Haven't posted much recently, life is too hectic and this forum moves way too quickly. However, I would like to add something to the discussion of the contact page on
www.webwise.bt.com.
I am not a lawyer, but I am a software engineer
.
Over the years, I have worked for many companies that have pages like this on their sites. I have even worked on jobs where I have had to provide these services from one company to another and rebrand them to make them appear as though they are part of another system. For example, company A wants to use company Bs contact us page but brand it as being from company A.
This is what I believe it happening here. BT is using their relationship with Phorm to have them host and rebrand a conatct us type page to gather questions from customers.
Back in the day, forms like this would simply email the data to the approriate address for the company to read and answer. However, this type of form proved open to abuse, allowing people to use it as an open email relay. So these days the data is usually captured and stored somewhere before being sent to the company.
Given that the data is capture on a site hosted on a US server I would assume that the captured data would be stored somewhere on that server. This would be bad.
I assume that the data is being sent via email unencrypted as well. If this is the case then it is also bad.
Maybe I just see the worst in everything, but my experience tells me that all that data you enter on that form is recorded in a database over in the US and then passed back to BT over email. If that is the case then it scares the doo doo out of me.