The ICO’s crackdown on nuisance marketers continues this week, with the watchdog writing to more than 1,000 companies believed to play some role in the compiling and trading of lists of names and numbers used by cold callers.
The ICO expects the companies to set out exactly how they comply with the law, including what data they share, how they get people’s consent to share their data, as well as a list of all the companies they’ve worked with in the last six months.
Information Commissioner Christopher Graham said: “We see clear patterns building up and can identify who would benefit from guidance, and who the truly bad actors are. This enables us to execute search warrants, to drag people before the courts, and to issue fines.
“We’ve got three fines lined up for this week, and that’ll bring us to a total of a million pounds worth of penalties in this area over the past four months alone. It’s clear we’re getting the job done.”
Although a remains unclear at this stage exactly which companies will be penalised, a spokesperson for the ICO confirmed that one fine is to a firm that sent more than a million PPI text messages, while the two others are to companies making nuisance calls marketing services to reduce nuisance calls (call blocker systems, being placed on special ‘do not call lists’ etc).
Martin Moran, SVP EMEA at InsideSales.com, is not surprised at the ICO’s action. “Most telemarketers are stuck with outdated call centre software and old-school predictive diallers that burn through huge lists calling multiple lines in hopes of making a live connection, but this technique stopped being effective years ago. The day of the nuisance call is long gone, buyers want a more personalised experience and technology now exists to give them just that.”
The companies being written to have been identified as they are registered with the ICO (as all data controllers must be under law), and their registration indicates they trade or share personal data, some of which may be used for direct marketing purposes.
Details such as how organisations are ensuring they have the proper consent in place to share personal data will inform the regulator’s data protection compliance and enforcement work.
How lists are screened against the telephone preference service, what suppression lists are operated, and the contract terms used when the information is sold will inform compliance and enforcement work under PECR.
Where companies do not respond to its letter, the ICO will look to take action to require the information to be provided. The ICO has the power to issue Information Notices, which legally oblige an organisation to provide information, with the threat of court action if they do not. One such company was prosecuted in October and subsequently fined £2,500.
The letters come in the week after Christopher Graham reiterated his call for powers to oblige companies in the lead generator and list broker sectors to be audited by his office.