Regulation Hub Update - November 2018 | DMA

Filter By

Show All
X

Connect to

X

Regulation Hub Update - November 2018

T-t-t-regulation-hub-image-1179.png

This article is written by Steve Sullivan who is the Deputy Chair of the Contact Centre Council.

This month’s headlines:

  • The ICO has fined two security firms a total of £220,000 for telemarketing consumers registered with the Telephone Preference Service
  • The PSA (Phone-Paid Services Authority) has fined and closed down a firm running an employment scam using 09 premium rate numbers
  • Still no confirmation of when individual directors will be able to be personally fined for breaching the electronic communications and marketing rules

Indications from Brussels that the ePrivacy directive may be less restrictive on UK direct marketers and outbound contact centres than originally feared.

Directors’ Fines

The Department for Digital, Culture, Media & Sport (DCMS)’s assessment of the responses it received during the consultation about giving the ICO the ability to fine company directors continues…

www.gov.uk/government/consultations/nuisance-calls-and-messages-action-against-directors

So, no need yet to pass the Ferrari to your spouse, if you have a guilty conscience.

Telephone Preference Service (TPS)

The TPS data cleanse https://dma.org.uk/press-release/dma-and-ico-update-to-tps-system still appears to be paused half-way through, with invalid landlines scrubbed but no mobile numbers as yet. The Contact Centre Council is due to have an update from John Mitchison when he joins the next Council meeting in November.

An Ofcom representative will be joining the Contact Centre Council’s next meeting in November (thanks to our Al White [www.noetica.com] for organising that). This will be a great opportunity to get Ofcom’s view on industry trends, their approach to enforcement and its collaboration with the ICO. Meanwhile, Ofcom’s latest league tables on the complaints it receives about the UK’s major providers of telecoms and pay-TV services were published last week. www.ofcom.org.uk/__data/assets/pdf_file/0015/126132/telecoms-pay-tv-complaints-q2-2018.pdf Although Talk Talk are again topping a couple of the tables, along with Virgin Media, the good news is that Ofcom says that complaints are at a record low, having shown a steady decline since 2011.

Phone-paid Services Authority

There’s been one enforcement case by the PSA, this month; Heart Communications. Heart advertised its services through two websites www.ukassignments.co.uk and www.paidpeople.co.uk offering access to opportunities to work as home-based virtual assistants. However, in order to complete their registration candidates had to call a 09 number and complete a process with an agent which took up to 15 minutes (at a cost of over £35). The PSA ruled that the call costs weren’t made clear to candidates, the call was artificially extended and that Heart was slow and unhelpful when challenged by disgruntled candidates to provide call charge refunds. The PSA fined Heart £165,000, ordered it to refund over-charged customers and had its operations suspended. Heart’s two websites now direct browsers to www.fourweekdiet.com “A Fool proof, Science-Based System that's Guaranteed to Force All 4 FAT Burning Hormones to Burn Away ALL Your Unwanted Stubborn Body Fat in Just 4 Weeks!...”

www.psauthority.org.uk/-/media/Files/PSA/00NEW-website/Tribunal-adjudications/2018/Heart-Communications-133839.ashx?la=en&hash=B2CCDF65D6C40B9597A8DDA6BFDA36632B5DF540

Still no pause for ‘pause & resume’. Yet…

There must now have been billions of pounds of card payments taken through contact centres in a manner that will soon be deemed to be insufficient to take contact centres ‘out of scope’ since we and others started saying so 2 years ago! However, the long-delayed PCI DSS guidelines on Securing Telephone-based Payment Card Data – which specifically address contact centres and new phone and digital based scope reduction technologies – are still due ‘any day now’. Rest assured that as and when the guidelines are published we will seek expert input from the Council’s own Tom Davies (www.ultracomms.com) and John Greenwood (www.compliance3.com) as to what the practical contact centre implications will be.

The Fundraising Regulator (FR)

No news or changes of note from the Fundraising Regulator, this month, but an interesting article in Civil Society (thank you to our Dave Clark for highlighting this). The article explains that research concluded that the FR – which is a self-regulation body, raising its income on a voluntary basis - raised an additional £900k in fees from charities through ‘naming & shaming’ non payers:

www.civilsociety.co.uk/fundraising/naming-and-shaming-non-levy-payers-worth-900-000-to-fundraising-regulator.html

DMA Privacy Taskforce

The Privacy Taskforce carries on its work, continuing to work on two main areas:

  • Collaboration between DMA, its brand members and ISBA (www.isba.org.uk) to get some common ground on the implications of GDPR on advertising and big data
  • Creating practical guidance around the requirements of implementing Privacy by Design

Brexit News

The DMA has continued its efforts to guide the direct marketing community through the possible impact of Brexit. There was a webinar last week and this event late last month www.dma.org.uk/article/the-dma-brexit-briefing - after which all the attendees were reassured and confident about the future. (Joke)

DMA Awards

Only a month to go until the results of the annual DMA Awards, including the new GDPR category: www.dma.org.uk/award/dma-awards-shortlist-2018

ePrivacy Directive

This article from the DMA explains that the latest draft ePrivacy text published under the Austrian presidency of the EU Council suggests giving member states the ability to make local rules over proposals which have previously unnerved direct marketers:

  • Time limiting the duration of soft opt-ins
  • Creating specific CLI codes for telemarketing
  • Banning restrictions on access to web data contingent on customers accepting cookies

www.dma.org.uk/article/eprivacy-regulation-growing-concern-over-the-lack-of-focus-on-data-and-marketing

GDPR, the new Data Protection Act and ICO

ICO Enforcement – Direct Marketing

Just two enforcement cases, this month. Both were taking action against home & business security firms telemarketing to consumers whose numbers had been registered with the TPS.

ACT is a provider of home and business security systems which has been fined £140,000 for PECR infringements through making unsolicited marketing calls to numbers registered on the TPS. ACT was investigated after a relatively high number of complaints (128) were received between January 2017 and February 2018. The ICO’s investigation of ACT established:

ACT made 609,797 unsolicited live outbound calls between January 2017 & February 2018

496,455 (82%) were to TPS subscribers

ACT made no attempt to screen TPS numbers, but instead instructed their agents to add them to an internal ‘do not call’ list

www.ico.org.uk/media/action-weve-taken/mpns/2260120/act-response-ltd-mpn-20181031.pdf

Secure Home Systems has been fined £80,000. SCS came to the ICO’s attention in October 2017 due to a total of 268 complaints about unsolicited calls made to peope registered with the TPS. In total 84,347 calls were made to TPS regsitered

numbers through September to December 2017, but it is believed that the total number throughout the period of SCS’s calling is much higher.

SCS utilised thrird party data which they were told was TPS screened but SCS had no contracts in place with its data providersand didn’t carry out any TPS screening itself.

www.ico.org.uk/media/action-weve-taken/mpns/2260122/secure-home-system-mpn-20181031.pdf

There’s still no further background on the ICO’s decision last month to reverse its previous fine of £60,000 levied on STS Communications (which we covered in the August Update).

Politics Corner

AggregateIQ, a Canadian political campaigning data firm, has been served notice that it should delete the data it holds on UK individuals (on the basis of their email domain location), which was used inappropriately in their work supporting various Brexit groups’ campaigns in 2016.

www.ico.org.uk/media/action-weve-taken/enforcement-notices/2260123/aggregate-iq-en-20181024.pdf

As expected, and pre-announced by the Information Commissioner in July, the ICO has fined Facebook the maximum available penalty of £500,000 for its inappropriate use and sharing of users’ data for UK political campaigning.

www.ico.org.uk/media/action-weve-taken/mpns/2260051/r-facebook-mpn-20181024.pdf

Business and Politics Together

Last week the ICO announced its intention to fine Aaron Banks’ Eldon Insurance – which operates the Go Skippy brand £60,000 and Leave.EU £75,000 for their respective data protection failings around the EU referendum. These resulted in Go Skippy customers receiving political communications from Leave.EU and Leave.EU supporters receiving marketing emails from Go Skippy, all without consent.

Peak Breach?

After the flurry of data leak revelations over the past few months, none have made the news here in the UK since the last Update, except a breach of some HSBC online customers’ data in the US and Cathay Pacific revealing that up to 9.4 million customers’ data had been exposed, including passport numbers and email addresses but no current card details or passwords.

That said, as has been observed before, data protection creates a customer engagement and marketing challenge. And this article by Rin Chau of Emarsys on the DMA website highlights three examples of positive breach email from BA, Amex and Superdrug: www.dma.org.uk/article/three-good-examples-of-gdpr-breach-notification-emails

Operation Linden

The latest Linden meeting was on 23rd October. John Mitchison went with the DMA team and has explained that the key discussion points were the ICO’s work on political (mis)use of personal data and Ofcom’s new General Conditions – which we have previously covered:

www.linkedin.com/pulse/ofcoms-new-rules-changes-just-telecoms-providers-steve-sullivan/

Direct Marketing Commission

No news from the DM Commission this month – and probably won’t be until next year’s annual report for 2018. www.dmcommission.com/?attachment_id=3507

Hear more from the DMA

Please login to comment.

Comments