Direct Marketing Commission - Enforcing Higher Industry Standards

This case looked at concerns raised by a complainant who was in receipt of a number of unwanted emails. The member runs an affiliate network and the affiliate had sent out emails frequently to the complainant promoting different brands.  It appeared that only one of the brands involved was connected to the member’s network.

The individual said he did not opt-in to the original data collection point – a prize competition website; that he had attempted to unsubscribe repeatedly using the opt-out/unsubscribe button; and that he was passed from the brand to the member at which point he said he attempted contact with the member on many occasions. 

The member informed the Commission that it would be detrimental to their business for the unsubscribe mechanism not to work on their campaigns, and if there were over 2% of unsubscribes then this would result in a campaign pausing.  They did accept however that the individual said he had tried to repeatedly opt-out using the unsubscribe button.  The Commissioners also noted that the complainant had continued to receive emails even when the member’s client/brand informed him that his details had been removed from the affiliate partner’s database. The Code, rule 1.2 below, references the requirement for members to operate and maintain an in-house suppression file.

The Commission’s investigation also led to findings around the consent mechanism at the data source.  These related to GDPR rules around the permission statement from the data supplier to the affiliate and the lengthy privacy notice linked to emails received from the affiliate.  Additionally, the Commissioners did not see evidence of a contractual agreement in place with the affiliate.  Rules 4.1;4.3;4,6;4.8 below were upheld.

The Commissioners took into account that the member had previously enlisted the help of a compliance consultancy to help them meet GDPR requirements and that in the light of this complaint they had paused their relationship with the affiliate.     The Commissioners thought it vital that the member implement changes to ensure all parties associated with its network were compliant to reduce the risk of further complaints.  The Commissioners asked for a report in three months’ time which included a template contractual agreement, precise complaint statistics and details of other changes implemented as a result of the Commission’s findings.

Code Rules:

1.2 Member must operate and maintain an in-house suppression file -including the least amount of contact detail to identify consumers who have indicated they do not wish to receive commercial communications via all or particular channels. This includes receivers of third-party communications who have indicated at the first contact that they do not want to receive further communications.

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times.

4.3 Members must accept that in the context of this Code they are normally responsible and accountable for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, marketing suppliers, sub processors and others.

4.4 Members acting as an agency or supplier for a non- member’s one-to-one marketing activity must advise the non-member to act within the Code. If the non-member client does not take that advice, the member must insist as a condition of acting for the non-member that the Code is followed in respect of all relevant work.

4.6 Members must maintain adequate records to demonstrate compliance with the Code – and must maintain an adequate system of monitoring and audit.

4.8 Members must at all times give prompt, efficient and courteous service to customers – and must ensure they have in place adequate administrative procedures and resources to achieve this.

click for more information

The DMC investigated a complaint from the daughter of an elderly and vulnerable lady who had received a coin she said she did not order.  The complainant’s mother had returned the coin to the member but her account was still passed to debt collectors.  A number of unsuccessful attempts had been made to contact the member’s customer service by phone and the elderly lady was bewildered and fearful as a result of her account being passed to debt collector agencies.

Correspondence from the complainant highlighted an inadequacy and lack of resource in the member’s customer service process and this was recognised and accepted by the Bradford Exchange which acknowledged that its performance in terms of customer care fell short of fair and reasonable.  The member agreed that given the situation, the vulnerable and elderly lady should not have been asked to return the coin, and there should have been an easily accessible phone system in place to take calls of concern about the return process and debt collection issues. 

The Board’s investigation identified concerns that an internet led customer service was not always appropriate for those elderly and vulnerable consumers who are not computer literate, and the Board thought that a dedicated returns line or at the very least a process, allowing a consumer to speak to a person to return goods or to make a complaint about the return process, should be easily accessible to those who do not have digital access. Overall, the DMC did not think that the member had taken particular care when dealing with those who were vulnerable and there seemed to be a disparity between clear tracking and audit trails in place around customer sales versus inadequate audit trails around customer care.

The DMC considered that the Bradford Exchange was in breach of the following rules set out in the DMA Code:

2.4 Members must not send goods or provide services for which payment is requested to any consumer without first having received an instruction to supply such goods or services.

Members must not demand that any consumer either pay for or return unsolicited products, except for substitute products.

4.3 Members must accept that in the context of this Code they are normally responsible and accountable for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, marketing suppliers, sub processors and others.

4.8 Members must at all times give prompt, efficient and courteous service to customers – and must ensure they have in place adequate administrative procedures and resources to achieve this.

The Board decision was informed by the member’s willingness to implement changes to bring them into compliance and reduce the risk of further complaints and it took into consideration its apology to the complainant when made aware of the issues.  The member told the Board that a new customer service platform was to be in place in the Autumn, and whilst this would be internet led, it would, in the member’s view, free up resource for a more readily accessible telephone system for those who do not have digital access. 

The DMC Board asked that the member revert back in the Autumn with a full Review and Report – this would help the member and the Board to have more visibility of its processes and identify any ongoing improvements. The Report was to include a full action plan, data journey, training programme, risk assessment and appropriate compliance changes as necessary to any ongoing progress. 

Update: The Bradford Exchange provided a report and review. The company have now resigned membership of the DMA.

click for more information

The DMC investigated complaints from two businesses who had ordered a door drop delivery. Neither complainants were satisfied that the deliveries had been carried out adequately and they had both described their relationship with the member as strongly lacking in terms of engagement, responses and assurance that their leaflets had been delivered.

In the materials provided by the complainants, the DMC could not find any evidence to show that Postra Communications had been clear and transparent with its two clients.  It appeared that the clients had made multiple attempts to make contact so that they could be assured their deliveries were to be carried out as agreed and ordered. The material seen clearly indicated a reluctance or inability to share information on delivery schedules or evidence of completed deliveries. In the absence of any meaningful responses to the DMC or the clients on the matters raised it seemed appropriate to conclude Postra misled customers over performance under the contracts in question and that the deliveries were not adequately fulfilled.

The DMC did not think that Postra had complied with any of the key principles which asks members to value their customers, to act in accordance with their expectations, to be honest, fair and transparent and to act responsibly at all times. The DMC considered that Postra was in breach of the following rules set out in the DMA Code because it did not give the DMC any reason to believe that it had adhered to them.

2.1 Companies must not mislead customers; companies must be clear, open and transparent.

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times.

4.6 Members must maintain adequate records to demonstrate compliance with the Code – and must maintain an adequate system of monitoring and audit.

4.8 Members must at all times give prompt, efficient and courteous service to customers – and must ensure they have in place adequate administrative procedures and resources to achieve this.

The lack of engagement and responses to Postra’s two clients was also mirrored in its lack of engagement with the DMC process.  The DMC did not think Postra had co-operated fully with its investigations or enquiries and had ignored frequent approaches.  The DMC found a breach of rule 4.9 in the DMA Code which states: 

Members must accept the jurisdiction of the Data & Marketing Commission (DMC) and co-operate fully with their investigations or enquiries. Members must comply with any conclusion reached by the DMC, including any decision to take disciplinary action resulting from a breach of the Code.

The DMC reached the view that Postra had shown itself unconcerned by a failure to meet contractual commitments, with failures thereafter to engage with clients or in any meaningful way with the DMC. Commissioners saw nothing to show the company was committed to complying with the DMA Code and the DMA principles.

The DMC would recommend to the DMA Board that it considers removing Postra from membership of the Association.

The DMA Board approved and the member has now been removed from membership.

click for more information

This investigation centred on five complaints received against Fulcio Marketing, a Business to Business direct marketing company.  The complainants raised alleged failures to supply data in conformity with orders; misleading actions in supplying education sector data that proved to be sourced by a Freedom of Information request; claims for repeat annual payments for data that was not seen to be sold on that basis; a failure to respect previous requests not to be contacted and a failure to meet a subject access request.

The DMC had identified a number of themes that recurred.  These related to the absence of contracts and supply agreements and the absence of any documented mechanic for resolving disputes. There were unsubstantiated responses (to both complainants and the DMC), and little to no evidence to the DMC of due diligence done by Fulcio in relation to the data sourced and supplied. There was no evidence to demonstrate processes that could adequately ensure contract fulfilment. Most complaints also made reference to poor customer service and unprofessional conduct.

Online and in marketing correspondence the company made repeated and pointed reference to its DMA membership and the assurance this should give in terms of the quality of data provided. In correspondence the company made reference to supplying data to the ‘corporate level standard of the DMA’.  No such standard exists. A review found the Fulcio website also lacked essential links, including to its terms and conditions and privacy policy. This situation was unchanged during the course of the investigation.

The DMC was concerned over the failure generally of Fulcio to respond fully and in a timely manner to questions raised during the investigation. It was concerned also over the extent to which the company seemed to pursue and secure business based on the promotion of its credentials as a DMA member.  In finding Fulcio in breach of a number of Code provisions the DMC reached the conclusion that its failures could be thought to bring the DMA into disrepute.

Having reached decisions on the Code rules breached (see below) and taken a view on the seriousness or harm, the DMC proceeded to consider the most appropriate sanction or action. It examined the extent to which the trends of concern had existed over a more extensive period of time. It found issues around data accuracy, customer service and the absence of evidence of robust processes was evident in a further eleven previous complaints made against the business over the last four years. Generally these complaints had been treated under informal case procedures and resolved based on undertakings to comply.

The DMC reached the view that Fulcio Marketing was not committed to complying with the DMA Code and its principles and would recommend that the DMA remove it from membership of the Association.

1.2 Members must operate and maintain an in-house suppression file – listing the names and contact details of consumers who have indicated they do not wish to receive commercial communications via all or particular means of communication.

3.1 Members must follow all legislation relating to the processing of data, including the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003.

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times.

4.2 Members must ensure they do nothing that could bring into disrepute the public image of one-to-one marketing or the DMA.

4.6 Members must maintain adequate records to demonstrate compliance with the code – and must maintain an adequate system of monitoring and audit.

4.8 Members must at all times give prompt, efficient and courteous service to customers – and must ensure they have in place adequate administrative procedures and resources to achieve this.

4.9 Members must accept the jurisdiction of the Direct Marketing Commission (DMC) and co-operate fully with their investigations or enquiries.

click for more information

This investigation related to a complaint regarding a consumer who, despite being registered on the Telephone Preference Service, was contacted by a legal services company seeking to sell its services.  This call was made after the person called had been identified as someone who had consented to future marketing during a lifestyle survey call made by an offshore call centre which was contacting consumers for lead generation purposes. The call centre was acting on behalf of various clients. In this case the legal services lead generation was commissioned by PDV (part of Data Locator Group), a broker of data and marketing leads.

In the survey call there was a specific question related to legal services. The call script did not then go on to ask the person called if she or he wanted a follow up call from the legal services business who sponsored the call and question. The offshore suppliers’ call script listed the legal services client name in a recorded message at the end of the call along with other entities who had sponsored the survey and the questions in it. It did so in a way that did not make any link between a question on legal services and which would have allowed the consumer to make an informed choice as to whether or not a future call was welcome.  The Commission took the view that recordings at the end of a call give listeners no assured or straightforward mechanism for deciding who the call recipient does or does not want to hear from.

The Commission did not think the process described, by virtue of the structure of the call, the speed with which ways of opting out of marketing as a result of the survey call or the actual processes for opting-out, could be thought to have secured specific and informed consent for the legal company to over-ride the TPS registration in place and call the consumer.  In conclusion, the Commission did not think that PDV, as the broker between the off-shore supplier and the end client, had satisfied itself adequately as to the mechanics for securing informed consent.

For these reasons we upheld breaches of:

3.11 When buying or renting personal data, members must satisfy themselves that the data has been properly sourced, permissioned and cleaned.

4.3 Members must accept that in the context of this Code they are normally responsible for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, one-to-one marketing suppliers and others.

The Commission also noted that the off-shore supplier used a number of different trading names when making survey calls to generate marketing leads.  It was concerned that there was no evident  link between trading names introduced at the start of the call in question and trading names that were used previously or subsequently during other ‘surveys’ .  This could only serve to confuse a consumer and might invalidate any consents given to follow-up calls.   The Commission has encouraged PDV to seek advice on this point.

The Commission fully recognises that the industry has now moved into a new era under GDPR rules which require a higher standard and the Commission was told that PDV were embracing this and making necessary amendments to its processes, including the provision of named opt-ins at the point of sponsored questions rather than relying on a list in an end of call recording.

The Commission strongly reminded PDV of its obligations under the DMA Code.

The case is subject to any appeal.

click for more information

This investigation related to complaints received from two individuals whose TPS registered numbers were contacted by DLG to undertake a survey for lead generation purposes.  DLG had obtained the details from two off-shore call centres who were themselves carrying out lead generation surveys for a number of clients including DLG.

These call centres were, in turn, using data provided by other third parties. DLG could not provide the Commission with evidence that they had satisfied themselves that their call-centre partners had the consents necessary to be calling people registered with the TPS.

In this case these seemingly improper calls did result in some of the people called taking part in surveys conducted by the call-centres and giving some form of consent to marketing or survey/lead-generation calls from DLG and others. DLG took the view this last act gave them clearance to call TPS registrants on the basis they had a consent to do so. Calling TPS registrants when consent has not been given is wrong.

In the cases investigated, the offshore suppliers’ call scripts listed sponsor names at the end of the calls – in one case the list was within a pre-recorded message.  Recordings at the end of the call gave listeners no assured or straightforward mechanism for deciding who the call-recipient did or did not want to hear from. The Commission rejected the idea that a willingness to take lifestyle survey calls ending with a recording of all those sponsoring the survey in search of prospective business could, in effect, be taken as consent to any and all  sponsors.  On this interpretation, we thought that the consent mechanism for DLG to make subsequent calls to these TPS registrants was inadequate.

The Commission thought there was a greater risk that UK rules may not be followed when using off-shore suppliers and that this greater risk should be a consideration when purchasing data from different sources.  The Commission did not think the member had satisfied itself adequately as to the source of the data and the mechanics for securing consent and that if they could not satisfy themselves, the Commission thought they should have applied a TPS filter on the basis that they could not be confident that this had been done by others.

The Commission was also concerned that the suppliers’ consent mechanisms were vague, with one call centre using different brand names to call the complainant and the supplier scripts in both cases listing DLG as one of the sponsors of the survey call under one trading name (surveys.co.uk) but DLG subsequently calling under another trading name (Consumer Lifestyles). The Commission thought this was confusing to consumers.  The Commission found breaches of the following provisions of the DMA Code:

3.11 When buying or renting personal data, members must satisfy themselves that the data has been properly sourced, permissioned and cleaned.

4.3 Members must accept that in the context of this Code they are normally responsible for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, one-to-one marketing suppliers and others.

The Commission did take into account, however, that DLG had acknowledged the need to make further changes and had moved in January 2017 to arrangements under which it would  carry out TPS screening against any lists supplied by call centres where a DLG brand is named in sponsor lists in end of call recordings.

The Commission strongly reminded DLG of its obligations under the DMA Code and have shared its findings with the DMA to highlight the issues of accountability and control of sub-contractors by members and the issue of ‘end of call’ consents.

click for more information

Hollywood Marketing has resigned its DMA membership by agreement between it and the DMA following an incomplete adjudication process. The DMA will be making no further comment publicly or privately on the case.

click for more information

Please note that the Commission investigates complaints against DMA members involving breaches of the DMA Code. Any adjudication is based solely on compliance with the DMA Code and it does not, and cannot make comment on the lawfulness or not of the members’ actions.

This case centred on the supply of data of over 2 million consumer records to be used for an SMS marketing campaign.  The texts sent promoted an opportunity to place bets with a gambling company.  The complainant had received two unwanted text messages to this effect over the Xmas period.  The complainant was certain that he had not consented to receive the messages and had uncovered a lengthy supply chain over which his data was passed and which involved three DMA members. The messages the complainant received were mis-matched to an incorrect Christian name.

In considering cases where there is some form of value chain and where the member is using suppliers for a service to provide opted-in data to an explicit channel and sector, the Commission looks for assurance that sufficient due diligence is undertaken to show that supplier arrangements are compliant.  Given the high volume of records required for this order, the ‘sensitive’ nature of gambling and the requirements for the provision of clearly opted-in data, each member in the supply chain had a responsibility to undertake adequate controls and checks.

Verso Group had sourced the data from Evolution DM and sent it on to Digitonic which was to broadcast the data for the text campaign.

The Commission did not believe that Verso managed these contracts responsibly. During the time of the data order, Verso had come to the conclusion that it was not equipped to meet the data requirements from its own telephone survey and chose to out-source the data procurement. Verso could not produce any evidence to satisfy the Commission that it communicated the changed circumstance to its client, Digitonic.  It is not evident that Verso undertook the due diligence necessary to satisfy itself that its data supplier had the necessary consents for the data provided. The Commission also saw evidence of operational failings in the preparation and supply of the data, specifically a failure to correctly align names to the mobile numbers used in the campaign.

The Commission was not satisfied by the responses from Verso to its enquiries and the breaches raised and they saw a lack of willingness to accept corporate responsibility for events.

The Commission welcomed the assurance that Verso are to undertake remedial actions in terms of training staff to ensure there is a member of staff available to make these checks in future, but believed there was a need to test the adequacy of arrangements

Outcome

The Commission found Verso to be in breach of Rules 3.11, 4.1 and 4.3 below.

The Commission formally strongly reminded Verso of its obligations under the DMA Code.

The Commission has shared its findings with the DMA and asked it to use planned new audit arrangements with member companies to satisfy itself that Verso have the processes and sampling and other checks necessary to act as a data broker and lead generation provider. 

3.11 When buying or renting personal data, members must satisfy themselves that the data has been properly sourced, permissioned and cleaned. 

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times. 

4.3 Members must accept that in the context of this Code they are normally responsible for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, one-to-one marketing suppliers and others.

Following adjudication, Verso lodged an Appeal. The Independent Appeals Commissioner upheld the DMC’s decisions.

click for more information

Please note that the Commission investigates complaints against DMA members involving breaches of the DMA Code. Any adjudication is based solely on compliance with the DMA Code and it does not, and cannot make comment on the lawfulness or not of the members’ actions.

This case centred on the supply of data of over 2 million consumer records to be used for an SMS marketing campaign.  The texts sent promoted an opportunity to place bets with a gambling company.  The complainant had received two unwanted text messages to this effect over the Xmas period.  The complainant was certain that he had not consented to receive the messages and had uncovered a lengthy supply chain over which his data was passed and which involved three DMA members. The messages the complainant received were mis-matched to an incorrect Christian name.

In considering cases where there is some form of value chain and where the member is using suppliers for a service to provide opted-in data to an explicit channel and sector, the Commission looks for assurance that sufficient due diligence is undertaken to show that supplier arrangements are compliant.  Given the high volume of records required for this order, the ‘sensitive’ nature of gambling and the requirements for the provision of clearly opted-in data, each member in the supply chain had a responsibility to undertake adequate controls and checks.

As of 1^st May this year, Green Button became a separate legal entity to Evolution Direct Marketing Ltd – the Commission’s adjudication was based on its status and relationship with Evolution at the time of this investigation.

Evolution (trading as Green Button) sought to source data in order to send this over to Verso which in turn sent the data to Digitonic, the text broadcaster. The supplier was known to Evolution (Green Button), but only through a partnership delivering an unrelated campaign. In the absence of any documented materials, the Commission could not see how Evolution (Green Button) assured itself that the data was owned and controlled by the supplier as claimed and felt able to forward it to Verso. As part of the investigation Evolution (Green Button) confirmed the data the sourced and supplied to Verso was not generated and owned by its supplier, and that the original provenance of the data could not be ascertained.

The Commission concluded that there was insufficient due diligence undertaken, and did not think that Evolution’s (Green Button) awareness of the issues and risk in procuring this type of data was reflected in its arrangements.

The Commission accepted that Evolution (Green Button) had undertaken remedial actions and produced revised due diligence materials and that there was no intent to supply data of this nature again. The Commission also noted the declaration that in future data would not be accepted from amalgamated sources and record samples would be obtained to include screen shots of opt-ins and corresponding dates.

Outcome

The Commission found Evolution to be in breach of Rules 3.11 and 4.1 below.

The Commission strongly reminded Evolution of their obligations under the DMA Code. 

3.11 When buying or renting personal data, members must satisfy themselves that the data has been properly sourced, permissioned and cleaned. 

4.1 Members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times.

click for more information

Please note that the Commission investigates complaints against DMA members involving breaches of the DMA Code. Any adjudication is based solely on compliance with the DMA Code and it does not, and cannot make comment on the lawfulness or not of the members’ actions.

This case centred on the supply of data of over 2 million consumer records to be used for an SMS marketing campaign.  The texts sent promoted an opportunity to place bets with a gambling company.  The complainant had received two unwanted text messages to this effect over the Xmas period.  The complainant was certain that he had not consented to receive the messages and had uncovered a lengthy supply chain over which his data was passed and which involved three DMA members. The messages the complainant received were mis-matched to an incorrect Christian name.

In considering cases where there is some form of value chain and where the member is using suppliers for a service to provide opted-in data to an explicit channel and sector, the Commission looks for assurance that sufficient due diligence is undertaken to show that supplier arrangements are compliant.  Given the high volume of records required for this order, the ‘sensitive’ nature of gambling and the requirements for the provision of clearly opted-in data, each member in the supply chain had a responsibility to undertake adequate controls and checks.

Digitonic were contracted by the gambling company to undertake the text marketing campaign on its behalf, and had sourced data from Verso Group. Digitonic had received paperwork indicating that the data would be supplied from Verso’s own telephone survey, which was opted-in to texts from the gambling sector. It later transpired that Verso did not provide data from its own telephone survey, and the data supplied was incorrectly formatted with the result that some texts were sent mis-matching mobile numbers with incorrect Christian names.

The Commission concluded that Digitonic had processes in place of a good standard, that were transparent and that demonstrated an intent to comply.

Outcome

The Commission did not find Digitonic in breach of the DMA Code, but asked Digitonic to look at whether sampling or other tests should be used to underpin their documented processes to validate the data they procure.  The Commission was reassured that this was an area to which consideration is being given.

click for more information

This case looked at the concerns raised by a single complainant who had been in receipt of a number of unwanted emails where the sender email addresses had seemingly been created to give the impression the messages were coming from well-known legitimate businesses and the email content was unrelated to those businesses. The complainant had followed a link which led him to believe that AWM were involved. Over the course of the investigation, it became clear that some of those emails had been for marketing campaigns run by AWM.  AWM was using affiliates and sub-affiliates who each had databases of individuals which had allegedly consented to e-mail marketing for certain goods and services.

The complaint led to an investigation where the DMC looked at AWM’s business model and its relationship with its affiliates and sub-affiliates in general and did not restrict itself to only examining the single complaint received.

The adjudication addressed the case with particular reference to Code rule 4.3 which states that “members must accept that in the context of this Code they are normally responsible for any action (including the content of commercial communications) taken on their behalf by their staff, sales agents, agencies, one-to-one marketing suppliers and others.

The DMC recognised that AWM operated largely on the basis of trust in affiliates and in their trust in sub-affiliates and on feed-back from their campaign-clients or direct affiliates if something goes wrong. The DMC also noted however that AWM had made or were in the process of making some changes to their processes to ensure tighter controls and told the DMC that they were open to other reforms to assure compliance.

The DMC has made it clear to the DMA that it sees the need to apply the related provision that members must take responsibility for the data that is traded via the actions of their suppliers and sub-contractors. This message is now of key importance to the DMA and the application of Code rules across its compliance process.

We upheld a breach of rule 4.3 above and formally reminded AWM of its responsibilities under this part of the DMA Code.

click for more information

This case was referred to the Commission from the Direct Marketing Association following a recent investigation undertaken by the Fundraising Standards Board (FRSB) into a complaint from a TPS registered consumer who had received an unwanted call from Insight CCI, a telemarketer fundraising on behalf of Breast Cancer Campaign.

PDV Ltd, acting as a broker, had confirmed that it had supplied the complainant’s number to two selected clients, one of which was Insight CCI, after it had been supplied to them by a company based in India called Dynaxon IT Services. Dynaxon had conducted a telephone survey designed to create ‘opt-in’ leads for a variety of charities and commercial companies.

The Commission concluded that PDV had relied on assurances and documented processes signed with their off-shore supplier to comply with the UK TPS regime. Dynaxon, in turn, used another sub-contractor to provide a database of UK numbers to call and to check this database against the TPS register. PDV knew little of the sub-contract arrangement, had not themselves visited Dynaxon and did not seem at the time to have arrangements in place to test effectively whether the processes thay had set were being followed. At the time PDV did not themselves check the leads supplied by Dynaxon against the TPS register, although once they became aware of the problem, PDV assumed responsibility for this.

PDV’s supplier was a young and offshore business, that itself relied on data from a third party that supposedly had responsibility for compliance actions. PDV accepted the arrangement had not worked properly, that the original TPS complainant had been called wrongly and that this was not likely to be an isolated incident. We were also concerned about the overall vagueness of the information given to those who were called in terms of what consent they were being asked to give in agreeing to receive future marketing calls as a result of answering survey questions.

Given PDV is a data brokerage of some size and with a number of offshore partners the Commission thought PDV would have been more aware of its responsibility to ensure data is properly sourced, cleaned and permissioned and understood it was responsible for the behaviour of these suppliers specifically in terms of how they source data, check to ensure calls are not made to TPS registrants unless they have given prior consent, and that permissible calls are clear in terms of the marketing permissions they secure.

The Commission found four breaches of the DMA Code rules relating to the buying and renting of personal data. The Code says that members must satisfy themselves that data is properly sourced, permissioned and cleaned; they must take responsibility for action taken on their behalf by their suppliers; they must follow all legislation relating to the processing of data and they must act decently, fairly and reasonably.

PDV assured the Commission that changes were now underway to improve its audit process on its suppliers and presented revised processes and checks. The Commission welcomed these changes, and informed PDV that off-shore suppliers should be subject to a robust risk assessment and a high level of scrutiny if PDV and its clients are to be assured that data suppliers are operating to the standards set. The Commission concluded that these changes and assurances were critical to continued DMA membership. It has made this clear to PDV and invited the company to make changes and present these to the DMA. The Commission suggests the DMA review the matter in three months. If the DMA do not see changes during this period that would give an assurance that PDV and suppliers are Code-compliant, the Commission’s advice to the DMA would be to suspend membership until matters are on an acceptable footing.

It is clear that there is a great deal of public concern about the collection of personal data, where it comes from and how it is traded. The Commission appreciated that the issues with managing suppliers and the more specific issues with offshore call centres were not unique to PDV. The Commission will support the DMA in any work needed to reinforce the fundamental message that data companies have responsibility for the data they trade. Data must be properly, sourced, permissioned and cleansed and members will be held responsible the actions of their suppliers and sub-contractors when these duties are passed to others.

Following a review of amendments to PDV’s procedures, the DMA was comfortable that their recommendations had been incorporated and therefore decided to allow PDV to remain in membership.

click for more information

The Direct Marketing Association had asked the Commission to consider the circumstances around the buying and selling of alleged sensitive financial data by B2C Data Ltd.  This followed articles in The Daily Mail which alleged that B2C Data Ltd was selling data on the pension and financial details of thousands of people without knowing the source of data the company was sourcing from third parties and without checking on the identity or plans of those to whom data was sold.

The investigation looked at B2C Data Ltd’s arrangements, how they source and gather their data, and how they ensure any data supplied is in line with regulations and collected with the appropriate consents.  It also looked at the arrangements that the member had in place for selling the data to third parties and any due diligence that is undertaken.

B2C Data Ltd co-operated with the DMC investigation. They were however unable or unwilling to disclose the sources of the data supplied to them to the Commission and though they provided a number of sample consent forms from their suppliers, many of these were found to be vague and not compliant with recent guidance from the Information Commissioner’s Office.

In some cases the suppliers were running web based services where anyone using the service had, in effect, to give consent to their data being shared with third parties simply and automatically by virtue of being on the site.  Additionally, there was insufficient evidence to substantiate the B2C Data claim that they did screen their data every 28 days against the Telephone Preference Service as claimed and as required in the DMA Code. Commissioners therefore upheld a breach of the Code rule 3.11 which states when buying or renting personal data, members must satisfy themselves that the data has been properly sourced, permissioned and cleaned. In this case the member company breached parallel requirements: failing to ensure their data suppliers provided adequate consent and for not substantiating that they had checked this data against the TPS before offering it to third parties.

The Commissioners also found a breach of the Code rule 4.4 which states that members        acting as an agency or supplier for a non-member’s one-to-one marketing activity must advise the non-member to act within the Code. The Commission found no evidence that this was included in correspondence or contract terms.

The Commission believe companies should be more aware of the types of data they are trading and when these might be perceived as ‘sensitive’ by consumers. They see a risk to the public and to public trust if data with this “potential” is sold without the suppliers having any knowledge of the purchasers or the purposes for which the data would be used.

Whilst there was no evidence to show that the data in this case constituted details of a highly personal nature or sensitive personal data as defined by the ICO there was a concern that the member had not been alert to the potential issues of data with quite apparent sensitivities.  The agreement and contract did not reflect any limited uses and or any unacceptable uses or purposes for the data.  Had this been in place, the Commission would have been more assured as to the member’s due diligence on its buyers.

This company however, has now ceased trading following an insolvency action and the issue is therefore closed.  However, should B2C Data Ltd have remained in DMA membership, given the seriousness of the Commission’s findings, the decisions are likely to have resulted in calls for significant change and evidence of change for their membership to continue.

This case again highlighted broader issues for the industry where businesses are unwilling or unable to provide information on the sources of data and the nature of the consents given by individuals to the use of their data. The use of non disclosure or confidentiality agreements is a barrier to buyers and sellers satisfying themselves that the data is safe to use. Alongside this, the selling and buying of data of a ‘sensitive’ nature and permission statements which may not reflect industry guidance can have serious effect when they are used across an extended value chain and result in the public frustrations we are seeing with increasing frequency. The DMC will be exploring these issues with the Direct Marketing Association.

click for more information

The Direct Marketing Association had asked the Commission to consider the circumstances around the buying and selling of alleged ‘financial and medical’ data by Data Bubble.  This followed articles in The Daily Mail which alleged that Data Bubble was selling or renting data on the pension and medical details of thousands of people without knowing the source of data the company was sourcing from third parties and without checking on the identity or plans of those to whom data was sold.

The investigation looked at Data Bubble’s data arrangements, how they source and gather their data, and how they ensure any data supplied is in line with regulations and collected with the appropriate consents.  It also looked at the arrangements that the member had in place for selling the data to third parties and any due diligence that is undertaken.

Data Bubble co-operated fully with the DMC investigation explaining where they source data and their due diligence arrangements in relation to their customers. This included information on the company who supplied the data they were marketing as a broker and how that data was sourced. The company provided information making clear they did not seek or offer information that might be described as “medical records”.

From the responses given, and in the absence of any further materials, the Commission did not find evidence that Data Bubble’s actions and processes had breached rules of the DMA Code in relation to their responsibility for data supplied to them or for their contract for its use. The investigation did, however, highlight some issues around Data Bubble’s relationship with their data suppliers and lessons in terms of how best to deal with data that might be considered sensitive from a consumer’s point of view.

The Commission was concerned that confidentiality agreements between the broker and its suppliers meant that they could not reveal or may not know the actual source of the data they bought. Whilst Data Bubble seemingly used reliable and trusted suppliers and undertook due diligence on the data they bought and sold, in an extended value chain this was a worry as it meant there was a limit as to the assurances that could be given to buyers on the data’s provenance. This was reflected to an extent in initial uncertainty over the source of data on “ailments” that might be relevant to a business offering pension services and the extent to which Data bubble were reconciled to not getting answers on sources from their principal suppliers.

This seemed even more important when the data was deemed ‘sensitive’.  Though no evidence was found that the data in this case was ‘sensitive medical data’ the Commission thought that when selling data that had a ‘heath’ angle, the member would benefit from understanding more about the specific sources of the data in order to assure buyers of its provenance. The Commission found Data Bubble had been clear in its invoice that the data provided was supplied on condition that its use was related to a pension marketing exercise. Rules on the limits applicable to the use of data were also included in the company’s terms and conditions. The Commission did, however, think a broker firm set up to trade in data should have been more alert to the potential issues with data with apparent sensitivities.

The Commission thought the case highlighted broader issues for the sector if players were unable or unwilling to provide information on the sources of data and the natures of the consents given by individuals to the use of their data. If applied as an industry “norm” this practice had serious implications for those trading in data and those using it for marketing to the general public. Public frustration is understandable when those who contact them are unable to say when and how their details were obtained and why the marketing firm believes it has their consent to make a call or send a message.

The use of confidentiality agreements or non-disclosure policies are an obvious barrier to others satisfying themselves that the data is safe to use. While the Commission did not find a compliance issue in the Data Bubble case the exercise highlighted the need to look afresh at how data is traded.

click for more information

In the light of a recent penalty imposed by the Information Commissioner’s Office for calls about PPI claims made to registrants on the Telephone Preference Service, the Direct Marketing Association asked the Commission to consider the circumstances surrounding this ruling and, in so doing, to advise DMA on EMCAS and their continuing membership of the Association.

The Commission itself had not received complaints against EMCAS from individuals but it was clear from the ICO ruling and discussions with EMCAS that the company had been the subject of TPS complaints on a worrying scale for some time. It seemed clear, and this was reinforced by EMCAS’s own admissions and actions, that they had not been carrying out effective due diligence on their suppliers and introducers and had not taken responsibility for those providers. This behaviour had contributed to a high volume of TPS complaints over a lengthy period of time.  It had also contributed to an industry-wide problem where there is low public confidence in claims companies and high anxieties about nuisance calls.

In considering its advice to the DMA board and expressing its views on issues with claims management activity the Commission took account of a number of factors:

• The extent to which tolerance or actual endorsement of models that stretched or breached TPS rules was an issue across the sector and that the reputation of one to one marketing and claims management businesses had been damaged by their collective actions.
• EMCAS had clearly been party to this and that activity had been addressed by the ICO and the financial penalty imposed. EMCAS belatedly accepted their responsibility for the marketing calls made by “introducers” acting under contract for the company.
• The Commission considered the relevance of its previous adjudications on member companies that had or had not been the subject of action by the ICO. The Commission considered the scale and nature of the alleged wrongdoing in these cases and whether the companies took appropriate mitigating action when challenged.
• The changes EMCAS had made to its management structure, to its organisational arrangements and to how it selects and audits data suppliers and sub-contractors. EMCAS briefed the Commission on planned changes to its model of business and marketing activities.

On this basis and subject to receiving agreement from EMCAS to action on compliance and information-sharing, the Commission has told the DMA there does not seem a reason to terminate the company’s membership.

The Commission has made clear to EMCAS and to DMA that it is vital that EMCAS sees these changes through, achieving a further decline in complaint levels. To this end the Commission asked that EMCAS meet with the DMA compliance team, allowing them full access to information about their data marketing activities and those of their suppliers and introducers. The Commission has asked for a report back in six months with a full review of the remedial actions together with a report of any TPS complaints, and any future plans.

click for more information

The Direct Marketing Commission had received a complaint against L-EV8 Marketing from a consumer who had unwittingly signed up over two years previously to membership of their Pound Savers club. The club offer retail and other discounts and deals. Membership of this particular club is annual with an annual membership fee. When the complaint was presented to the Commission, it was found that the complainant’s membership fee had risen substantially in the second year seemingly without notification. . The Commissioners were asked to consider whether the company was complying with rules regarding the clarity of the sign up process which was conducted over the telephone, the ongoing renewal process, and their customer service.

The Commission’s decision was based on an analysis of the complaint as well as an investigation into L-EV8’s direct marketing activity overall from the point of sale to the ongoing membership including their auto-renewal process. Previous complaints had been received in relation to L-EV8’s customer service activity but this had been dealt with informally and remedial processes had been put in place.

L-EV8 told the Commission that they no longer signed up customers through cross-selling on the phone when these people called TV shopping channels to make some other purchase. Their marketing and customer acquisition is all online with subscribers joining and paying on a monthly basis. The customers from the TV sign-up era paid for an annual service and this payment was auto-renewed if the customer did not act to cancel the subscription before the renewal date. The complainant in question was part of a legacy club of such subscribers which continues to be served by L-EV8.

The investigation identified contradictions between the contractual undertakings to inform scheme members in writing of price changes and the procedure followed with price changes posted on the scheme’s websites. This process might be considered logical and adequate for new scheme members who signed-up on-line and have monthly payments and the ability to end a membership with immediate effect. The arrangement did not seem fair for members who had joined by phone, who were renewed annually, who received membership benefits by post as well as via an online option, who were of a different and older demographic and who might not have internet access.

During the course of the investigation, L-EV8 undertook in future to notify annual fee paying members of their forthcoming renewal date giving members the opportunity to cancel if they so wished before an annual payment fell due. L-EV8 also undertook to improve the communications process around price increases. L-EV8 had agreed to roll this new process out from January 2015.

On this basis and in relation to practices that are now to change the Commission concluded the arrangements were not fair and reasonable and upheld a breach of Clause 3.21 of the fourth edition of the DMA Code of Practice. The Commissioners were most grateful for L-EV8’s willingness to work with the Commission during this investigation, and their agreement to remedial actions to ensure they fall into compliance in future. There was a concern, however, over the time L-EV8 said it would take to put new arrangements in place. Given a ruling on Clause 3.21 in relation to existing arrangements the Commission look to L-EV8 to exercise sense and discretion in relation to any scheme member who contacts them in the interim period about an annual renewal payment that has been taken and where the individual did not want or intend for this to happen.

click for more information

The Direct Marketing Commission had received two complaints against Consumer Lifestyles, a trading name of Data Locator Group (DLG) from consumers who were registered on the Telephone Preference Service. The Commission was asked to consider whether the company was complying with rules regarding calls to those registered with the TPS, whether there were issues in relation to customer service and whether the purpose of the calls was clear.

The Commission’s decisions were based on an analysis of those complaints and a considerable number of other complaints made to the Telephone Preference Service over the period of a year. The Commissioners welcomed DLG’s willingness to share this and other data and their views were informed by the actions taken by DLG to make changes to their marketing practices and processes. It was clear from information from TPS and DLG that these actions had led to a big fall in complaint levels.

This case was important in terms of the volume of complaints recorded by TPS and highlighted issues around consumer consent, the importance of clear and transparent permission methods and the transparency of ongoing contact with consumers. The Commission concluded DLG had made calls based on consents received from online surveys and previous telephone marketing. They saw grounds for mitigation because DLG had made a number of changes in order to reduce TPS complaints. The Commission did, however, conclude there had been two breaches of the Direct Marketing Code. These were in relation to the clarity of their communication when consent is secured on-line and the importance of ensuring that the purpose of a telephone call, as a form of lead generation, is made clear when contact is then made subsequent to the initial consent. These breaches related to clauses 6.17 and 21.9 of the Code. The Commission welcomed the relevant changes now taken by DLG to ensure these issues are addressed.

The Commissioners were grateful for DLG’s willingness to work with the Commission during this investigation, and to undertake a full review of their data journey and how this impacts the consumer. On this basis and in light of the assurances given by DLG the Commission reprimanded DLG and reminded the company of its obligations under the Code of Practice.

click for more information

An adjudication against Reactiv Media in October 2013, described concerns which had been raised by TPS registered consumers in relation to calls about PPI received from Reactiv Media, who were describing themselves as ‘a Consumer Helpline’.   The Commission formally reprimanded the company and reminded it of its obligations under the Direct Marketing Code, and asked Reactive Media to review arrangements and provide a full report of actions taken to achieve compliance as a result of the investigation together with information on the handling of any future TPS complaints.  This report was expected in January 2013.  The Commissioners also asked that Reactiv Media meet with the DMA compliance team to ensure future compliance.

Despite repeated reminders and further letters, Reactiv Media did not confirm that they would comply with the Commission’s sanction and the company has not submitted any report or statement of actions to secure compliance. The Commission has continued to receive complaints and had limited responses from the company.  In a final letter to the company, the Commission stated that if no response was received, it would recommend to the DMA that their membership of the Association is terminated.  No response was received and no appeal has been lodged. Accordingly, and in light of the serious Code breaches found and the many complaints identified the Commission have  issued a recommendation to the DMA that Reactiv Media’s membership of the Association is terminated.

click for more information

This complaint from a business related to a data order for 1000 records which had not met the criteria requested.  The data provided did not include essential address or telephone details and replacement data offered in compensation appeared similarly incomplete, inaccurate or out of date.

Maximum Impact did not provide the Commission with a response to the issues raised or any assurances over future compliance with the DMA Code of Practice. The Commission did, however, have sufficient information from the complainant including mail exchanges with Maximum Impact to reach a set of decisions.

There was a clear unwillingness on the part of Maximum Impact to liaise with the Secretariat, seeming disinterest in the Code and little evidence of any concern over their client’s circumstances.  In the absence of any information from the member, and based on the Commission’s assessment of the other information available, the Commissioners came to an unanimous conclusion to uphold breaches of the following clauses in the Direct Marketing Code of Practice: fair behaviour (3.21); information on data and data controllers (5.74); provision of accurate and up to date data (5.37); responsibility for suppliers (3.15) and responding to the Commission (4.20).

In reaching a decision as to sanction the Commissioners noted that there had been a number of previous complaints including a case with many similarities which had resolved informally following assurances from Maximum Impact that it was a ‘one off’ incident attributable to a single member of staff. 

In light of serious, repeated Code breaches and a seeming indifference to the needs of their consumer, and their responsibilities to their industry and trade association, this led Commissioners to conclude that there should be a recommendation to the DMA that membership of the Association is terminated. 

click for more information

The Direct Marketing Commission had received several complaints against this company over the period from April to September.  Concerns had been raised in relation to calls received from Reactiv Media to TPS registrants. The calls were in relation to the possible mis-selling of PPI. The Commission concluded there had been breaches of DMA Code of Practice rules on TPS regulations (clause 21.20); supplier responsibility (clause 3.15); and the requirement not to mislead consumers (21.46).

Reactiv Media agreed that the Commission could access data recorded with the Telephone Preference Service (TPS) and the Commission welcomed this decision. It was found that around 100 complaints had been logged by TPS against Reactiv Media over the period of a year, and over 200 complaints had additionally been logged against one of their other trading names. The investigation highlighted issues around consumer consent and the ways in which failure to comply with the Code and related PECR regulations can result in complaints over unwanted calls from consumers registered with the TPS.

Based on information provided by Reactiv in relation to the call script used by the firm providing them with names to call and on the answers given by Reactiv, the Commissioners concluded, on a balance of probability, that Reactiv was not named by its data supplier in its call script and should not be calling TPS registrants as they did not have express permission to make these calls.

There were similar issues with the calls made by the firm supplying the data used by Reactiv. The company made “lifestyle survey”calls but the Commissioners were not shown any evidence to explain what permission the company had from the people called for making “lead generation” calls of this nature. Under the DMA Code of Practice Reactiv were under a duty not to breach TPS rules and a parallel duty to ensure their suppliers were doing the same. Finally, there were additionally concerns over Reactiv’s own telephone script with the company identifying itself on calls as a “consumer helpline”. The Commission decided this was misleading as to the identity of the people and the intent of the call.

This decision highlighted permission issues over extended value-chains over the supply of data, and failures to understand the regulations that apply. The Commission thought this particularly unfortunate given that data processing and tele-marketing are core elements of the company’s business.

The Commission formally reprimanded Reactiv Media and reminded them of their obligations under the DMA Code of Practice. The Commission sought agreement that Reactiv would provide a full Report and Review of Actions taken as a result of the investigation, together with information on their handling of any future TPS complaints.  This report is expected in three months.  The Commission asked that the DMA’s compliance and legal team meet with the company to help ensure future compliance.

click for more information

The Direct Marketing Commission had received six complaints against this company over the last few months.  Concerns had been raised in relation to calls received from National Money Savers to TPS registrants and in two cases those consumers were passed to other third parties against their wishes. The complaints were upheld in relation to TPS regulations (clauses 21.18 and 21.20);  responsibility for suppliers (clause 3.15); and the requirement to comply with relevant legislation (clause 3.14).

McDowall Media provided full co-operation to the investigation and agreed that the Commission could access data recorded with the Telephone Preference Service (TPS). It was found that around 1,000 complaints had been logged by TPS in the period from July 2012 to June 2013.  The investigation highlighted issues around consumer consent and the ways in which failure to comply with the Code and related PECR regulations can result on complaints over unwanted calls that people register with TPS precisely to avoid.

The Commissioners concluded that the company was in breach of Code rules that prohibit calls to TPS registrants unless the company has express permission to make that call. This was not happening with data purchased from third party suppliers and there seemed to be similar questions over the degree of “opt-in” by people on McDowall Media’s own database.

Given the fact that this activity was at the very heart of McDowall Media’s business and, therefore, the high volume of calls made, the Commissioners were particularly concerned over the lack of documentation, safeguards and record-keeping of data and the call-permissions associated with it.

There were, however, strong grounds for mitigation in information sent by McDowall Media to the Commission prior to adjudication. The Commissioners believe that the actions taken or promised should bring them into Code compliance and dramatically reduce the level of complaints received.

The Commission has reprimanded McDowall Media and reminded them in the strongest terms of their obligations under the DMA Code of Practice. The Commission has made clear that it expects to see a significant reduction in the number of complaints received to the TPS. If this does not happen the Commission is likely to revert to a further investigation, possibly culminating in a more serious action. McDowall Media has been asked to review their arrangements and provide the DMC with a full report of actions taken as a result of the investigation, together with details of their handling of any outstanding or additional TPS complaints. The Commission have asked for the report on actions taken within one month and for a further review of the TPS complaint levels and handling of TPS complaints on 1^st November or as soon as possible thereafter.

click for more information

Concerns had been raised by three businesses which related to email marketing.  One complaint related to an unwanted email and the difficulty of finding out the source of the data; a second complaint related to claims that email addresses had not been suppressed adequately;  and a third claim from a business related to the sale of email data for an email campaign which resulted in a very high hard bounce rate – a large number of wrong or closed e mail addresses.

The investigation highlighted a number of uncertainties over the source of data, the access to and management of data, and an admission that in one case data had knowingly been used when it had been held for over two years. Based on this admission and on the absence of reliable information about data sources the DMC came to the conclusion that the data in question in two of the cases was not up to date and could not be shown to be accurate. This conclusion was reached on a balance of probability basis. The DMC upheld clause 5.37 of the Code which asks that data is accurate and where necessary, kept up to date.

The level of uncertainties as to the data in terms of its origin and accuracy, and the lack of assurances to the DMC as to its quality and verification, led the DMC to conclude that the company did not have the arrangements in place to demonstrate it was acting fairly and reasonably and able to fulfil its contractual obligations. The DMC upheld clause 3.21 which asks that companies act decently, fairly and reasonably and fulfil their contractual obligations.  Code clauses which applied to a third complaint were not upheld as the DMC did not have sufficient written evidence.

The business concerned was not a member of the DMA but listed on the List Warranty Register and therefore bound by the regulations of the DMA’s Direct Marketing Code of Practice. The DMC has explained its findings and concerns to the List Warranty Register.

click for more information

This complaint from a business related to a data order for approximately 25,000 records of email addresses and telephone numbers for residential landlords.  The Marketing Data Consultancy had bought the data from a supplier and provided it in good faith to the complainant.

It was clear that there had been a breakdown in communication between the two parties and responses to the complainant’s concerns had been slow (9.32).  However, by the company’s own admission, some of the data involved was not accurate and up-to-date (5.37), and statements made as to the verification of the data were misleading because some of the data had not been sufficiently checked (6.6).

The company had informed the Commission that it would normally verify and check all of its records in-house.  In this case the company had relied on assurances from a data supplier it had not previously dealt with. It now recognised and assured the Commission that further due diligence on its data suppliers would be undertaken in future, in order to ensure that any data supplied is accurate and verifiable.

The business concerned was not a member of the DMA but listed on the List Warranty Register and therefore bound by the regulations of the DMA’s Direct Marketing Code of Practice.

click for more information

Complaints not upheld.

The Claims Advisory Group is a claims company which aims to provide a complete solution to clients who wish to instigate claims against financial companies for the mis-selling of Payment Protection Insurance policies. 

The two direct complainants to the DMC related to the failure of call centre staff to put a  ’Do Not Call’ marker on a customer’s number after being asked to do so, and to a call made to a person registered with the Telephone Preference Service.

As part of its investigation the DMC was briefed on the staff training and call management arrangements at The Claims Advisory Group (CAG). The DMC was informed of disciplinary action taken in relation to an agent responsible for calling the complainant, and follow up action that had led to further calls and, thus, to the complaint.  All agents were re-trained accordingly. The DMC saw nothing to suggest the complaint reflected a broader issue over customer service and call-handling.

The substance of the DMC investigation lay in questions around the sourcing of data (ie names and telephone numbers) and the action taken to cleanse data against the Telephone Preference Service file as is required in the DMA Code and in legislation for which the Information Commissioner’s Office has lead responsibility. 

The investigation found that CAG sourced the vast majority of its data from third party suppliers. CAG makes over 12 million calls a year seeking new clients. Over half of the calls made by CAG are now to mobile numbers. For the most recent three-month period CAG told the DMC how many names it had added to their ’Do Not Call’ master-list. These were people who had told the company they were not interested in the product and did not want to receive further marketing calls.

While CAG provided the DMC with extensive material relating to the due diligence they carry out, it became clear from the investigation that the company had historically relied on their suppliers’ compliance with contract conditions for a critical aspect of data-supply. This was whether the contact number was TPS registered and, as such, a number that should not be called, except in narrowly defined circumstances. It seemed CAG assumed data suppliers were cleansing data against TPS with the required frequency.

This was the core issue raised by one complainant; a TPS registrant who said he had not given any specific agreement to receive calls that would override his TPS registration.  It seemed there was genuine uncertainty over whether this was the case in this particular situation.

The DMC investigation did, however, result in CAG acknowledging that they had had over 400 complaints from the Telephone Preference Service over calls made in breach of registered preferences not to be contacted.

CAG argued that this was an insignificant number of complaints in percentage terms relative to its volume of outbound calls. CAG also provided data on customer numbers and on the number of customers added to their ‘Do Not Call’ list. CAG also expressed concerns about the DMA and ICO guidance on the circumstances in which the public can give permission to calls from named parties to override TPS registration.

The DMC was unable to validate the CAG defence that most of the 400 complaints related to very new TPS registrants, and that calls to them were not in breach of rules that allow marketers up to 28 days before the registration should apply in full. Nor was the DMC able to test whether any of the consumers asking to be put on the CAG ’Do Not Call’ list were existing TPS registrants.

The DMC had advice from the TPS that no complaints are relayed to firms until after new registrants making a complaint have been on the register for a 28 day period. The DMC welcomed the acceptance by CAG that this seemed to imply that there were issues with data-cleansing by CAG suppliers. The DMC welcomed CAG’s decision to obtain their own TPS licence and to cleanse all data themselves against the TPS file on a weekly basis.

The DMC did not feel able to reach a decision based on the TPS numbers without a more detailed breakdown, the information from CAG regarding its changes in operational practice, and the uncertainty over complaints.  The DMC regretted that it was unable to evaluate CAG’s defence because CAG refused to share the relevant data as a result of legal advice it had received. 

The DMC therefore concluded that it was unable to uphold a breach of Code provisions related to compliance with TPS requirements or the Code provision relating to a member company’s responsibility for the conduct of its suppliers.

The issues around data-sourcing, compliance and best practice were thought to be particularly important in a situation in which a company is making around 12 million marketing calls, and a number of those called in a year are asking to go on a ‘Do Not Call’ list.

The DMC welcomed the action taken by CAG to deal with any issues over the quality of call handling and the action to secure a TPS licence and cleanse day themselves before its use. These actions and the management of data-suppliers were seen to be particularly important given the volume of calls being made to home phone numbers and to mobile handsets.

The DMC also noted suggestions from CAG on the future operation of TPS and the clarity of DMA guidance related to the TPS and circumstances in which a consumer can give an overriding opt-in to receive calls from named suppliers.

click for more information

These complaints related to concerns from two individuals.  In one case, a TPS registered individual had received an unwanted call from a legal company in relation to a personal injury claim. In a second case, an individual had received an incorrectly addressed and unwanted email regarding PPI loans to an address which he claimed had never been used before.  These two complaints, and previously informally resolved complaints, resulted in a formal investigation by the Commission into the company’s processes in relation to the buying and selling of data.

In both situations Reactiv Media had acted as an intermediate supplier of data; buying from data providers and supplying organisations who then marketed direct to the public.

Reactiv Media accepted that, as per the DMA Code of Practice, they are normally responsible for any action taken on their behalf by their direct marketing suppliers.  They accepted, however, that they had not undertaken the appropriate due diligence in these cases to ensure the data was accurate, up to date and that there were measures in place governing the onward sale and use of that data. In one case the Commissioners concluded that the company were unable to provide sufficient evidence as to the origin of their data to show that the consumer who had received an unwanted email regarding PPI loans, had not been ‘spammed’.

The Commissioners saw a particular risk of consumer vulnerability given the nature of data involved and concluded that Reactiv Media could not in these cases have been confident it was in a position fully to meet it responsibilities under the Code.

The Commissioners upheld a breach of clause 3.19 in the Direct Marketing Code of Practice which asks that in all their dealings with consumers and other businesses, members must act decently, fairly and reasonably, fulfilling their contractual obligations at all times.   They upheld a breach of clause 14.6 of the Code which asks that unsolicited marketing emails are not sent to individuals without consent.

The Commissioners welcomed Reactiv Media’s co-operation, the advice on steps already taken to address concerns and recognition of the need for changes in processes and procedures and thinking for the company to be confident of the data they trade and of compliance with the DMA Code. On this basis the Commissioners thought it appropriate and adequate at this time formally to remind Reactiv Media of their obligations under the DMA Code of Practice.

click for more information