On Friday, we received the following email, purporting to be asking about GDPR
policies for our property The Internet Patrol:
From: tomhar...@yosemitemail.com:
Subject: Questions About GDPR Data Access Process for theinternetpatrol.com
To Whom It May Concern:
My name is Tom Harris, and I am a resident of Sacramento, California. I have a
few questions about your process for responding to General Data Protection
Regulation (GDPR) data access requests:
• Would you process a GDPR data access request from me even though I am
not a resident of the European Union?
• Do you process GDPR data access requests via email, a website, or
telephone? If via a website, what is the URL I should go to?
• What personal information do I have to submit for you to verify and
process a GDPR data access request?
• What information do you provide in response to a GDPR data access
request?
To be clear, I am not submitting a data access request at this time. My
questions are about your process for when I do submit a request.
Thank you in advance for your answers to these questions. If there is a better
contact for processing GDPR requests regarding theinternetpatrol.com, I kindly
ask that you forward my request to them.
I look forward to your reply without undue delay and at most within one month
of this email, as required by Article 12 of GDPR.
Sincerely,
Tom Harris
---
Now, when I saw it, my spidey sense tingled a bit (referring to the property as
a URL, a US-based individual asking about GDPR with a US-based outlet, etc.).
And the from domain seemed..interesting. (Created in March of 2020.) Nothing
seemed *obviously* off, so we responded politely.
The next day, we got *this* email:
From: kurtmayf...@potomacmail.com
Subject: Questions About CCPA Data Access Process for theinternetpatrol.com
To Whom It May Concern:
My name is Kurt Mayfair, and I am a resident of Norfolk, Virginia. I have a few
questions about your process for responding to California Consumer Privacy Act
(CCPA) data access requests:
• Would you process a CCPA data access request from me even though I am
not a resident of California?
• Do you process CCPA data access requests via email, a website, or
telephone? If via a website, what is the URL I should go to?
• What personal information do I have to submit for you to verify and
process a CCPA data access request?
• What information do you provide in response to a CCPA data access
request?
To be clear, I am not submitting a data access request at this time. My
questions are about your process for when I do submit a request.
Thank you in advance for your answers to these questions. If there is a better
contact for processing CCPA requests regarding theinternetpatrol.com, I kindly
ask that you forward my request to them.
I look forward to your reply without undue delay and at most within 45 days of
this email, as required by Section 1798.130 of the California Civil Code.
Sincerely,
Kurt Mayfair
---
potomocmail.com having identical creation/registration details as
yosemitemail.com
Both being sent out through Amazon SES, so nothing much useful in the headers
that I could see. NO links, no anything other than what's in the above email.
We're trying to figure out just what exactly the scam is...anybody have any
thoughts? Anybody else seeing this?
Anne
--
Anne P. Mitchell, Attorney at Law
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Board of Directors, Denver Internet Exchange
Chair Emeritus, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
