The Annual Report 2008/9 published by the Information Commissioner’s Office illustrates that email and SMS campaigns still account over a quarter of all complaints. What are marketers still doing wrong? Emily Jones reports on the mistakes that could lead to a renewed focus by the regulator in the future.
Topic: Data Protection
Who: ICO
When: 6 July 2009
Where: United Kingdom
Law stated as at: 27 July 2009
What happened:
The Information Commissioner's Office ("ICO") published its Annual Report for 2008/09 on 6 July 2009. The report summarises ICO's activities over the past year, the way it has informed and ignited debate on privacy issues, as well as providing detailed information on the cases and complaints that it has handled. Of particular interest is the focus on marketing activities as a source of complaints to ICO:
Complaints about marketing communications
As part of the Annual Report, ICO has published statistics on the top 10 reasons for complaining. According to the report complaints about email, automated calls, live phone calls and SMS account for 27% of the complaints it receives.
Direct marketing businesses still have some work to do
ICO has also published a top 10 list of the business areas that are generating the most complaints with direct marketing businesses being the second largest cause for complaints accounting for 14% of complaints. This indicates that the marketing industry still has some work to do in terms of complying with the Data Protection Act and Privacy and Electronic Communications Regulations (the "PEC Regs").
So what are organisations getting wrong?
There are no more details in the report on the exact nature of the complaints but enforcement action by ICO to date give a flavour of the specific reasons why some organisations get into hot water about their marketing methods. For example, the Liberal Democrats were issued with an Enforcement Notice in September 2008 for making automated calls, which constituted direct marketing, to individuals who had previously not been given their consent to receive calls. Weatherseal Holdings was also served with an Enforcement Notice after it failed to comply with undertakings it has given to comply with the PEC Regs relating to unsolicited telephone calls made on behalf of the company to individuals who were registered with the Telephone Preference Service and despite complaints to Weatherseal.
The Advertising Standards Agency has also been, and continues to be, active in this area via the obligations in the CAP Code relating to data protection compliance. Earlier this year, adverts run in the national press by Direct Home Shopping Brands Limited, trading as Kaleidoscope Limited, were held to have breached the CAP Code because they could not get opt-in consent using the wording in their advert.
An overview of electronic marketing rules
The rules for marketing by email, phone or SMS, as well as by fax are set out in the PEC Regs and they essentially (and very briefly) require the following:
• For unsolicited marketing sent to individuals:
– by fax, email or SMS: organisations must get opt-in consent unless it is marketing by email or SMS where what's known as "soft opt-in" consent will be sufficient. This can be used where the email address or mobile number has been fairly and lawfully obtained in the context of a sale or negotiation for similar goods or sevices to those that are being marketed and the recipient is given the opportunity to opt-out free of charge each time they receive a communication.
– by post and phone: permitted unless the individual opts-out
• For marketing sent to corporate recipients:
– by all digital and non-digital methods: permitted unless the recipient has opted-out having been pre-notified about the possibility of receiving marketing materials from the organisation which sends them.
• For marketing using automated call systems prior consent must be obtained whether the calls are directed at individuals or corporate subscribers.
Before marketing to individuals or corporate recipients by fax or telephone, the Telephone Preference Service ("TPS") and Fax Preference Service ("FPS") should be screened to ensure that people on those lists do not receive marketing communications by those means. More detailed guidance for marketers is available on ICO's website.
The new Information Commissioner and increased enforcement action?
The report is especially significant because it is the last report issued by Richard Thomas as Information Commissioner.
Christopher Graham has now taken over having previously been the Director General of the Advertising Standards Agency ("ASA"). If the ASA's past activity levels in bringing enforcement actions for failure to obtain correct of marketing consents are anything to go by, we can expect Mr Graham to encourage his colleagues at ICO to actively enforce against non-compliance with the PEC Regs. A new fee structure for data protection notification also comes into force on 1 October allowing ICO to increase the fees payable by large organisations to £500. This is likely to boost ICO's budget and fund additional enforcement action.
Why this matters:
The Annual Report shows that marketing is a significant problem which is likely to lead to a special focus on this area in 2009/10. With ICO increased income plus a new commissioner at the helm together with the public's higher awareness of their rights, its more important than ever to make sure that your organisation complies with its privacy obligations.