Regulation Hub Update - May 2020
12 May 2020
Perhaps surprisingly, there has been one ICO enforcement action and significant fine in the marketing and contact centre world since last month's Update.
Claims management firm fined £171k for ignoring TPS registrations
Black Lion Marketing (BLM) of Brighton has been fined £171.000 for making over 240,000 marketing calls to TPS registered numbers. The non-compliant calls were made out of a total of over 7 million made between July 2018 and April 2019 - at which point the ICO raided BLM’s premises and BLM attempted to wind itself up. Some telling and interesting features of this case:
- BLM's sole director, Kurlos Asaad, had been variously investigated by the ICO since 2017, through prior companies which had come to the Commissioner’s notice. As we’ve noted before, having ‘form’ with the ICO is often a precursor to aggressive enforcement action
- Most of the facts used in the case weren’t obtained from the ICO’s raid of BLM’s premises, but through a Third Party Information Notice applied to data archive firm used by BLM’s communications service provider, which held the detailed CDRs (call detail records)
- But what materials seized in the raid did show is that BLM used multiple identities and brands when calling, to disguise its true identity
The ICO’s Penalty Notice doesn’t go into much detail as to the nature of the marketing calls or BLM’s business, but it does refer to “… leads generated by the direct marketing calls being made were subsequently being referred on to law firms for remuneration” which suggests that BLM was in the murky world of claims management.
ICO aims to go easy
Otherwise, the ICO has continued to promise to regulate in a pragmatic manner through the coronavirus outbreak and emphasise the importance of organisations focusing on data security, especially when working from home.
Breach relief for Morrisons
On the subject of data protection and data breaches, big companies and employers should have will breathed a sigh of relief when the Supreme Court over-turned lower courts’ decisions and ruled that Morrisons isn’t vicariously liable for the 2014 breach of 126,000 of its employees’ personal and salary data. The breach was made maliciously by an internal auditor who had a grudge against Morrisons and was subsequently jailed for 8 years for his actions.
Meanwhile, the ICO has again delayed its final decision about fines for BA and Marriott for their respective data breaches. The ICO originally proposed fining BA and Marriott £183m and £99m respectively, but as time goes on that looks less and less likely.
FCA Statement on business interruption insurance for small and medium enterprises
The Financial Conduct Authority (FCA) announced it intends to seek legal clarity on business interruption (BI) insurance to resolve doubt for businesses who are facing uncertainty on their claims.
This is due to continuing and widespread concerns among DMA Member firms and the wider economy about the lack of clarity and certainty for some customers making business interruption claims relating to coronavirus, and the basis on which some firms are making decisions in relation to claims.
The FCA believe that their more detailed statement will assist insurers and business' who need to make a claim. Their guidance will not determine how much is payable under individual policies but will provide the basis for doing so. Firms are reminding to continue to concentrate on handling complaints and adhering to Code of Business standards.
Nothing contact centre-related from Ofgem as they focus on keeping the lights on.
Nuisance calls down by up to 20%
Ofcom’s latest research shows that fewer consumers are receiving ‘nuisance calls’ now than they did in 2017 – a drop from 3 in 5 to 2 in 5 for landlines and a 10% drop to 37% on mobiles. This is no doubt due to a variety of reasons – increased regulations, the adoption of call blockers, the demise of PPI claims and better commercial opportunities online – but is good news for many in lockdown.
Half of UK adults exposed to false claims about coronavirus
Ofcom is conducting weekly research to help understand how people are receiving and acting on information during the current pandemic. Their first results from week one of 'lockdown' show that the most common piece of false information around coronavirus is the claim that drinking more water can flush out the infection (seen by 35% of online adults). That is followed by claims that it can be alleviated by gargling with saltwater or avoiding cold food and drink – both pieces of misinformation seen by nearly a quarter (24%) of online adults.
The research goes further to look at how people are receiving their news and whether guidelines are being followed. You can check the Ofcom's website if you are interested in checking how this research develops in the coming weeks and it may provide important information on consumer behaviours and how these are very likely to change.
The PSA continues to come down hard on rogue mobile phone service firms, despite the coronavirus crisis:
- Most firms which find themselves under investigation by the PSA do so for ignoring their customers while continuing to bill them (usually for services they don’t know that they’ve bought). However, in a turn up for the books Irich Info Technology – which nominally provided an IT technical support service for £2.50 per minute via premium rate numbers - has been fined £500,000 and ordered to pay refunds as a result of proactively contacting consumers (without their consent) and fraudulently encouraging them to call the premium rate line. The example complaints below show that Irich did not even pretend to be calling about IT technical support:
- Itech Logic has been fined £250,000 for poor customer service and slow, partial or denied refunds over a number of years. The competition service was operated under Itech’s txtwinner, voucher.me, britsms, smsunltd and txtintl brands and featured tricky questions like this:
The Fundraising Regulator’s recent guidance on fundraising during the coronavirus crisis includes a ban on face-to-face and event fundraising and an acknowledgement that direct marketing and non-face to face methods using contact centre resources will become even more vital in maintaining charities’ incomes.
No contact centre news this month from the TPS.
The FCA has announced another 6 month delay to the mandatory implementation date for SCA (strong customer authentication) for e-commerce purchases. The revised deadline is now Autumn 2021, which is good news for contact centres supporting online sales.
Finally, this article from The Daily Record highlights some of the additional risks and dangers for contact centres operating under coronavirus. It’s obviously a rather complicated situation and there are risks in making judgements from one newspaper article, but some clear areas to consider are:
- How to follow social distancing guidance if your contact centre operation is still office-based?
- Whether that guidance is sufficiently clear?
- What’s the right balance between legally indemnifying yourself as an employer and maintaining the support of your employees?
- The additional challenge of ensuring you have gained the confidence of newly-hired staff (research has shown that overall contact centre recruitment has been way ahead of the rates in the wider economy)?
- How to effectively carry out due diligence when either outsourcing contact centre activity of sub-contracting to an additional provider?
Content accurate as of 10th May 2020