Without much further ado, herewith a template that you can use to send some demands to companies that sell your private information to spammers.

Dear Member1, Member2, Accounting Officer,

I have been receiving a number of unsolicited, spam, messages from various South African businesses over the past couple of months. I have been responding to these messages with the following communication:

Please remove me from your ALL of you mailing lists with immediate effect (including and not limited to any or all information you have about me). I categorically state that I have never requested any emails from XXX never heard of them and have never given permission for XXX to contact me.

In this regard, I refer to the ECT Act of 2002:

Electronic Communications and Transactions Act. 2002

Chapter VII – Consumer Protection

45. Unsolicited goods, services or communications

(Section 45 of the ECT Act)

1) Any person who sends unsolicited commercial communications

to consumers, must provide the consumer

a) with the option to cancel his or her subscription to the

mailing list of that person; and

b) with the identifying particulars of the source from which

that person obtained the consumer’s personal information, on request

of the consumer.

As such, in terms of section 45(1)(b), I would like to formally request the source from which my details was obtained. The full act can be obtained here: http://www.acts.co.za/ect_act/index.htm.

Failure to provide me with such information in terms of the Electronic Communications and Transactions Act, is an offense punishable by a fine or imprisonment of up to 12 months, as per the act (section 45(4) read with section 89(1)), and will be reported to the South African Police Service as such.

Sincerely,

YOUR NAME

By way of this, I have now determined that you are the source of my personal details being distributed, in fact selling it for gain. In this regard, I would like to start off this interaction with demanding that you remove all and any of my email addresses and other contact detail you hold about me from your databases.

Going further, I hereby formally request, where you obtained my personal information, as per the Electronic Communications and Transactions Act. I confirm that I make this request from you as the principal member of XXX CC, with XXX CC’d in as the registered accounting officer of the said CC.

In this regard I would like to confirm that sections 332(2) and 332(5) of the Criminal Procedure Act reads as follows: “In any prosecution against a corporate body, a director or servant of that corporate body shall be cited, as representative of that corporate body, as the offender, and thereupon the person so cited may, as such representative, be dealt with as if he were the person accused of having committed the offence in question:” and “When an offence has been committed, whether by the performance of any act or by the failure to perform any act, for which any corporate body is or was liable to prosecution, any person who was, at the time of the commission of the offence, a director or servant of the corporate body shall be deemed to be guilty of the said offence, unless it is proved that he did not take part in the commission of the offence and that he could not have prevented it, and shall be liable to prosecution therefor, either jointly with the corporate body or apart therefrom, and shall on conviction be personally liable to punishment therefor.”

I have confirmed your contact details and the fact that you receive your emails this specific email address and as such I infer that you will receive my email timeously. As such, I am looking forward to your positive response hereto by close of business on DATE A WEEK FROM NOW, which I would submit is more than reasonable in light of your regular access to your email. Failing the aforesaid, it is my sincere intention to lay a criminal complaint against OFFENDING CC, citing you as the responsible member of the CC, as per the registration held at CIPRO (see below). I trust that we will be able to address this issue amicably and that the aforesaid would not be necessary.

I earnestly await your further response.

Sincerely,

YOUR NAME

If you get no response from the contact-selling-co, you should be well positioned to lay a criminal complaint against the members of the CC (or, directors of the company). It might be prudent to send a copy of your email to the company’s registered address by registered post (courts love registered post, especially more so than email at least), maybe even a copy to the acounting officer’s address (again using registered post). This you can also give to the police to help them, together with all the research on where to find the offenders.

I would love to hear from any readers who had success with this approach… Hopefully the new up and coming Protection of Personal Information Bill (soon to be an Act) will protect consumers even more. Once the Bill has been promulgated into an Act, I will look update the templates. Until such time, Good luck in fighting the good fight!

Maybe you are so lucky to receive a reply from a spammer, telling you where they got your contact details from and it seems as if your details where bought from a provider. What now?

First, you need to do some homework.

You will have to get the information of the company – most probably your information is sold by a Close Corporation or (Pty) Ltd company. This you can do on the Cipro website, either from the company’s registration number (most effective, so try and get this from the spamming company), or the company’s name.  To get hold of the director/member’s details, you have to search for the company  by searching with the CC/Co’s registration number (look on the left hand side of the screen). For a R30 fee, you can get all the spam-list-selling company’s contat details, registered offices, registered members/directors (with ID numbers), etc.

Your research is not yet over – try and get as much information as possible about the offending contact-selling-co. From the details that you get from Cipro, you can get hold of the accounting officer’s contact details by contacting the accounting officer’s professional body (for example, SAICA or SAIPA: a written request for the contact details is normally sufficient to get hold of the info).

Other good sources for information is to do credit checks on the members of the CC (remember, you got the ID number of the members/directors from Cipro), where you should be able to find most of the members/director’s contact details such as telephone numbers or addresses.

Don’t forget to try avenues such as google, facebook and linkedin to find more information about the people behind the contact-selling-co. Contact-selling-co’s will have to somehow be available online for people to find them, otherwise they won’t have much business.

A honeypot set up specifically to draw the contact-selling-co in to divulge some information might also be a good avenue to gain more insight in to the workings of the company (and probably some more contact information too).

Next up: a template to send to the contact-selling-co…

The amount of spam from South African companies seem to be getting more and more… br!ghtshark has been starting to reply to these spam messages, using the following template (developed in conjunction with johannschwella):

Dear XXX, [The name of the person can be found via the domain name records, doing a google search or by visiting the company's website]

Thank you so much for the free spam email advertising your business “business name” (email below).

Please remove me from your ALL of you mailing lists with immediate effect (including and not limited to any or all information you have about me). I categorically state that I have never requested any emails from XXX never heard of them and have never given permission for XXX to contact me.

In this regard, I refer to the ECT Act of 2002:Electronic Communications and Transactions Act. 2002

Chapter VII – Consumer Protection

45. Unsolicited goods, services or communications

(Section 45 of the ECT Act)

1) Any person who sends unsolicited commercial communications

to consumers, must provide the consumer

a) with the option to cancel his or her subscription to the

mailing list of that person; and

b) with the identifying particulars of the source from which

that person obtained the consumer’s personal information, on request

of the consumer.

As such, in terms of section 45(1)(b), I would like to formally request the source from which my details was obtained. The full act can be obtained here: http://www.acts.co.za/ect_act/index.htm.

Failure to provide me with such information in terms of the Electronic Communications and Transactions Act, is an offense punishable by a fine or imprisonment of up to 12 months, as per the act (section 45(4) read with section 89(1)), and will be reported to the South African Police Service as such.

Sincerely,

YOUR NAME HERE

For good measure, also find the email’s message information by right clicking on the email in your Outlook inbox, selecting “Message Options” and then copying the Internet Headers section of the message. In these headers you will also many a time find a section with “X-AntiAbuse:” where you will find details of where to report the spam to as well – most service providors will blacklist a subscriber which repeatedly receive such complaints. Paste a copy of the entire message header in to your reply to the company and CC the anti-abuse contact email to the mail as well. If the email was sent using a recognised email providor such as hotmail, gmail, webmail, etc, you can assume that the abuse email address is “abuse@” (ie, abuse@hotmail.com, abuse@webmail.co.za, abuse@gmail.com, abuse@yahoo.com, etc – you get the picture).

Most spammers won’t reply, but sometimes you will receive replys of confirmation that your address has been removed from their database. Sometimes you will be so lucky as to receive a reply from a company, telling you where they got your contact details from. If this happens to you, have a look at my other “Spam Busting” post.

A what?

What is a torrent you may ask? A Torrent is basically a bookmark of files kept all over the internet and on users’ computers across the internet. Torrent sites collect these bookmarks and make them available so that other users can load the bookmark and automatically pull bits and bobs of the same file from all across the internet – with the resulting file being a perfect copy of the original file.

So what?

RiSA issued so-called take-down notices on a number of internet service providers in SA where a number of Torrent sites were hosted. A take-down notice is an American invention, now entrenched in the South African Electronic Communications and Transactions Act, whereby ISP’s can escape liability from third parties (copyright owners for example) if it responded on a take-down notice (in which a copyright owner will claim its copyright) whilst the facts surrounding the copyright are investigated and proved.

According the RiSA the South African Torrent sites infringed on its members’ copyright and are piracy-centric sites. After the take-down notices were served on the ISP’s (via the ISP Association_, the sites were closed down – to the great chagrin of the local online community.

To the rescue

A local lawyer jumped in on the behalf of the Torrent sites (pro bono) and made some very interesting legal points about the take-down notices and RiSA’s actions:

1. The sites do not actually host any copyrighted material – this is hosted by the user on the other side of the “bookmark” and downloaded by the person using the “bookmark”.

2. RiSA does not have the necessary locus standi (legal standing) to issue the take-down notices, since in terms of the South African Copyright Act, only the copyright owners themselves would be able to institute legal proceedings for the infringements.

3. In terms of the SA’n constitution everyone has a right to be heard in court (access to the courts) and by merely taking down the sites, the ISP’s might have acted unconstitutionally by not allowing the Torrent sites to state their side of the story.

We take your point

The lawyer also warned of civil claims against the ISP’s and RiSA for the infringements. All-in-all, these points made the ISP’s and RiSA sit up and listen, whom have now offered to sit down with the Torrent sites and negotiate. RiSA has also indicated that whilst the issues are being ironed out, that they will not send out any more take-down notices.

It seems as if Absa is really trying their utmost best to irritate people. I have received two spam emails from Absa today, one from Absa Platinum and one from “Absa Investment Advantage”, this after I have tried to contact Absa in order to request them to remove my name from their marketing lists.

To date, I have sent 3 requests to Absa (see below), without even the common decency of a reply from either Dick Gardner (from Customer Care) or George Willenburg (branch manager at the Heerengracht Branch).  It seems that the only way to actually receive a response from Absa is to log a complaint on hellopeter.com.

What really worries me is that my private and personal data has been shared with third parties such as “Okeeffe & Swarts”, ContactNow and eList.

In terms of the Electronic Communications and Transactions Act (sec 51), the sharing of my electronic data is illegal. I pointed this out to Gardner and Willenburg – without a reply.

I am really looking forward to the implementation of the new Consumer Protection Bill, since it is envisaged that an Exclusion Register will be kept where a consumer will be able to list their desire not to be contacted by a certain company. I predict that Absa will be having huge problems in implementing this since it is obvious that the left hand does not realise what the right hand is doing – evident in the fact that Absa is bandying their customers’ personal information around to so many third party providers.

Email correspondence:

“

from [.h] to georgewil@absa.co.za cc iansm@absa.co.za, dickg@absa.co.za date 27 May 2008 12:05 subject Re: FW: 20 + years customer . mailed-by brightshark.co.za

hide details 12:05 (41 minutes ago)

Reply

Dear George, Dick & Ian,

As luck would have it – on top of the Absa Platinum email today, I received yet another unsolicited email from Absa for the product “Investment Advantage”.

I will forward this to you too in due course.

Would somebody now please get back to me to get my name removed from all mass-marketing lists of Absa?

Sincerely,
[.h]

2008/5/27 [.h]- Hide quoted text -
Dear George/Dick/Ian,

Should I be surprised that

(1) I have not had the courtesy of a reply from any of you in relation to my previous TWO emails (the first sent more than a month ago)

and

(2) I have today yet again received marketing communication from Absa (have forwarded the communication to you).

I am speechless.

Sincerely,
[.h]

2008/5/16 [.h]
Dear Sirs,

As bitterly disappointed George was in losing a client, as bitterly disappointed I am for not receiving a single reply to my email below.

It seems the only way to get a response from Absa is to basically post a complaint on hellopeter?

I now look forward to any response to my email hereinbelow.

Sincerely,
[.h]

2008/4/25 [.h]:
Dear George,

Thank you for all your efforts.

What still perplexes me is that I, yet again, received a call from a “consultant at Absa”, trying to sell me insurance today? The call was received at 11:59 on my number XXX. The person who called me was Tyrone Oliver, calling from “Absa Finances Division” in “Johannesburg”. After questioning him, I found out that his employer was “Okeeffe & Swarts”, whoever that may be. Subsequent to asking him questions he claimed I was “breaking up” and hung up on me.

Now, yet again, I fully appreciate that you are not in control of everything which Absa does, but I am deeply worried in my personal information being bandied about to sales agents and externel service providors, with whom I’ve had no relationship.

Can you perhaps direct me as to who I should address my issues to in this regard? I would like to formally give notice to Absa, in terms of section 51 of the Electronic Communications and Transactions Act, that I no longer wish to be contacted by Absa or any of Absa’s third party providers to sell me goods or services.

Section 51 of the Electronic Communications and Transactions Act states as follows:

”

1)        A data controller must have the express written permission of the data subject for the collection, collation, processing or disclosure of any personal information on that data subject unless he or she is permitted or required to do so by law.

2)        A data controller may not electronically request, collect, collate, process or store personal information on a data subject which is not necessary for the lawful purpose for which the personal information is required.

3)        The data controller must disclose in writing to the data subject the specific purpose for which any personal information is being requested, collected, collated, processed or stored.

4)        The data controller may not use the personal information for any other purpose than the disclosed purpose without the express written permission of the data subject, unless he or she is permitted or required to do so by law.

5)        The data controller must, for as long as the personal information is used and for a period of at (cast one year thereafter, keep a record of the personal information and the specific purpose for which the personal information was collected.

6)        A data controller may not disclose any of the personal information held by it to a third party, unless required or permitted by law or specifically authorised to do so in writing by the data subject.

7)        The data controller must, for as long as the personal information is used and for a period of at least one year thereafter, keep a record of any third party to whom the personal information was disclosed and of the date on which and the purpose for which it was disclosed.

        The data controller must delete or destroy all personal information which has become obsolete.

9)        A party controlling personal information may use that personal information to compile profiles for statistical purposes and may freely trade with such profiles and statistical data, as long as the profiles or statistical data cannot be linked to any specific data subject by a third party.

”

I would also like to draw your attention to subsections 6 and 8 (highlighted for your ease of reference).

Lastly I would like to be informed to whom by data has been distributed and would like to receive confirmation that my personal data has now in fact been removed from all potential sales list.

I look forward to your (and/or Dick Gardner’s) formal response hereto (as well as to the outcome in due course of your investigation as referred to in your email of the 21st instant).

Thanking you in anticipation.

Kind regards,
[.h]

“