The issue remains headline news with the recent report of 87 year old veteran and dementia sufferer Samuel Rae allegedly having his details sold on up to 200 times with charities continuing to contact him for up to 5 years after he had asked them to stop.
Shortly after Olive Cooke’s death the Information Commissioners Office (ICO) announced that it would be looking into the direct marketing activities of charities. With the further headlines emerging since, the ICO has come under increasing pressure to do so and to take action on those it finds in breach of the rules relating to direct marketing.
Direct or unsolicited marketing is regulated by the Data Protection Act 1998 along with the Privacy and Electronic Communications (EC Directive) Regulations 2003. Together, these provide principles of information handling along with rules about sending marketing including the use of databases that store people’s information such as home and mobile telephone numbers, email addresses and mail addresses. Individuals must be told upfront if their information will be used and/or shared for direct marketing purposes and all organisations, including charities, must not make unsolicited calls (cold calls) when individuals have opted out of such calls, either directly or through the Telephone Preference Service (TPS).
These rules have been in existence for over 10 years and during that time the ICO has issued guidance on how to comply with those rules and has generally taken a robust approach with organisations who have breached them. Charities do not enjoy any special exemptions or dispensations in relation to these direct marketing requirements. In response to its recent investigations the ICO has requested changes to the Code of Fundraising Practice published by the Institute of Fundraising (IoF). In particular it reinforces the existing rules that charities must not make any direct marketing calls to any numbers registered on the TPS unless they have been notified by the individual that they may do so, including making such calls ‘off the back’ of ‘administrative’ calls. The IoF issued a warning to its members in August 2015 to ensure their compliance as soon as possible.
Generally, it is not a breach of data protection laws to sell an individual’s name, telephone details, and ‘supporter profile’ to a third party, as long as that individual was told when they first gave their details that it may/would be sold on to other parties and for what purpose, and was given the opportunity to easily and free of charge, opt out of such sharing. However, even where charities provide such notification and opportunity to opt-out of receiving direct marketing calls, they will fall foul of these rules if they call TPS-registered supporters to ask if they would like to be contacted for donations in the future.
Charities therefore need to closely examine their direct marketing practices and ensure that they have:
- the right notices / consents in place and can demonstrate these were in place if asked to do so
- dealt only with reliable third party list brokers who can demonstrate that the right consents have been obtained for the information that is being sold to them – often organisations simply do not do sufficient due diligence in this regard. Obtaining contractual warranties as to consent is not of itself sufficient to get an organisation ‘off the hook’ should the list broker not meet its contractual obligations
- a regular system of cleansing their telemarketing lists against the Telephone Preference Service lists
- robust and effective suppression systems in place to ensure ongoing compliance
Individuals are becoming increasingly willing to move their support away from organisations who do not handle their personal information properly, and compliance is an effective way of maintaining their trust. At DWF we work with organisations to help them build and maintain direct marketing processes, identify the risks and help them to build and maintain robust procedures which ensure compliance and in turn maintain the organisation’s reputation and win trust from existing and potential supporters and customers.
Governance, policies and procedures, and good staff awareness of their obligations when handling personal information, are key to ensuring compliance not only in relation to a charity’s direct marketing activities, but other day to day activities such as processing monetary donations, engaging volunteers, running outlets for the sale of donated items, and in relation to its human resources functions.