Coyote Blog

I have been reading all the articles (and the storm of emails in my inbox) on European GDPR privacy rules implementation with some dispassion.  After all, it does not affect me, right?  I run a camping business all in the US.  But then I got to thinking about it and realized that I had three avenues of exposure  -- my blogs, my jobs mailing list, and my company web site.  I will preface this by saying that I am no expert and I am not really hugely at-risk, but perhaps this will be useful to someone.  More importantly, if you ARE an expert and see something I am screwing up please email me!

The blog exposure strikes me as pretty narrow, particularly since we do not serve up advertisements (except in the comments via Disqus) and do not have a mailing list.  I don't store or have access to any user data (though I wonder if server logs count?) so I assess my main liability as secondary if Disqus screws up something.  I have been reading Disqus's updates and I would evaluate them as working on it but not done.  I suppose if the EU wants to come after me for "up to 4%" of this site's revenue they are welcome to do so.  Sort of like when I was unemployed being told to spend 2 months salary on my wife's engagement ring  (which in fact I did exactly, since it was my mom's ring given to me as a gift for the purpose).

Similarly, I think my liability surrounding the mailing list we maintain for job openings is pretty limited.  First, it would shock me if more than 0.0001% of the people on that list are in Europe, since I can't really legally hire Europeans in most cases and it is unlikely they will drive their RV over here to work in a campground.  More importantly, all the names are there through what I would call extreme opt-in -- they have to click on a special link and go sign up on a dedicated page just to join the mailing list.  The email provider is Constant Contact so again my liability is likely limited to whether they screw anything up in their compliance, but this is probably unlikely in my case.  Again there is no advertising and all people on the list ever get are notifications of new job openings and links where to apply.

Which brings me to our business web site.  There is no log-in or user information entered or advertising on our web site, so we are mostly fine.  With one large exception -- we have our own reservations site that gathers and stores customer reservation information.  Eek!  That sounds like it could be a problem.  The most dangerous piece of data we could potentially have in our hands is a credit card number, which is why our system was set up so our company never has the credit card number in our possession.  Customers are passed over to Stripe (highly recommended company, by the way) who handle all that dangerous stuff on their servers, and just pass us back a confirmation.  But we do have customer name, address, email, and camping stay dates on our server.  Maybe we are compliant already -- we treat that stuff with a lot of care.  Maybe we are not.  But since we really don't get any reservations at all from Europe, it was easier just to go black there, so right now my software guy is working on blocking traffic from European IP addresses.

Postscript:  On some of my posts, people write me and ask, "Why did you even bother to publish that."  And my answer is that I often write to think, so it may be that it is only for my own benefit.  My software guy is a reader of this blog and was probably laughing as he read this post because I stopped a couple times in writing it to fire off new questions or requests to him.

Update:  Hah, what timing!   This just appeared on my blog when I scrolled down to the comments so I guess Disqus must indeed be working on this.

To:  David DeWitt (Press Secretary)

I am always happy to see more libertarian candidates in our Congressional races, but in the year 2010 I just don't think there is an excuse for sending out a mass email for anything other than Viagra without an "unsubscribe" link. This is particularly true given that your campaign must be harvesting email addresses from a variety of sources rather than using an opt-in system, since up until today I had never even heard of Travis Irvine nor do I live in Ohio.  There are many services that provide automated mailings that take care of all the list management and unsubscribe mechanics.  Constant Contact has a very nice service.

Since your candidate is a libertarian and, I assume, familiar with the concept of rational self-interest, I will put my suggestion in those terms.  Without an "unsubscribe" link, I am forced to hit the "report spam" button in Gmail.  If enough people do the same, there is a good chance your candidate's email will not be getting through to anyone's email box, even those who are interested.

My brother-in-law's book, "The Constant Contact Guide to Email Marketing," is doing quite well on Amazon.   After the early spam-crazy days, email marketing has really had to rebuild itself from the ground up.  I am a big believer in it, and can highly recommend his company Constant Contact as a email service.  I have several accounts and have set most of the non-profits I work with on it.  In his book, Eric discusses email marketing in the context of both customer acquisition and loyalty.  With Google clicks going for $2 or more, email remains a great value if done right.

It was fun to see my brother-in-law's company mentioned in the local paper today.  It was even funnier to see that the newspaper-run web site that screwed up the link to my wife's handbag site did the same with his site.

Eric, my brother-in-law, is the SVP of Sales at email marketing firm Constant Contact.  A while back I was half-convinced that email marketing, at least for quality companies, would die under the spam deluge.  It turns out that this is not the case.  There are many companies and organizations engaging his firm to manage their member communications and customer mailing lists.  I know that there are now several companies I do business with that I have white-listed in my spam filter in order to see their special offers and such (for example, 1-800-contacts does a good job of emailing me right about when I need to reorder, and I always like seeing who is coming to town in the Ticketmaster email).