0161 941 5700

Thursday 18th February 2016

Part 1: The ICO Questionnaire

Part 2: How to Spot a Data Cowboy

 


  

Over the last few weeks, I’ve been blogging about data cowboys and various problems in the industry. This was prompted by receiving a letter and questionnaire from the ICO which went out to 1000 data processing companies where the ICO are looking to understand more about the industry and potentially identify companies with poor compliance procedures. I blogged previously as I felt that the questionnaire in isolation was confusing to its recipients but, as part of an overall transparency strategy, it could be a good place to start.

I followed that blog up with a post called “How to Spot a Data Cowboy”. Something a bit more tongue-in-cheek but very tangible. It was less helpful for the ICO but certainly marketing managers could get some use out of it. This is my latest blog in the series about how I would tackle the perceived problems that have recently been highlighted by the ICO or media. This also contains my views on other problem areas which do not seem to be under review – some of these areas far more damaging and wide reaching than what a questionnaire may uncover. I’m sure there’s much work going on behind the scenes around the below. I just think the industry would welcome them being a bit more to the fore and open for discussion.

Like any industry, there are many different problems and more than one organisation can solve. I think that certainly, the ones that the media are interested in are based around vulnerable consumers, unwanted marketing and data privacy. Consumers by definition are certainly interested in what they are reading or seeing in the media. I think that the marketing industry is interested in compliance, response erosion, responsibilities, its perception and cleaning up of the industry.

To that end, I feel that as a starting point we can help consumers with the major areas of Education and Technology, and we can help businesses with Education, Accreditation and Technology. I’m not sure if these will ever be enough to help media coverage but I would hope that by improving perceptions with consumers and targeting then marketing will self-regulate and clean itself. That may be naïve but I would like to think that data and direct marketing, when regulated, would get the same treatment from media as any other industry.

Education

There are two distinct areas here. I believe that as an industry and governing body, the ICO and DMA have a duty to inform consumers directly and through media as to how direct marketing works. Outside of that, those same bodies need to educate all UK businesses on their responsibilities and best practice. Both will have massive impacts on consumer perceptions, response, and general satisfaction.  At this point, I think the industry is failing, looking at consumer responses and views, many are powerful emotion-based reactions but based on incorrect assumptions or knowledge gaps. This is perfectly understandable. The media will not necessarily help with this as it’s not their job so I believe the ICO and the DMA need to lead the way here, with its members in tow.

Educating the Consumer

I think that it’s fair to say that data is somewhat of an unknown quantity to consumers. It’s a funny word – what does it even mean in this context? It’s not like a red car or a green sofa. Both of those will strike up images in a person’s mind and there will be a general understanding of how they’re sold, purchased and the laws around them. We understand shopping baskets, checkouts and the physical world. Data is ethereal. It’s a spreadsheet. It’s not something people can imagine and many have no clue as to how and why it has come to exist.

With that said though, despite not being something you can touch, it does not diminish in terms of value or personal ownership. When someone purchases a house, the biggest decision of their lives, they also purchase the written address and those few lines of text are their personal material property. As is their phone number. Stretch this out to include details of family members are we can all appreciate how protective people are – rightly so. I know that I would do anything for my son and his name is my name, his details are more important than my details – they are mine to protect like the bricks of our house. I will protect them – intangible or not.

The reason I discuss this is just to give context to the emotion when something goes wrong or there is reason for complaint. It might just be one unwanted letter, but it’s what that letter represents that may be the problem – or in fact the impact of it. I won’t go into the recent high profile cases that have been in the media. Suffice to say, we were not involved with any of them and I absolutely agree with the highlighted issues and welcome any changes to prevent anything happening similarly in the future. I believe that the industry, the DMA and the ICO have a collective responsibility to inform the public about the following:

 

  • How does a company get your data?
    • Social media, comparison websites, questionnaires, surveys, warranties, newspapers, magazines, subscriptions, competitions, edited electoral roll, telecoms companies and more. This needs to be understood. People don’t correlate filling in a survey in an airport to win a car to pass the time or getting a quote for car insurance with getting a phone call from a “selected” third party 6 months later. The dots can be joined, but naturally we cannot rely on consumers to piece that together or remember. We all lead busy lives.
  • How data is maintained by companies? Or “What do they do with our data?”
    • Best practice guidelines, suppression services including TPS, deceased, movers etc, typical accuracy levels. What is data processing? Profiling of the data – how it works and why it’s useful for advertising.
    • How is it stored?
    • Who is it sold to?
    • Who can email/call/mail me?
    • What are the laws around selling it?
    • What to do if you receive an unwanted letter/phone call/SMS
    • How can you prevent your data entering the marketplace?

 

For me, I don’t see why this booklet cannot be mailed to every household in the UK – like the phonebook (with the phonebook?). A dedicated website should be setup and possibly TV advertising very much in line with government initiatives such as healthy eating or 5 a day, etc. Infomercials. Yes, this involves money and there are plenty of ways to raise such funds such as advertising and ICO fines, if recoverable.

What the industry cannot do is rely on the media to educate, to repeat it is not their role and there are conflicts of interest. I would not understand how or begin to educate a consumer on how the media work as I have no experience. The reverse is also true. The second facet of education revolves around businesses and their obligations.

Educating Businesses

So if we can help consumers understand how data works, help them understand the financial value, what to look out for and importantly how to make sure that marketing to them is targeted to their preferences then we will take a massive step towards bringing marketing to something that could be seen as a positive – ambitious, I know but why not?

The other side of the bargain is businesses have to behave in both a legal and ethical manner. There are two parts of to this:

  • Direct marketing companies and agencies
  • All other industries who directly market to individuals

For the direct marketing companies, I would suggest education revolving around the following:

  • The role of the ICO with ongoing dialogue – ideally quarterly seminars
  • The role of the DMA with increased membership dialogue
  • Compliance and Data Protection laws
  • Training available
  • Accreditations available * Not readily available but I would like to introduce.

For the industries who direct market outside of the industry, I would suggest the education is similar. I would suggest courses with modules based around the below

  • Role of the ICO
  • Compliance and Data Protection laws
  • Training Available – Direct Marketing
  • Company and Staff Accountability * including changes I would like to make.
  • Consumer Marketing – Ethics and Vulnerability, campaign execution
  • B2B Marketing – Legalities, ethics, handling opt-outs etc
  • Accreditations Available * Not readily available but I would like to introduce.

I think there is then a question on the nature of the education. Should some or all modules be mandatory if relevant to your business? I would argue yes. At the least, companies who direct market should be able to display an accreditation that states what modules have been completed and that they are accountable. It will have the consumer benefit a bit like ISO or kitemark.

The public should then be “dissuaded” by the ICO to avoid using companies who do not go through education and accreditation. I would argue that TV advertising campaign along the lines of TV license evasion or crime: Together will crack it will help educate both business and consumers.

Posters in the work place that are legal requirement (like H&S) should also be present for data security and obligations having the purpose of reminding staff of their accountability. I would argue that the toe-rags who don’t suppress peoples numbers or flag calls appropriately in call centres should be reprimanded and personally accountable as well as their employers. Much of the problems of today can be handled by telemarketing staff caring about what they do and who they speak to. Targets should be based around consumer experiences as well as sales ability. A suppression is a positive result as they are making their data more responsive – not burning it.

I would also suggest mandatory registration with the ICO if you are a limited company – full stop.

Educating the Media:

Quite a sensitive area this one and certainly I feel this is the responsibility of the industry itself and the DMA. The media need to understand current laws, future proposed laws, best practices and generally how data is created, sourced and maintained. It’s alarming seeing sensationalised stories about direct marketing drafted by certain sections of the media when they themselves sell masses of advertising space to companies that generate marketing data and their parent companies provide data feeds into consumer databases. I also understand that the media do a good job with bringing to light large data related issues that need to be discussed. If the media could be educated about the good that direct marketing brings, then I feel that this would help with fairer coverage for all parties.

Accreditation:

If you want to give financial advice about certain products then you have to be FCA registered. If you want to sell marketing data, you can be anyone it seems. Herein lies part of the problem: I believe that all companies should go through an annual accreditation. I understand that the cost of this would be astronomical to manage so it would of course have to be a paid accreditation.

List Broker/Owner Accreditation:

  • Company audit
  • Must not be self employed and based in the UK.
  • Pass data security checks.
  • Must sit and pass data education modules as above.

Telemarketing / SMS User Accreditation

  • Company audit
  • Must not be self employed and based in the UK.
  • Pass data security checks.
  • Must sit data education modules as above.
  • Staff and company to be accountable for opt-outs (trying to prevent poor agents not removing numbers when asked too for whatever reason – it should be misconduct)

For certain types of broker and list owner – I believe this should go beyond ‘Accredited’ to become ‘Authorised’. Like IDM courses, accreditation can be used a sales tool by relevant companies who comply. E.g.: – don’t trust the companies that are not. I also believe that we should all sign a charter not to do silent calls and voice broadcasted calls. Certain industries that target vulnerable consumers should also have a separate accreditation. The definition of vulnerable is the tricky part here.

This will not help eliminate the true cowboys as they will not be accredited or noticeable. It will just make it more difficult for them to operate. The additional data security checks in the education will help prevent employees stealing data or back end deals. Like the ASA and FCA, with this data accreditation or authorisation comes accountability

Powers and Enforcement:

I would like to see the ICO Enforcement team identify the rogue elements in the industry and importantly the unethical and illegal non direct marketing firms who are rotting direct marketing. These are the SMS Personal Injury companies, the debt management and PPI companies who flounce the TPS, these are the home improvement and mobility companies who target the elderly with pressure sales and so on. Of course, not all companies in those industries work in that manner but in the current climate and anything involving data, if one company is guilty, everyone is. This is certainly the case with List Brokers it seems.

The recent ICO questionnaire seems to be a first step on this road but it only goes to registered ICO companies – this will not pick up the cowboys, they don’t register! This will not pick up offshore companies and scams. This will not pick up rogue employees in non data companies illegally selling data. It’s quicker to say what it will pick up, legitimate and well-meaning data companies who might need to tighten the odd area. So still very valid, but let’s not kid ourselves that this will stop PPI texts, silent nuisance calls and the like.

I would like to see the ICO set dedicated resources to combat the following and be proactive as opposed to waiting for complaints. This can be achieved by seeding and mystery shops.

  • Voice Broadcasting Companies – This is typically PPI, Debt and PI. Concerted effort to trace these companies.
  • Illegal Marketing Data Companies – Forget the questionnaire, go onto google and try to purchase data via mystery shop. I could send the ICO a list of about 30 suspect websites today! Also achieved with dialogue with DMA and the data industry.
  • Random audits on consumer telemarketing companies – just like the VAT man.
  • Changes in law – in process.
  • Silent Calls – Fine them.
  • ICO working in conjunction with ISP’s for email, BT and mobile/Landline companies for telemarketing and the post office for direct mail abuse. Work together to catch the abusers.
  • New powers for the ICO to track down repeat offenders and prosecute on a personal level. We need to avoid companies being recycled to avoid fine payments.

I appreciate that this is all just theory and possibly impractical due to resource. I imagine the ICO would have to move out of their central Wilmslow office to something akin to us normal companies. That is half the mortgage or rent saved to pay for a new member of staff or two (tongue firmly in cheek).

If the cowboys slip through the ICO net though, how do we stop them?

Technology

All of the above ideas are preventative measures, processes designed to make it more difficult to be a rogue in the industry or try to find them. What it will not do is stop them. If they are determined to behave in an illegal and unethical manner they will and there is nothing the ICO can do to stop it apart from start a lengthy investigation only after a serious complaint has been filed.

I believe that the only real way to win this war (albeit temporarily) is to upgrade our telecoms infrastructure – whatever that means. I don’t have the solution but I am not an engineer but I know what I would like to see. I would also think that everyone would be open to spending an extra £1 per annum line rental to pay for these services. So essentially, we are looking at BT and peers here.

Prevent Silent Calls – Literally trace them and stop all calls leaving from that number. If dynamic, get brains to learn the algorithms. BT does have new processes and capabilities to stop this but they maybe additional extras until recently? If this can be done, make it mandatory. Ofcom to get involved and expand Persistent Misuse Powers.

Mobile Operators – Make each mobile phone defaulted to block calls/texts from international numbers or specific countries unless you turn them on. Default opt-out.

Develop complex algorithms that block texts from unrecognised numbers not in your address book that contain certain keywords such as Claim, PPI, Accident, Consolidate, Debt, Low, Loan, Cash etc. This can be turned off but the default is that it is switched on to start with.

Voice Broadcasting Calls – Should be banned. If there is a tech trace or signature of these calls then block them as standard unless turned on.

Direct Mail – Charities should have to display on the envelope that this is a mailing requesting donations or marketing material. The homeowner can then clearly make a judgement to open or not. Same should apply for any health related offers. This could be even expanded to include all marketing mailings to consumer addresses.

The Royal Mail should have algorithms in place to determine whether an address or recipient is getting too much marketing mailings, preventing recent sad events. The Royal Mail can positively use data such as age and other characteristics to recognise when ‘enough is enough’. The Royal Mail should offer a paid subscription service that can block marketing direct mail to addresses of preferably provide each household with a service where you opt-in to allow direct mail to come through with certain envelope kite marks – such as Charities and Finance are acceptable but not home improvements or health related.

Banks should operate a sophisticated fraud department system that blocks transactions if algorithms dictate they might be possibly fraudulent. The Royal Mail should develop the same for direct mail.

The above would be my starter for ten. It’s got plenty of holes. But it’s a start. I think that some of the above could really make a difference. Feel free to email me with your own opinions.

 


This is Part 3 of an ongoing blog series on cleaning up direct marketing.

Part 1: The ICO Questionnaire

Part 2: How to Spot a Data Cowboy

 

Comments are closed.

Our clients