Quote:
Originally Posted by Hank
Are you saying that they fell foul of PECR but have now sorted it by moving to the IBM UK managed service? Or is your analysis that they are falling foul, even now, with this new set up?
|
Yes - in my analysis of Robs log - they broke PERC Reg 6. They set the following cookies;
btcom.userName = (email address)
btcom.dateVisited = (date of visit)
SMSESSION = (Netegrity site minder encrypted cookie)
.. plus a couple of Java and PHP session cookies.
By setting such cookies without specifying their purpose or allowing a user to refuse storage they broke PERC Reg 6. The Netegrity Siteminder cookie is particularly interesting; I believe it contains encrypted user details and could be intended for 'federated identity management' (ie, allowing you to be identified across a range of sites).
Then they covered it up by scrapping the contact form, and linking to IBM UK bt.custhelp.com instead.
Pete
PS As for their new contact form, if someone wants to make a complaint using the new forms (using the Dephormation logging feature) ... send me a PM and I'll review the results.