What does this cover?
The ICO has released a news report revealing that it planned to write to over 1,000 companies regarding the sale of personal details as part of the ICO's continuing investigation and "crackdown" of nuisance call companies. The letter will request details of how the companies intend to comply with data protection and anti-nuisance call legislation.
The ICO state that "Where companies do not respond to our letter, the ICO will look to take action to require the information to be provided. The ICO has the power to issue Information Notices, which legally oblige an organisation to provide us with information, with the threat of court action if they do not. One such company was prosecuted in October, and the courts fined them £2,500."
In a related ICO blog published on 27 November 2015, titled "Why companies need to think before making marketing calls", Adam Smith (ICO team manager) revealed that "We’ve [the ICO have] issued £250,000 of fines this week, all to companies that appeared to have no interest in following the law".
To assist companies to 'get it right' the ICO have launched a video which aims to give clear advice which should help companies considering embarking upon marketing activity to stay on the right side of the law. Alternatively, companies could view the ICO's "Direct Marketing Guidance".
Christopher Graham, Information Commissioner, reports that "We already know a lot about this sector. We know that it prompts 180,000 complaints a year from consumers, who take the time to report to us the calls they’re getting…That information has helped us to make some big breakthroughs in the nuisance calls business, alongside the intelligence we build up from elsewhere, from whistleblowers for instance, or from the network providers".
Please see the ICO Monetary Penalties section at the end of this alerter for two fines imposed this month.
To view the ICO's announcement, please click here.
To view the ICO blog on market calls, please click here.
What action could be taken to manage risks that may arise from this development?
Financial services companies should continue to ensure that all vendors maintain compliance with DPA and PECR requirements.