Are data enforcers up to the job?

The phrase “wake up and smell the civil monetary penalty” may not quite carry the menace of the Kray twins, but Information Commissioner Christopher Graham claims his latest outburst heralds a new reign of terror – against any business which shows blatant disregard for data laws.
Last week, Graham confirmed that his office has issued 21 data breach fines, totalling £2m since April 2010, although the vast majority have been to local and health authorities.
He warned: “Over the past year, the Information Commissioner’s Office (ICO) has bared its teeth and has taken effective action to punish organisations, many of which have shown a cavalier attitude to looking after people’s personal information.
“We hope these penalties send a clear message to both the public and private sectors that they cannot afford to fail when it comes to handling people’s data correctly.”

New hardman image
But for some, especially those in the marketing industry, the new hardman image being displayed by Graham and his top enforcer – director of operations Simon Entwisle (both pictured) – is difficult to swallow.
They claim their legitimate business activities – from telemarketing and SMS to email and online marketing – are being seriously affected by rogue operators, who are threatening to drag the whole sector down. They want action, and they want it now.
After all, over the past year, 47% of complaints to the watchdog were about direct marketing – nearly double that of the second most complained about sector, general business, on 25%. And the top reasons for complaining were automated phone calls (35%), SMS (29%), live phone calls (19%) and email (14%).
Evidence, if it were needed, that certain elements of the DM industry are riding rough shod over the regulations.

Feelings running high
With accusations that Graham has been “all mouth, no trousers” when it comes to implementing the new cookies law to allegations that he is “worse than incompetent”, feelings are running high.
Then there is the long-running saga of text spam. The DMA’s Mobile Marketing Council has lamented the ICO’s inaction while others have branded the clampdown “pathetic”, after the watchdog admitted that not a single company had been brought to book.
And only a few days ago, the ICO was forced to defend its stance on dodgy telemarketing companies, after BBC One’s Panorama unearthed blatant disregard of the Telephone Preference Service.
Entwisle did his level best to show the regulator was being tough, saying the ICO was pursuing up to 20 rogue firms, with at least two businesses facing fines “in the not too distant future”.
But he stressed these things take time, especially since the ICO had only been given adequate powers at the turn of the year. “The last thing we want is to issue a fine and then for a company to successfully challenge the ruling and we have to pay it back,” he told BBC Breakfast.

Toothless poodle or scary rottweiler?
So, do the ICO’s critics have a point: is its bark worse than its bite? Is it a toothless poodle or a scary rottweiler?
To be fair, the role of the ICO is virtually unrecognisable since the office was first created as the Data Protection Registrar in 1984. Back then, it was more of an admin role, registering the relatively few businesses which processed personal data and dealing with Brussels and Westminster.
These days, with nearly every company in the land processing personal data in one form or another, technology rampant and privacy high on everyone’s agenda – not to mention Brussels – hardly a week goes by without a new outrage.
Yet the ICO has only had the power to issue monetary penalties since 2010, is still waiting for the right to jail miscreants and is itself hamstrung by the snail-like pace of Whitehall.
Spam text is a classic example. All the time you can walk into a supermarket and buy hundreds of SIM cards at once, top them up with credit and build a ready-made spam toolkit, what can the ICO do? Now if Ofcom had the power to rein in the mobile firms, limit the number of SIMs that can be bought at any time, the data watchdog might have a chance.
There is also the question of resource. It also takes time and money to build a strong legal case against rogue businesses yet, despite the introduction of the cookies law doubling its workload, the ICO’s operating budget has been cut in real terms.

‘Ready to do more’
With technology developing at breakneck speed, the regulator is always going to find it hard to keep up. By his own admission Graham is “ready to do more and better in the year ahead”.
That will be more welcome this summer than a new umbrella for genuine direct marketers, who also face the prospect of fresh draconian laws from the EU. Driving rogue operators out of ‘their manor’ will bring legitimacy to their business and make it easier for them to build stronger relationships with customers. As Ron and Reg might have said: “Don’t mess about – just do ‘em!”

Related stories
‘Hardman’ Graham flexes muscle
ICO gunning for rogue phone firms
War on text spam branded ‘pathetic’
DMA demands SMS spam action
Cookies: ICO ‘all mouth, no trousers’
ICO ‘worse than incompetent’

1 Comment on "Are data enforcers up to the job?"

  1. Charlie says: “The next few months will reveal whether the ICO is as good as its word. There must be many firms out there who are knowingly breaking data laws and getting away with it. The DMA, through the Direct Marketing Authority, has done its level best to weed out miscreants but it can only throw out members. There are plenty out there who are not members and are going unpunished. Tough action from the regulator – and a few hefty fines – can not come soon enough.”

Comments are closed.