The ICO will this week write to more than 1,000 companies involved in buying and selling people’s names and numbers, as part of its ongoing crackdown on nuisance calls.
The companies are all believed to play some role in the compiling and trading of lists of names and numbers used by cold callers.
The ICO expects the companies to set out exactly how they comply with the law, including what data they share, how they get people’s consent to share their data, as well as a list of all the companies they’ve worked with in the last six months.
Information Commissioner Christopher Graham said:
“We already know a lot about this sector. We know that it prompts 180,000 complaints a year from consumers, who take the time to report to us the calls they’re getting.
“That information has helped us to make some big breakthroughs in the nuisance calls business, alongside the intelligence we build up from elsewhere, from whistleblowers for instance, or from the network providers.
“We see clear patterns building up and can identify who would benefit from guidance, and who the truly bad actors are. This enables us to execute search warrants, to drag people before the courts, and to issue fines. We’ve got three fines lined up for this week, and that’ll bring us to a total of a million pounds worth of penalties in this area over the past four months alone. It’s clear we’re getting the job done.
“But there’s a danger that where we remove one of this Hydra’s head, two grow back in its place. By targeting the illegitimate aspects of the list broking business that fuels this industry, we have the chance to truly strike down this monster.”
The companies being written to have been identified as they are registered with the ICO (as all data controllers must be under law), and their registration indicates they trade or share personal data, some of which may be used for direct marketing purposes.
Details such as how organisations are ensuring they have the proper consent in place to share personal data will inform the regulator’s data protection compliance and enforcement work.
How lists are screened against the telephone preference service, what suppression lists are operated, and the contract terms used when the information is sold will inform compliance and enforcement work under Privacy and Electronic Communication Regulations.
The information will also help to better inform the ICO’s work in providing guidance and education, both to the list broking sector and the companies who buy from it.
Where companies do not respond to our letter, the ICO will look to take action to require the information to be provided. The ICO has the power to issue Information Notices, which legally oblige an organisation to provide us with information, with the threat of court action if they do not. One such company was prosecuted in October, and the courts fined them £2,500.
The work comes in the week after Christopher Graham reiterated his call for powers to oblige companies in the lead generator and list broker sectors to be audited by his office.
Speaking before the Science and Technology Committee on Tuesday 17 November, Christopher Graham said:
“There would be a question of resources to do this, but I think the lead generator and the list broker sector is also one that it would be very logical for there to be powers to compulsory audit.”