All paying accounts should receive any polls.

I highly doubt they received many,of these. I suspect they don't really care about the results; they just want to say that they did send out a poll, etc. etc. etc. I recall a very important player poll maybe two or three expansions ago They were supposed to give us those poll results, but we never received those results. I think this was prior to the TLE/other boutique servers.

These polls don't matter and have no effect on their intentions. Don't be conned.

As Mark Twain said "If voting mattered, they wouldn't let us do it"

What happened to them sending out polls in game? I don't check my email accounts very often, but I would have been assured of getting this poll had it been sent via in-game mail as they have done in the past. It may be an annoyance to some to have to delete the poll on their alt characters, but I would rather be assured of getting the poll than worrying about how annoyed I am to have to delete it on each alt. I wonder, however, just how much credit they give to the responses on these polls, since they don't usually seem to ask the right questions or give enough feedback options in them anyways.

The surveys weren't to a random sample of active folks regardless of subscription status. These surveys will go out quarterly and next time to a different group of people.

You are either up early or working the weekend late shift (or early start on new work week). Either way, thanks for the clarification.

Huh?

If the "surveys weren't to a random sample of active folks", then you're saying the surveys were sent to a SPECIFIC group of people? That is, these people were not chose randomly. Someone dipped into the customer database and extracted users meeting a specific criteria.

An example being, sending survey to All players who comment in forums. Where 'players who comment in forums' are the "group of people." Versus sending to a random number of players who comment.

Was that specific criteria generic? Like all people living in the Mountain Time zone. Or privacy invasive? All people using a specific payment type.

Should we presume that the person doing the extraction, has explicit permission to view confidential customer data? And did not pass any confidential data to marketing?

/*
https://www.daybreakgames.com/privacy
"Daybreak Game Company LLC (“Daybreak Games” or “we” or “our”) respects your privacy and is committed to protecting the Personal Information" ... "that you may provide us while using the Services"

"This Privacy Policy and the certification seals shown on our websites confirm that Daybreak Games is a valid licensee and participating member in the ESRB Privacy Certified Program."

http://www.esrb.org/privacy/faq.aspx
"ESRB's mission to help interactive software companies conduct business responsibly while assuring consumers, especially parents, that their and their children's personal information is collected and managed appropriately"

FTC.gov
"Many companies keep sensitive personal information about customers or employees in their files or on their network. Having a sound security plan in place to collect only what you need, keep it safe, and dispose of it securely can help you meet your legal obligations to protect that sensitive data."

Chillax. RadarX's reply was clearly an autocorrect or whatever.... It's not even a correctly formed sentence if you really want to split hairs.

I imagine the original intent was:"The surveys were sent to a random sample of active folks regardless of subscription status." and not some other weirded out conspiracy plan to data mine player's personal information / etc. C'mon.

Are you one of those guys who tells the cashier "hey, there's no price, so it must be free" when you get to the register?

A simple random sample is a subset of a statistical population in which each member of the subset has an equal probability of being chosen. An example of a simple random sample would be the names of 25 employees being chosen out of a hat from a company of 250 employees. [definition from http://www.investopedia.com/terms/s/simple-random-sample.asp ]

Please show me where in the Terms of Service that prevents one department of Daybreak (Marketing) from accessing the records of another department of Daybreak (Finance). I'll wait.

I was up managing an issue early this morning and yes probably shouldn't have been responding.

They were in fact a random sample regardless of subscription status.

You should, yes. If you have not opted in for emails, you will not receive a survey. In terms of "Marketing" we are all Daybreak employees and this process is handled in house.

Let me get this straight... you're objecting to Daybreak Games contacting you through an email address that they only have because you gave it to them as a means to contact you?

Better get back to the yard, that fallout shelter isn't going to dig itself.

I lurk here a lot, but this comment was so priceless I feel compelled to tell you how hard you made me laugh with it.

I'll just add that sending surveys to a random sampling of their customer base is very normal in any business. They do that on purpose so that they can send out MORE surveys over time without their customers getting what is called "survey fatigue" in the research field. You don't need to survey every customer every time to end up with statistically reliable results. For what it's worth, they wouldn't even have to have kept the survey process in house and in fact it's often better if companies don't. If they send it outside of DBG they would just make sure that whoever they hire signs a confidentiality agreement regarding their data.

FTP players are customers too, just because they don't have a sub doesn't mean they aren't supporting the game in some manner.

FTP have just as much opinion on the state of the game as any subscriber does and has just as much opportunity to feedback on random sample polls, as they should.

being a subscriber does not make your feedback any more valid or valuable then a FTP player's, being FTP does not lessen the validity or value of your feedback period.

I may be wrong but I take RadarX's comment to mean that they DID survey FTP as well.

Edit: I fixed the typo/autocorrect in RadarX's post.

yeah i took it the same way, but my point is being a sub doesn't make someone special, sure as a subscriber you get perks but just because we have a subscription doesn't mean they have to send all of us polls all the time.

There's (probably) nothing in the ToS, but the point is data security. Or are you forgetting that poor security, that is people not authorized to access sensitive data, is one of the reasons for data breaches?

Try this:
https://www.pcisecuritystandards.org/

Or this:
https://www.pcicomplianceguide.org/pci-faqs-2/#4

Daybreak is a company that stores credit card data, and is held to PCI. PCI is not government law. This is VISA (other credit card companies) and the BANKS. Daybreak is responsible for security of that data. If ALL of Marketing has EXPLICIT permission to access that data fine. But I doubt that; see PCI requirements. If that's not the case, there are monetary fines. And other penalties.

http://www.focusonpci.com/site/index.php/pci-101/pci-noncompliant-consequences.html

• Suspension of credit card acceptance by a merchant’s credit card account provider
• Loss of reputation with customers, suppliers, and partners

The penalties are not trivial.

https://www.scmagazine.com/retailer...liance-after-breach-sues-visa/article/542261/
"$13 million in fines imposed on it after a 2010 breach"

It's quite normal for departments to access data, where the consumer gives implicit permission for the company to use their data. It's another thing to hand over sensitive credit card data to some random employee. Which is why I'm concerned.

And by the way Feldon, do you understand PCI compliance?

"Noncompliance Fines- The consequences of not being PCI compliant range from $5,000 to $500,000"

For example, PayPal is not a defense.

https://www.pcicomplianceguide.org/my-site-uses-paypal-so-im-not-subject-to-the-pci-dss-right/
"You may have heard that by using PayPal, your business is not subject to the PCI DSS.
The truth is, even accepting PayPal payments requires you to be PCI compliant."

The penalties can be back dated.

I use a PCI service to remain PCI compliant. I suspect Daybreak does the same. As should ALL entities that accept credit cards.

No. I'm the person behind the register, making sure that no unauthorized people access your credit card data.

No I'm not. UNLESS it's based on confidential credit card data. Which is a PCI non-compliance.

Unless you're okay with any random employee accessing your credit card data.

Thank you.

I wanted to make sure no sensitive data was used to generate the survey recipients. As other sloppy and heavily fined (and sometimes bankrupt) companies have done.

And best guess from other friends & associates, is the survey was sent out to people to who pre-ordered KA.

I seriously doubt Daybreak's systems are set up in such a way that the only way employees can see your email address is by accessing unencrypted credit card info...

The two are so completely unrelated in this context.

Well, your best guess is wrong. I received the survey on 2 accounts and did not receive the survey on 2 other accounts, all accounts are paid yearly and will not come up for renewal again until the end of this year. I do not have KA on any of the accounts because I spent those funds to get the renewal subs during the fantastic sale they had.

Usually it's the other way around. Presuming, that is, name-address-etc-email address-other stuff-credit card type, number, expiration, etal.

Daybreak's predecessor:

http://www.zdnet.com/article/sony-encrypted-credit-card-data-but-not-user-account-info/
"Sony's PlayStation Network and Qriocity streaming service: The good news is that your credit card information is encrypted, and Sony says there's no evidence it was taken. The bad news is that your personal data wasn't encrypted"

https://arstechnica.com/tech-policy/2011/06/sony-hacked-yet-again-plaintext-passwords-posted/
Sony hacked yet again, plaintext passwords, e-mails, DOB posted

I am Assuming that Daybreak uses the SOE security scheme, credit card encryption, With Enhancements. To prevent another Sony-type meltdown. BUT it is best to ask. Hence my concern when 'some criteria' is said to be used for data extraction. And the bigger concern that persons unknown are accessing data unknown. I expect a large company to compartmentalize data access. But that's still an assumption.

For example, the type of payment, VISA, Bitcoin, Paypal, is not always encrypted. And that can be considered sensitive data.

There is PCI (2004) because of sloppy handling of credit card data. Back in the day there was no encryption for many systems. Which lead to losses by the credit card companies and banks. You haven't 'lived' until you've been through a PCI audit.

When one is unsure of what is happening, it's best to ask. Regardless of the 'slings and arrows' received.

A simplistic view:


"Insecure networks, applications, and employees are enabling digital pirates to cause billions of dollars of damage"