Direct Marketing Commission - Enforcing Higher Industry Standards

This case looked at concerns raised by a complainant who was in receipt of a number of unwanted emails. The member runs an affiliate network and the affiliate had sent out emails frequently to the complainant promoting different brands.  It appeared that only one of the brands involved was connected to the member’s network.

The individual said he did not opt-in to the original data collection point – a prize competition website; that he had attempted to unsubscribe repeatedly using the opt-out/unsubscribe button; and that he was passed from the brand to the member at which point he said he attempted contact with the member on many occasions. 

The member informed the Commission that it would be detrimental to their business for the unsubscribe mechanism not to work on their campaigns, and if there were over 2% of unsubscribes then this would result in a campaign pausing.  They did accept however that the individual said he had tried to repeatedly opt-out using the unsubscribe button.  The Commissioners also noted that the complainant had continued to receive emails even when the member’s client/brand informed him that his details had been removed from the affiliate partner’s database. The Code, rule 1.2 below, references the requirement for members to operate and maintain an in-house suppression file.

The Commission’s investigation also led to findings around the consent mechanism at the data source.  These related to GDPR rules around the permission statement from the data supplier to the affiliate and the lengthy privacy notice linked to emails received from the affiliate.  Additionally, the Commissioners did not see evidence of a contractual agreement in place with the affiliate.  Rules 4.1;4.3;4,6;4.8 below were upheld.

The Commissioners took into account that the member had previously enlisted the help of a compliance consultancy to help them meet GDPR requirements and that in the light of this complaint they had paused their relationship with the affiliate.     The Commissioners thought it vital that the member implement changes to ensure all parties associated with its network were compliant to reduce the risk of further complaints.  The Commissioners asked for a report in three months’ time which included a template contractual agreement, precise complaint statistics and details of other changes implemented as a result of the Commission’s findings.

Code Rules:

1.2 Member must operate and maintain an in-house suppression file -including the least amount of contact detail to identify consumers who have indicated they do not wish to receive commercial communications via all or particular channels. This includes receivers of third-party communications who have indicated at the first contact that they do not want to receive further communications.

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times.

4.3 Members must accept that in the context of this Code they are normally responsible and accountable for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, marketing suppliers, sub processors and others.

4.4 Members acting as an agency or supplier for a non- member’s one-to-one marketing activity must advise the non-member to act within the Code. If the non-member client does not take that advice, the member must insist as a condition of acting for the non-member that the Code is followed in respect of all relevant work.

4.6 Members must maintain adequate records to demonstrate compliance with the Code – and must maintain an adequate system of monitoring and audit.

4.8 Members must at all times give prompt, efficient and courteous service to customers – and must ensure they have in place adequate administrative procedures and resources to achieve this.

click for more information

The DMC investigated a complaint from the daughter of an elderly and vulnerable lady who had received a coin she said she did not order.  The complainant’s mother had returned the coin to the member but her account was still passed to debt collectors.  A number of unsuccessful attempts had been made to contact the member’s customer service by phone and the elderly lady was bewildered and fearful as a result of her account being passed to debt collector agencies.

Correspondence from the complainant highlighted an inadequacy and lack of resource in the member’s customer service process and this was recognised and accepted by the Bradford Exchange which acknowledged that its performance in terms of customer care fell short of fair and reasonable.  The member agreed that given the situation, the vulnerable and elderly lady should not have been asked to return the coin, and there should have been an easily accessible phone system in place to take calls of concern about the return process and debt collection issues. 

The Board’s investigation identified concerns that an internet led customer service was not always appropriate for those elderly and vulnerable consumers who are not computer literate, and the Board thought that a dedicated returns line or at the very least a process, allowing a consumer to speak to a person to return goods or to make a complaint about the return process, should be easily accessible to those who do not have digital access. Overall, the DMC did not think that the member had taken particular care when dealing with those who were vulnerable and there seemed to be a disparity between clear tracking and audit trails in place around customer sales versus inadequate audit trails around customer care.

The DMC considered that the Bradford Exchange was in breach of the following rules set out in the DMA Code:

2.4 Members must not send goods or provide services for which payment is requested to any consumer without first having received an instruction to supply such goods or services.

Members must not demand that any consumer either pay for or return unsolicited products, except for substitute products.

4.3 Members must accept that in the context of this Code they are normally responsible and accountable for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, marketing suppliers, sub processors and others.

4.8 Members must at all times give prompt, efficient and courteous service to customers – and must ensure they have in place adequate administrative procedures and resources to achieve this.

The Board decision was informed by the member’s willingness to implement changes to bring them into compliance and reduce the risk of further complaints and it took into consideration its apology to the complainant when made aware of the issues.  The member told the Board that a new customer service platform was to be in place in the Autumn, and whilst this would be internet led, it would, in the member’s view, free up resource for a more readily accessible telephone system for those who do not have digital access. 

The DMC Board asked that the member revert back in the Autumn with a full Review and Report – this would help the member and the Board to have more visibility of its processes and identify any ongoing improvements. The Report was to include a full action plan, data journey, training programme, risk assessment and appropriate compliance changes as necessary to any ongoing progress. 

Update: The Bradford Exchange provided a report and review. The company have now resigned membership of the DMA.

click for more information

The DMC investigated complaints from two businesses who had ordered a door drop delivery. Neither complainants were satisfied that the deliveries had been carried out adequately and they had both described their relationship with the member as strongly lacking in terms of engagement, responses and assurance that their leaflets had been delivered.

In the materials provided by the complainants, the DMC could not find any evidence to show that Postra Communications had been clear and transparent with its two clients.  It appeared that the clients had made multiple attempts to make contact so that they could be assured their deliveries were to be carried out as agreed and ordered. The material seen clearly indicated a reluctance or inability to share information on delivery schedules or evidence of completed deliveries. In the absence of any meaningful responses to the DMC or the clients on the matters raised it seemed appropriate to conclude Postra misled customers over performance under the contracts in question and that the deliveries were not adequately fulfilled.

The DMC did not think that Postra had complied with any of the key principles which asks members to value their customers, to act in accordance with their expectations, to be honest, fair and transparent and to act responsibly at all times. The DMC considered that Postra was in breach of the following rules set out in the DMA Code because it did not give the DMC any reason to believe that it had adhered to them.

2.1 Companies must not mislead customers; companies must be clear, open and transparent.

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times.

4.6 Members must maintain adequate records to demonstrate compliance with the Code – and must maintain an adequate system of monitoring and audit.

4.8 Members must at all times give prompt, efficient and courteous service to customers – and must ensure they have in place adequate administrative procedures and resources to achieve this.

The lack of engagement and responses to Postra’s two clients was also mirrored in its lack of engagement with the DMC process.  The DMC did not think Postra had co-operated fully with its investigations or enquiries and had ignored frequent approaches.  The DMC found a breach of rule 4.9 in the DMA Code which states: 

Members must accept the jurisdiction of the Data & Marketing Commission (DMC) and co-operate fully with their investigations or enquiries. Members must comply with any conclusion reached by the DMC, including any decision to take disciplinary action resulting from a breach of the Code.

The DMC reached the view that Postra had shown itself unconcerned by a failure to meet contractual commitments, with failures thereafter to engage with clients or in any meaningful way with the DMC. Commissioners saw nothing to show the company was committed to complying with the DMA Code and the DMA principles.

The DMC would recommend to the DMA Board that it considers removing Postra from membership of the Association.

The DMA Board approved and the member has now been removed from membership.

click for more information

This investigation centred on five complaints received against Fulcio Marketing, a Business to Business direct marketing company.  The complainants raised alleged failures to supply data in conformity with orders; misleading actions in supplying education sector data that proved to be sourced by a Freedom of Information request; claims for repeat annual payments for data that was not seen to be sold on that basis; a failure to respect previous requests not to be contacted and a failure to meet a subject access request.

The DMC had identified a number of themes that recurred.  These related to the absence of contracts and supply agreements and the absence of any documented mechanic for resolving disputes. There were unsubstantiated responses (to both complainants and the DMC), and little to no evidence to the DMC of due diligence done by Fulcio in relation to the data sourced and supplied. There was no evidence to demonstrate processes that could adequately ensure contract fulfilment. Most complaints also made reference to poor customer service and unprofessional conduct.

Online and in marketing correspondence the company made repeated and pointed reference to its DMA membership and the assurance this should give in terms of the quality of data provided. In correspondence the company made reference to supplying data to the ‘corporate level standard of the DMA’.  No such standard exists. A review found the Fulcio website also lacked essential links, including to its terms and conditions and privacy policy. This situation was unchanged during the course of the investigation.

The DMC was concerned over the failure generally of Fulcio to respond fully and in a timely manner to questions raised during the investigation. It was concerned also over the extent to which the company seemed to pursue and secure business based on the promotion of its credentials as a DMA member.  In finding Fulcio in breach of a number of Code provisions the DMC reached the conclusion that its failures could be thought to bring the DMA into disrepute.

Having reached decisions on the Code rules breached (see below) and taken a view on the seriousness or harm, the DMC proceeded to consider the most appropriate sanction or action. It examined the extent to which the trends of concern had existed over a more extensive period of time. It found issues around data accuracy, customer service and the absence of evidence of robust processes was evident in a further eleven previous complaints made against the business over the last four years. Generally these complaints had been treated under informal case procedures and resolved based on undertakings to comply.

The DMC reached the view that Fulcio Marketing was not committed to complying with the DMA Code and its principles and would recommend that the DMA remove it from membership of the Association.

1.2 Members must operate and maintain an in-house suppression file – listing the names and contact details of consumers who have indicated they do not wish to receive commercial communications via all or particular means of communication.

3.1 Members must follow all legislation relating to the processing of data, including the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003.

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times.

4.2 Members must ensure they do nothing that could bring into disrepute the public image of one-to-one marketing or the DMA.

4.6 Members must maintain adequate records to demonstrate compliance with the code – and must maintain an adequate system of monitoring and audit.

4.8 Members must at all times give prompt, efficient and courteous service to customers – and must ensure they have in place adequate administrative procedures and resources to achieve this.

4.9 Members must accept the jurisdiction of the Direct Marketing Commission (DMC) and co-operate fully with their investigations or enquiries.

click for more information

This investigation related to a complaint regarding a consumer who, despite being registered on the Telephone Preference Service, was contacted by a legal services company seeking to sell its services.  This call was made after the person called had been identified as someone who had consented to future marketing during a lifestyle survey call made by an offshore call centre which was contacting consumers for lead generation purposes. The call centre was acting on behalf of various clients. In this case the legal services lead generation was commissioned by PDV (part of Data Locator Group), a broker of data and marketing leads.

In the survey call there was a specific question related to legal services. The call script did not then go on to ask the person called if she or he wanted a follow up call from the legal services business who sponsored the call and question. The offshore suppliers’ call script listed the legal services client name in a recorded message at the end of the call along with other entities who had sponsored the survey and the questions in it. It did so in a way that did not make any link between a question on legal services and which would have allowed the consumer to make an informed choice as to whether or not a future call was welcome.  The Commission took the view that recordings at the end of a call give listeners no assured or straightforward mechanism for deciding who the call recipient does or does not want to hear from.

The Commission did not think the process described, by virtue of the structure of the call, the speed with which ways of opting out of marketing as a result of the survey call or the actual processes for opting-out, could be thought to have secured specific and informed consent for the legal company to over-ride the TPS registration in place and call the consumer.  In conclusion, the Commission did not think that PDV, as the broker between the off-shore supplier and the end client, had satisfied itself adequately as to the mechanics for securing informed consent.

For these reasons we upheld breaches of:

3.11 When buying or renting personal data, members must satisfy themselves that the data has been properly sourced, permissioned and cleaned.

4.3 Members must accept that in the context of this Code they are normally responsible for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, one-to-one marketing suppliers and others.

The Commission also noted that the off-shore supplier used a number of different trading names when making survey calls to generate marketing leads.  It was concerned that there was no evident  link between trading names introduced at the start of the call in question and trading names that were used previously or subsequently during other ‘surveys’ .  This could only serve to confuse a consumer and might invalidate any consents given to follow-up calls.   The Commission has encouraged PDV to seek advice on this point.

The Commission fully recognises that the industry has now moved into a new era under GDPR rules which require a higher standard and the Commission was told that PDV were embracing this and making necessary amendments to its processes, including the provision of named opt-ins at the point of sponsored questions rather than relying on a list in an end of call recording.

The Commission strongly reminded PDV of its obligations under the DMA Code.

The case is subject to any appeal.

click for more information

This investigation related to complaints received from two individuals whose TPS registered numbers were contacted by DLG to undertake a survey for lead generation purposes.  DLG had obtained the details from two off-shore call centres who were themselves carrying out lead generation surveys for a number of clients including DLG.

These call centres were, in turn, using data provided by other third parties. DLG could not provide the Commission with evidence that they had satisfied themselves that their call-centre partners had the consents necessary to be calling people registered with the TPS.

In this case these seemingly improper calls did result in some of the people called taking part in surveys conducted by the call-centres and giving some form of consent to marketing or survey/lead-generation calls from DLG and others. DLG took the view this last act gave them clearance to call TPS registrants on the basis they had a consent to do so. Calling TPS registrants when consent has not been given is wrong.

In the cases investigated, the offshore suppliers’ call scripts listed sponsor names at the end of the calls – in one case the list was within a pre-recorded message.  Recordings at the end of the call gave listeners no assured or straightforward mechanism for deciding who the call-recipient did or did not want to hear from. The Commission rejected the idea that a willingness to take lifestyle survey calls ending with a recording of all those sponsoring the survey in search of prospective business could, in effect, be taken as consent to any and all  sponsors.  On this interpretation, we thought that the consent mechanism for DLG to make subsequent calls to these TPS registrants was inadequate.

The Commission thought there was a greater risk that UK rules may not be followed when using off-shore suppliers and that this greater risk should be a consideration when purchasing data from different sources.  The Commission did not think the member had satisfied itself adequately as to the source of the data and the mechanics for securing consent and that if they could not satisfy themselves, the Commission thought they should have applied a TPS filter on the basis that they could not be confident that this had been done by others.

The Commission was also concerned that the suppliers’ consent mechanisms were vague, with one call centre using different brand names to call the complainant and the supplier scripts in both cases listing DLG as one of the sponsors of the survey call under one trading name (surveys.co.uk) but DLG subsequently calling under another trading name (Consumer Lifestyles). The Commission thought this was confusing to consumers.  The Commission found breaches of the following provisions of the DMA Code:

3.11 When buying or renting personal data, members must satisfy themselves that the data has been properly sourced, permissioned and cleaned.

4.3 Members must accept that in the context of this Code they are normally responsible for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, one-to-one marketing suppliers and others.

The Commission did take into account, however, that DLG had acknowledged the need to make further changes and had moved in January 2017 to arrangements under which it would  carry out TPS screening against any lists supplied by call centres where a DLG brand is named in sponsor lists in end of call recordings.

The Commission strongly reminded DLG of its obligations under the DMA Code and have shared its findings with the DMA to highlight the issues of accountability and control of sub-contractors by members and the issue of ‘end of call’ consents.

click for more information

Hollywood Marketing has resigned its DMA membership by agreement between it and the DMA following an incomplete adjudication process. The DMA will be making no further comment publicly or privately on the case.

click for more information

Please note that the Commission investigates complaints against DMA members involving breaches of the DMA Code. Any adjudication is based solely on compliance with the DMA Code and it does not, and cannot make comment on the lawfulness or not of the members’ actions.

This case centred on the supply of data of over 2 million consumer records to be used for an SMS marketing campaign.  The texts sent promoted an opportunity to place bets with a gambling company.  The complainant had received two unwanted text messages to this effect over the Xmas period.  The complainant was certain that he had not consented to receive the messages and had uncovered a lengthy supply chain over which his data was passed and which involved three DMA members. The messages the complainant received were mis-matched to an incorrect Christian name.

In considering cases where there is some form of value chain and where the member is using suppliers for a service to provide opted-in data to an explicit channel and sector, the Commission looks for assurance that sufficient due diligence is undertaken to show that supplier arrangements are compliant.  Given the high volume of records required for this order, the ‘sensitive’ nature of gambling and the requirements for the provision of clearly opted-in data, each member in the supply chain had a responsibility to undertake adequate controls and checks.

Verso Group had sourced the data from Evolution DM and sent it on to Digitonic which was to broadcast the data for the text campaign.

The Commission did not believe that Verso managed these contracts responsibly. During the time of the data order, Verso had come to the conclusion that it was not equipped to meet the data requirements from its own telephone survey and chose to out-source the data procurement. Verso could not produce any evidence to satisfy the Commission that it communicated the changed circumstance to its client, Digitonic.  It is not evident that Verso undertook the due diligence necessary to satisfy itself that its data supplier had the necessary consents for the data provided. The Commission also saw evidence of operational failings in the preparation and supply of the data, specifically a failure to correctly align names to the mobile numbers used in the campaign.

The Commission was not satisfied by the responses from Verso to its enquiries and the breaches raised and they saw a lack of willingness to accept corporate responsibility for events.

The Commission welcomed the assurance that Verso are to undertake remedial actions in terms of training staff to ensure there is a member of staff available to make these checks in future, but believed there was a need to test the adequacy of arrangements

Outcome

The Commission found Verso to be in breach of Rules 3.11, 4.1 and 4.3 below.

The Commission formally strongly reminded Verso of its obligations under the DMA Code.

The Commission has shared its findings with the DMA and asked it to use planned new audit arrangements with member companies to satisfy itself that Verso have the processes and sampling and other checks necessary to act as a data broker and lead generation provider. 

3.11 When buying or renting personal data, members must satisfy themselves that the data has been properly sourced, permissioned and cleaned. 

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times. 

4.3 Members must accept that in the context of this Code they are normally responsible for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, one-to-one marketing suppliers and others.

Following adjudication, Verso lodged an Appeal. The Independent Appeals Commissioner upheld the DMC’s decisions.

click for more information

Please note that the Commission investigates complaints against DMA members involving breaches of the DMA Code. Any adjudication is based solely on compliance with the DMA Code and it does not, and cannot make comment on the lawfulness or not of the members’ actions.

This case centred on the supply of data of over 2 million consumer records to be used for an SMS marketing campaign.  The texts sent promoted an opportunity to place bets with a gambling company.  The complainant had received two unwanted text messages to this effect over the Xmas period.  The complainant was certain that he had not consented to receive the messages and had uncovered a lengthy supply chain over which his data was passed and which involved three DMA members. The messages the complainant received were mis-matched to an incorrect Christian name.

In considering cases where there is some form of value chain and where the member is using suppliers for a service to provide opted-in data to an explicit channel and sector, the Commission looks for assurance that sufficient due diligence is undertaken to show that supplier arrangements are compliant.  Given the high volume of records required for this order, the ‘sensitive’ nature of gambling and the requirements for the provision of clearly opted-in data, each member in the supply chain had a responsibility to undertake adequate controls and checks.

As of 1^st May this year, Green Button became a separate legal entity to Evolution Direct Marketing Ltd – the Commission’s adjudication was based on its status and relationship with Evolution at the time of this investigation.

Evolution (trading as Green Button) sought to source data in order to send this over to Verso which in turn sent the data to Digitonic, the text broadcaster. The supplier was known to Evolution (Green Button), but only through a partnership delivering an unrelated campaign. In the absence of any documented materials, the Commission could not see how Evolution (Green Button) assured itself that the data was owned and controlled by the supplier as claimed and felt able to forward it to Verso. As part of the investigation Evolution (Green Button) confirmed the data the sourced and supplied to Verso was not generated and owned by its supplier, and that the original provenance of the data could not be ascertained.

The Commission concluded that there was insufficient due diligence undertaken, and did not think that Evolution’s (Green Button) awareness of the issues and risk in procuring this type of data was reflected in its arrangements.

The Commission accepted that Evolution (Green Button) had undertaken remedial actions and produced revised due diligence materials and that there was no intent to supply data of this nature again. The Commission also noted the declaration that in future data would not be accepted from amalgamated sources and record samples would be obtained to include screen shots of opt-ins and corresponding dates.

Outcome

The Commission found Evolution to be in breach of Rules 3.11 and 4.1 below.

The Commission strongly reminded Evolution of their obligations under the DMA Code. 

3.11 When buying or renting personal data, members must satisfy themselves that the data has been properly sourced, permissioned and cleaned. 

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times.

click for more information

Please note that the Commission investigates complaints against DMA members involving breaches of the DMA Code. Any adjudication is based solely on compliance with the DMA Code and it does not, and cannot make comment on the lawfulness or not of the members’ actions.

This case centred on the supply of data of over 2 million consumer records to be used for an SMS marketing campaign.  The texts sent promoted an opportunity to place bets with a gambling company.  The complainant had received two unwanted text messages to this effect over the Xmas period.  The complainant was certain that he had not consented to receive the messages and had uncovered a lengthy supply chain over which his data was passed and which involved three DMA members. The messages the complainant received were mis-matched to an incorrect Christian name.

In considering cases where there is some form of value chain and where the member is using suppliers for a service to provide opted-in data to an explicit channel and sector, the Commission looks for assurance that sufficient due diligence is undertaken to show that supplier arrangements are compliant.  Given the high volume of records required for this order, the ‘sensitive’ nature of gambling and the requirements for the provision of clearly opted-in data, each member in the supply chain had a responsibility to undertake adequate controls and checks.

Digitonic were contracted by the gambling company to undertake the text marketing campaign on its behalf, and had sourced data from Verso Group. Digitonic had received paperwork indicating that the data would be supplied from Verso’s own telephone survey, which was opted-in to texts from the gambling sector. It later transpired that Verso did not provide data from its own telephone survey, and the data supplied was incorrectly formatted with the result that some texts were sent mis-matching mobile numbers with incorrect Christian names.

The Commission concluded that Digitonic had processes in place of a good standard, that were transparent and that demonstrated an intent to comply.

Outcome

The Commission did not find Digitonic in breach of the DMA Code, but asked Digitonic to look at whether sampling or other tests should be used to underpin their documented processes to validate the data they procure.  The Commission was reassured that this was an area to which consideration is being given.

click for more information