the Internet vigilante 'spam police' groups -- those groups who blacklist the Internet addresses that 'support spammers.'

What it comes down to is careful best practice.
1. Use data fairly and lawfully. Never use data from a less than ethical source. Obey policies that bind you and your colleagues to keep to the law of the land. Ask permission. Never override a refusal.

2. When there is a problem or a complaint, turn at once to your chief privacy officer, and tell the person who complains that you are doing so.

Get it wrong and bad things can and often will happen!
1. Your customers and prospects more often than not know their rights. Trample on them and they will never buy from you again. Really upset someone, or just hit someone on a bad day, and they will complain to the authorities about you and your company. This is personal. It's the criminal law and your neck is likely to be on the line. And be fair. You honestly don't want to go to jail!

2. Get this right and nothing will get in your way. Get it wrong and you will probably get your company's name and brands crucified on the Internet. And, since we all do a Google search before we meet the salesman, if we find nasty things about your company we may just not bother to meet you. Take it personally. This is your livelihood we are talking about!

Tim Trent is an independent consultant. You can read his blog here.