SpinVox: What to do if you're concerned about your privacy

spinvox_logo1Having witnessed the extent to which humans are involved in transcribing messages for SpinVox, I have become concerned about the privacy of my data and personal communications. Although I’ve now cancelled my SpinVox subscription, I know (because CIO Rob Wheatley told me) that SpinVox, like Google, keeps data – which in SpinVox’s case means recordings of your messages – “for as long as possible”. Based on a quick search of my inbox, I reckon SpinVox are holding recordings of about 250 messages that were left for me between April and July of this year.

But that’s not really the problem. After all, Google knows a lot more about me than that and I’m sure my ISP and the government do too. My concern is that I believe the majority of my messages were listened to by a person I don’t know in another country. That’s the point at which SpinVox may be falling foul of UK and European data regulations, and it’s the weak link in the privacy chain.

Under the Data Protection Act, the Information Commissioner’s Office must be informed of any company that processes personal information. It must also be informed if that information is transferred outside of the EEA.

According to the Guardian, although SpinVox has been through the notification process, the ICO is currently investigating whether the company’s entry on the data protection register “is both accurate and complete, especially with regards to the transfer of personal data outside the EEA”. CEO Christina Domecq insists that it is. James Whatley, writing on SpinVox’s official blog, also denied that SpinVox is in breach of data protection legislation. But it isn’t really for them to decide: that’s the ICO’s job.

Domecq claims that “the vast majority” of calls are “fully automated”. Based on what I saw at SpinVox’s HQ in Buckinghamshire earlier this month, I do not believe that to be true, especially in the case of British English, which is – by their own admission – one of the SpinVox system’s worst-performing languages.

If it’s true that the majority of messages are listened to by humans, and also that SpinVox’s customer base is expanding rapidly, that would explain why the quality of transcriptions appears to have deteriorated dramatically. And that may be why this story is coming out now, points out the Register‘s Andrew Orlowski.

According to a well-placed source of mine, no one has submitted a complaint to the ICO yet. In partial consequence, so far the ICO has been cautious about wading in to the SpinVox affair. But I am troubled by the implications of my personal and business communications being routinely listened in on by strangers. I’ve looked through a few of SpinVox’s transcriptions and some of my messages contain information that is extremely personal. Others contain professionally sensitive information.

So I’ve decided to make a complaint to the ICO. I want the Office to accelerate their investigation into whether SpinVox is being honest enough with its customers about the proportion of messages that are read by humans – and also about how much of those messages are seen by call centre staff. Although SpinVox has claimed that staff never see an entire message, that is not what I saw at their offices.

If you want to make a complaint too, you’ll need to visit the ICO’s website and complete  the Privacy and Electronic Communications Regulations Complaint form. It takes about ten minutes.

You should also write directly to SpinVox’s Data Protection Controller (I’m guessing that’s CIO Rob Wheatley – I’ll ask SpinVox to confirm and update here when they get back to me). You’ll need to send SpinVox a cheque for £10, but they’re then obliged by law to provide you with all the information they hold on you, and they have to do that within 40 days.

Send your cheque and request to:
The Data Protection Controller
SpinVox Ltd.
Wethered House
Pound Lane
Buckinghamshire SL7 2AF
U. K.

If you’ve been living under a rock for the past few weeks, and need to catch up on the SpinVox saga, Rick Wray’s story in yesterday’s Observer was a good summary of everything that the lawyers have allowed out so far, including a mention of the six-page dossier distributed to shareholders recently, alleging financial impropriety at the company.

As we revealed in July, SpinVox recently accepted a £15m cash injection from existing investors (we’re not sure which one(s)). The fresh investment prompted speculation that SpinVox is burning through cash very quickly, and reignited suspicion that rather than being a scaleable, fixed-cost business, as Domecq has always claimed, SpinVox is actually a variable-cost business of questionable scaleability (thanks to large-scale employment of human operators).

There have been numerous stories about staff and suppliers not being paid, or not being paid on time, in the past few weeks. Associated Networks, for example, has shut SpinVox out of two data centres (meaning that if something goes wrong, SpinVox will be unable to go in and fix it), and has been threatening to turn the power off completely. According to Associated Networks’ chairman and CTO Richard Sierakowski, SpinVox currently owes the company around £100,000.

SpinVox’s reaction to the scandals so far has been to claim it is the victim of a smear campaign orchestrated by disgruntled former employees, and to employ PR and lawyers to stamp on the “leaks”.

Much of this paints the picture of a company in trouble. Which is why it is now a pressing matter to safeguard my data before anything else happens.