Regulation Hub Update - March 2018

Written by Steve Sullivan, deputy chair of the Contact Centre Council and founder of Channel Doctors

PCI DSS

It’s now a year since consultation on proposed new guidance from the PCI DSS Council (ruling that ‘pause & resume’ won’t take a contact centre out of scope) was due to finish. However, there’s still no official confirmation of a change to the rules.

Operation Linden

This quarter (24^th January) Dave Clark kindly volunteered to be the Council’s representative at the Linden meeting. There were updates from the ICO, Ofcom and the Fundraising Regulator, among any others. In addition, there was further evidence from various sources of customer complaints about direct marketing contacts continuing to reduce. This trend is thought to be a function of ICO enforcements, increased network call blocking and reduced marketing of services.

Full minutes will be available shortly on the ICO’s website.

The Fundraising Regulator (FR)

From the Linden meeting, we understand the Fundraising Regulator is trying to get charities to manage their own complaints better. The FR expects 1,000-1,200 complaints a year. To date 30 investigation decisions have been made.

The main complaint categories are from Door2Door, Face2Face and Bag collections, with increasing concerns around the use of fundraising platforms. No mention of phone contacts as an issue.

Fundraising Preference Service (FPS) has received 14,000 suppressions for 1,200 charities from 5,000 individuals, 25% by third party. Awareness of the FPS remains low, so the FR plans to do some marketing (!).

The FR and the Institute of Fundraising (IoF) have produced some brief, to-the-point ‘spotlight’ guides to the GDPR for fundraisers

www.institute-of-fundraising.org.uk/guidance/research/get-ready-for-gdpr/spotlight-series/

As well as flagging the support of 6 other 3^rd sector groups and quangos (or is it quangoes?), these spotlight documents feature the ICO’s logo, having been ‘reviewed by’ - and by implication approved of – by the ICO.

Director Fines

Yet again, still no sign of this getting the nod through Parliament, which is odd as it would surely be universally popular (apart from with those scammers and crooks eligible to join the Institute of Directors).

Direct Marketing Commission

No news from the DM Commission this month – and possibly won’t be until next year’s annual report for 2018. www.dmcommission.com/?attachment_id=3507

Ofcom

No relevant news from Ofcom, this month. As mentioned in the notes of the Operation Linden meeting, Ofcom are increasingly targeting the misuse and misallocation of number ranges by network re-sellers

I think we now have as many completed Survey Monkey surveys of how outbound contact centres have responded to Ofcom’s revised Persistent Misuse rules www.ofcom.org.uk/__data/assets/pdf_file/0024/96135/Persistent-Misuse-Policy-Statement.pdf as we’re going to get. I’ll aim to circulate the draft findings well before our next Council meeting

Telephone Preference Service (TPS)

As previously discussed and noted, the TPS data cleanse www.dma.org.uk/press-release/dma-and-ico-update-to-tps-system is well underway. However, the figures below from Dave Clark show that defunct and re-allocated mobile numbers have not yet started to be removed from the Register:

Source: NTT www.nttfundraising.co.uk

GDPR and ICO

Data Protection Bill

The Bill had its 2^nd Reading in the Commons last week and is now going to be considered in Committee.

GDPR Guidance

I gather the ICO’s guidance on the use of Legitimate Interest is due to be published shortly, certainly before the end of the month. Just as well!

ICO Enforcement

The past month has been far quieter on the enforcement front for the ICO than last month. Only two relevant cases for us:

Direct Choice Home Improvements Limited – Swansea-based Direct Choice was fined £50,000 by the ICO in 2016 for calling prospects registered with the TPS. Although just over £40,000 of the fine has been paid, Direct Choice continued to wrongly call TPS-registered consumers and was prosecuted at Swansea Magistrates’ Court in February for failing to adhere to the previous enforcement notice. The court fined Direct Choice £400, with £364.08 and a victim surcharge of £40 (!). No one from the firm attended court and it has ceased trading.

Gain Credit LLC (previously trading as Lending Stream) - a short-term, online loan provider failed to fulfil a Subject Access Request (SAR) over the space of many months, after cashing the customer’s £10 processing fee cheque. The ICO has served an enforcement notice on Gain Credit requiring it to now fulfil the Subject Access Request within 30 days.

NB: Under the current Data Protection Act a nominal – typically £10 – processing fee may be charged for a SAR, but won’t be under the new Data Protection Act.

DMA and the GDPR Taskforce

The DMA has produced two hefty guides on

• GDPR Essentials
• Accountability

With further guides, due this month, on:

• Consent & Legitimate Interest
• Profiling

All these guides have all benefitted from input and review by the ICO, ISBA and the ever-wise Data Protection Network.

The last GDPR Taskforce meeting was on 13^th March and continues to guide and manage the various Councils’ and Committees’ work on GDPR and the new Data Protection Act.

The DMA’s Data Protection 2018 conference was held on 23^rd February and was considered a success, with some strong contributions from Asda, eBay, News UK and Elizabeth Denham (the Information Commissioner herself).

The Contact Centre Council's Agent Training Guide has been passed to the DMA Legal team who hope to have reviewed by 22^nd March.