I don’t know about you but at home I’m registered with the Telephone Preference Service or TPS. Registration is free and is supposed to stop unsolicited calls. That is the kind of call I haven’t asked for asking me if I want to claim my PPI back etc. Until now its effects appear to have been very limited. Finally the ICO has acted fining Reactiv Media Limited £50,000 for breaches of the Privacy and Electronic Communications Regulations. However, what is also important is that the ICO is working hard to enforce their powers against more companies. Marketers beware!
So the question is – what DO you need to do or know if you are sending out emails or direct marketing to potential clients as part of your business?
Here is a quick and easy guide. Sorry it’s so long but with so much direct marketing these days the ICO guidance is long winded. However, I hope you enjoy the nuggets we’ve pulled out and find them useful!
| The DPA also applies to social networking such as Facebook, although interpretation of how that works is far from clear. However, blanket marketing such as leaflets to an area or adverts on a website are NOT caught by the DPA.
|
| The Data Protection Act 1998 (DPA) and the Privacy and Electronic Communications Regulations 2003 (PECR) both restrict the way any business uses unsolicited direct marketing techniques. Marketing communication is heavily regulated in the EU. |
|
|
Charities and political parties as well as normal businesses are covered by the DPA. The SNP fell foul of the DPA with its automated telephone canvassing a few years ago.
|
To be compliant, consent must be given knowingly, and be clear and specific. In other words potential clients must have a choice of opting in or out; be informed about what they consent to; and the consent must be specific; i.e. not just a generic “I agree to you sending me anything you like!” type of consent. In addition your potential client must be positive about their consent, and you must keep records of their consent. |
The PECR applies more broadly than the DPA and covers electronic communications with anyone, even if the marketer doesn’t know their name.
|
|
| Direct marketing masquerading as market research MAY be caught by the DPA – especially where follow up calls are for the purposes of selling and marketing. Proper market research firms will always screen calls against the TPS. |
|
| It is possible in some circumstances to imply consent. In other words if your customers conduct implies that they consent to further marketing material, then this MAY be OK. If you want further information on what an opt-in / opt out box should say to comply with implied consent then email Kim and we shall send you some wording – no charge. |
|
Marketing calls must be screened against the TPS. This area is highly regulated and special care must be taken when calling the elderly or vulnerable. Marketers need to avoid antisocial hours and redialling of unanswered numbers. Automated dialling can lead to silent calls and these are very unpopular and discouraged by the DPA.
| There are no restrictions on sending marketing material that has been requested by someone. |
|
|
| The TPS can be used by businesses to opt out of unsolicited calls. |
|
|
|
| The DPA allows individuals to tell the sender of material that they don’t want it, i.e. allow them to unsubscribe. It is good practice to acknowledge any such request.
However, the DPA gives the marketer some time to adjust their records and mailing lists – it isn’t instant. |
|
|
Persistently ignoring the TPS and cold calling consumers at home or the standards set under the DPA may expose your business to some serious financial penalties. Enforcement action is also highly likely for those who sell a marketing list without getting consent from the people on that list. |
|
| Inducing company employees to leak customer’s lists, phishing scams and the like are clear breaches of the DPA and can be caught by criminal provisions under the DPA.
Consent doesn’t last forever! There is no absolute cut off but a 5 year old consent is probably out of date as far as the DPA and PECR are concerned – but it depends on the context of the consent. |
|
| The issue of requesting marketing material does not itself permit the further sending of material. So if someone asks for a quote, then further contact about products may be unsolicited mail. Note that even if a customer has opted in to receive marketing, the marketing must be relevant to the quote or subject matter originally requested. So it would be a breach of the PECR to send further material to any individual on offers unconnected to the quote or original inquiry. HARSH BUT TRUE and largely honoured in the breach. |
|
Generating leads from subscriptions offers and elsewhere is covered by the DPA. However, there is an obligation to use the information gathered in a fair and lawful way. If your business uses such a method then your website should contain a privacy policy that contains a notice which clearly explains that the data will be used by the company for marketing.
|
Bought in mailing lists can’t always be used for text, email or automated messages – this is because the PECR are tighter than the DPA as electronic messages are seen as more intrusive by the ICO. Genuine bought in databases should already have obtained consent from customers and the big database suppliers know of their obligations. |
|
|
|
| If you collect callers numbers for future marketing purposes, then you should tell them so and offer them an opt out. |
|
| If you are buying in a database from a broker, make sure that the people on those lists have consented to the type of marketing you will be offering. If you want a list of questions to ask a database provider, then let Kim know and we can provide you with one. If you require further information then the ICO website at www.ico.gov.uk is a great source of advice and help. |
|
|
|
|
Posted by virtuosolegal 
Virtuoso Legal 