The Information Commissioner’s Office has put the data broking industry on red alert after slapping Verso Group with an £80,000 fine for its part in supplying data to Brighton-based Prodial, the PPI claims firm which was fined £400,000 in February for sending 46 million automated calls.
The move comes despite the fact that the ICO did not receive a single complaint arising from the data Verso supplied; the 1,000 complaints about the Prodial campaign were made because the calls were automated, and relentless, and did not provide an opt-out option.
The regulator says this is the first fine to be issued following a wider investigation into the data broking industry, which covers up to 13 other data suppliers, including credit reference agencies which are key players due to the volume of personal data they gather.
The ICO has contacted credit agencies about the products they offer and how transparent they are to users as to how personal data is being processed.
In the past, data suppliers have not been so heavily under the cosh as it has been the responsibility of the company which runs the direct marketing activity to ensure the lists they source are compliant.
Although this is being tightened up under GDPR – meaning that suppliers face the prospect of direct action by regulators and consumers – the ICO updated its guidance on direct marketing in 2015 following a ruling by the First-Tier Information Rights Tribunal.
This effectively outlawed the use of third-party information unless it can be proved prospects have opted in to receive marketing from other brands.
Following the ICO’s investigation, the regulator discovered Verso had generated leads by contacting people in the UK from two overseas call centres. Personal data was gathered from what telephone operators described as “lifestyle surveys”, a common practice in the industry.
Other practices included buying in data from various firms to be packaged up to sell on to companies for use in direct marketing. However, the ICO insists this information did not have the correct consent required.
ICO deputy commissioner of operations James Dipple-Johnstone said: “We have concerns about the impact of invisible data processing on UK citizens and are currently looking at the data broking industry including how businesses trade and use personal data behind the scenes.
“This type of unlawful data trading directly fuels the nuisance call and spam text industry and creates misery for millions of UK citizens.
“Businesses need to understand they don’t own personal data – people do and those people have the right to know what is happening to it and who is likely to be contacting them for marketing.”
The ICO said Verso should have ensured that the people whose personal data it was dealing in were given specific information about the companies who would potentially be marketing services to them. The company could not provide proof of this consent.
Second firm in a week shuts up shop to avoid ICO fine
TPS screening gaffe sparks fresh warning from ICO
Bradford firms whacked for £150,000 over TPS failings
TPS tender put on hold over EU ePrivacy opt-in threat
Due diligence failings spark £50,000 fine for TPS abuse
Double-glazing firm smashed for £50k over TPS breach
New consent warning as firm is rocked by £270,000 fine
Brighton firm behind 46m calls gets £350,000 fine
Revealed: 5 billion reasons why claims firm love DM
PPI firm banned for totting up 40m nuisance calls
Your number’s up, ICO warns rogue marketing firms
Data consent ruling rocks industry