The Information Commissioner’s Office (ICO) has written to more than 1000 companies involved in buying and selling people’s names and numbers as part of its crackdown on nuisance calls and unlawful distance marketing.
The investigation into these companies is as a result of over 180,000 complaints a year from consumers who report nuisance calls.
The companies that are being investigated are all registered as data controllers with the Information Commissioner’s Office and since they have indicated that they trade or share personal data the ICO will be auditing how these companies comply with data protection laws, what data they share, how they obtain individuals consent to data processing as well as a list of all of the companies that have received marketing databases.
Whilst the investigation is seeking to identify rogue data traders the impact could spread much wider since businesses that buy in marketing lists from third party companies may well be as equally liable for nuisance calls or unlawful use of personal data if the databases that they have purchased are unlawful by default.
The existence of the ICO’s investigation should be a wakeup call to all data controllers that they need to ensure that any personal data that they are processing and in particular sharing with third parties is done so in accordance with the Data Protection Act 1998 and the e-privacy regulations.