Data protection janine paterson - direct marketing association
- 1. Institute of Fundraising Supporter Care & Stewardship Friday 21st September 2012 Data Protection Janine Paterson DMA Solicitor
- 2. Overview • Data Protection Act • Marketing • Potential changes in the future
- 3. Data Protection Act 1998 • Privacy - a topic in the UK and Europe for over 60 years • Data Protection Act 1984 – minimum implementation in the UK • 1995 Data Protection Directive – became DPA 1998 • Privacy and Electronic Communications Regulations 2003 and 2011
- 4. 8 Principles Personal data are: • Processed fairly and lawfully • Processed only for specified and lawful purpose(s) • Adequate, relevant and not excessive • Accurate and up to date • Not kept longer than necessary • Subject to rights of data subjects • Technical/organisational means to prevent unlawful or unauthorised processing • Transferred outside EEA only if adequate security • All relevant to marketing but 1 is foundation
- 5. Principle 1 Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless- (a) At least one of the conditions in Schedule 2 is met, and (b) In the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met
- 6. Collecting and using data for marketing • Processing – doing anything with data • Collecting and using data for marketing is processing • Need grounds to process • Marketing – consent • Problem with consent – it can be withdrawn • If withdrawn then you can not process the data for marketing
- 7. Marketing data Many ways to acquire personal data for marketing purposes – Direct from consumer – Bought in/rented lists – Survey sponsorship
- 8. Marketing rules General rules – B2C • Direct Mail – opt-out • Telephone – opt-out • Email – opt-in • SMS – opt-in • Fax – opt-in
- 9. Email/SMS marketing Soft opt-in/existing customer exemption • Exemption applies if all the conditions apply • 1) Email or mobile number was acquired in the course of a sale or negotiations for goods or services • 2) Unsubscribe from marketing offered at time of collecting data and on all subsequent messages • 3) Marketing must be only about similar goods and services • 4) Identity of sender is not disguised
- 10. Charitable donations • Do not come within the definition of the exemption so opt-in for email and SMS • ICO confirms view in guidance: We are a charity, political party, or not-for profit organisation; can we take advantage of ‘soft opt-in‘? Only if you are promoting commercial goods and services, for example, those offered by your trading arm. ICO guidance on electronic marketing
- 11. So what to do? • ICO recognise the difficulty this causes. • Argue that organisations should seek “solicited” communications, ie get people to actively agree to being contacted – permission based marketing • Send messages to people who actually want to hear from you
- 12. Permission based marketing • Don’t see it as the enemy – Comply with legal requirements – Good data management – Increase customer confidence and therefore the bottom line
- 13. Legal requirements • Data Protection Act - 8 principles • Marketing opt-ins/outs
- 14. Good data management • Makes good business sense – data is an asset and can give a competitive edge • Data quality is vital to the success of any business • Affects reputation and brand
- 15. Consumer confidence • Consumers - more aware value of data • Will affect whom consumers do business with
- 16. How can we achieve this? • New customers – easiest as can show benefits – over telephone or on a website sell the benefits of agreeing to be contacted – Privacy policy
- 17. How can we achieve this? • Existing customers – more difficult – should have got opt-in when first joined – Database update – service message • Duty to keep information held accurate and up to date • Confirm marketing preferences • Incentive - prize draw – Instil confidence in your customers that you respect their data and protect it
- 18. Telemarketing • Legal requirements for B2C • In-house suppression file • TPS screening for all new numbers acquired if applicable • TPS screening if buy in/rent third party opt-ins where organisation was not a named third party
- 19. The future 1995 European Directive ( implemented into UK by 1998 Data Protection Act ) showing its age due to: 1) Law doesn’t take account of new technologies – and more complex information networks 2) Lack of common European law and differences in national implementation impedes marketing 3) Consumer concern over privacy – high profile data security breaches, etc. leading to reducing permission to market
- 20. Data Protection Regulation - Key issues • Opt-in and opt–out - obtaining consent • General rule for direct marketing – “explicit consent by clear statement or affirmative action” • Legacy databases – what about data collected under current law? • At odds with existing rules on voice calls, email and SMS marketing
- 21. Data Protection Regulation - Key issues • IP addresses and cookies – Definition of personal data extended so could cover some IP addresses and cookies – But IP addresses identify a device not an individual + some IPs are general • Right to be forgotten – Right for individuals to request organisations to delete any information held on them – Drafted with social media in mind – but goes beyond this
- 22. Data Protection Regulation - Key issues • Data breach notification – Every organisation that suffers a data security breach would have to notify Information Commissioner’s Office and the individuals concerned within 24 hours – Increase in fines/sanctions – in stages, of up to 2% of global turnover or 1 million euros • Marketing to children – General rule – parental consent required for under 18’s – Exception for online marketing to children above age of 13
- 23. What the DMA are doing • Federation of European Direct and Interactive Marketing Associations (FEDMA) in Brussels leading collective EU dm effort – UK DMA chairs Legal Affairs Committee • Lobbied Commission intensively after unofficial draft leaked in Dec 2011 – with some success • Responded to Ministry of Justice’s Calls For Evidence in 2010 and 2012, with input from DMA members. • Responded to Commons Justice Select Committee inquiry – Select Committee now holding hearings
- 24. What the DMA are doing • Now lobbying UK Government and European institutions as the proposal goes through the European legislative process • Leading UK Data Industry Group response to the proposed legislation & participating in CBI Group on Data • Key research on consumer attitudes to privacy, Data Privacy: What the Consumer Really Thinks and on the economic value of the dm industry, Putting a Price on Direct Marketing
- 25. Summary • Data protection rules not there to hinder you or stop you running your business • Use them to build confidence in your organisation • Start the dialogue with those who want to hear • Involves everyone in the organisation • Join the DMA and help shape the future
- 26. Thank you for listening Janine Paterson DMA Solicitor E: [email protected] T: 020 7291 3356