Six data privacy wrongdoers in the ICOâs hall of shame

The world of marketing data isn’t regularly packed with salacious gossip. Or so I thought. Recently I discovered the ‘action we’ve taken’ page on the Information Commissioner’s Office (ICO) website, which is about as close as our industry is likely to get to Heat magazine. Okay, perhaps more like the section in your local newspaper where you find out which of your neighbour has received an ASBO. Either way, if you’re having a slow afternoon then it’s a fascinating way to spend some time.

As an independent authority created to uphold information rights and data privacy laws for individuals, whenever an organisation or individual has transgressed these laws (which happens more often than you might think), the dirty laundry is aired for all to see on the ICO’s ‘enforcement’ page.

Here’s a selection of some of the most surprising, shocking and sad examples we found:

● Nuisance Call Blockers Ltd sell a call-blocking device to stop people receiving cold calls. It’s not without irony that the company received several penalties in 2015 – for making unsolicited phone calls. After receiving nearly 200 separate complaints, ICO fined the company in excess of £90,000.

● In the run up to the UK General Election, The Telegraph swapped out one of its regular editorial content emails with a letter from the editor ‘urging’ its readers to vote for the Conservative party. This was deemed a marketing communication, which subscribers had not opted in to. The media group was fined £24,000.

● In the summer of 2015, London Mayoral candidate David Lammy tried to drum up support for his bid. An automated calling system contacted over 35,000 Labour party members over two days. These direct marketing calls were considered a breach of the Labour party’s privacy laws and saw the MP given a £5,000 fine.

● The Parklife Weekender is an annual music festival held in Manchester. In 2014, the organisers launched what turned out to be an ill-conceived text message campaign, apparently sent by a user called ‘Mum’. Along with contravening laws about concealing a sender’s identity, the campaign was seen as very insensitive to those who had recently experienced bereavement. The campaign attracted over 70 complaints and led to a £70,000 fine.

● Who hasn’t had an unwelcome call about PPI? It could very well have been lead generation firm Prodial, a (now defunct) company that instigated over 40 million automated marketing calls in 2015. After receiving 1,122 complaints and failing to show any evidence of consent from the ‘opt-in’ data it purchased, Prodial was fined a whopping £350,000.

● Not even the law is above the law. In 2015, the Crown Prosecution Service (CPS) was fined £200,000 for failing to adequately protect a laptop containing sensitive data from police interviews. Although the laptop was stolen from a studio where the interviews were being edited, quickly recovered and the data was not accessed, the CPS contravened Privacy and Electronic Communication Regulation rules by failing to encrypt the laptop or the interview DVDs.

While these transgressions are good to satisfy a craving for scandal, it does bring into sharp focus how easy it is to fall foul of the rules when handling personal data, not to mention some of the substantial fines you can face. If you haven’t checked through the latest data protection regulations, updated your suppression list for a while, or bought some third party data with obtaining any other necessary consent, maybe this might be the little kick up the backside you need to do it…

Company bio

Blue Sheep provide data marketing services to enhance your understanding of your customers and products. From customer insight reports (‘Money Maps’) to CRM, Single Customer View, customer analytics and multi-channel campaign management the Blue Sheep team have a 25-year history delivering perfectly targeted marketing solutions. For more information please visit www.bluesheep.com