What Not to Do When the ICO Comes Calling
No one likes spam texts, even when they are done accidentally, or by someone who didn’t “know” they were sending them. In the past year, the ICO has identified and taken action against a variety of companies. Some of them were clearly deliberate violations of the regulations, but quite a few were not.
The most recent example (at the time of this writing), fell into the latter category. The company apparently thought they met the regulatory requirements. But the ICO felt differently. What happened next is the lesson of this blog.
Specifics of the case
Early in January 2016, the ICO began receiving complaints about PRS Media sending unsolicited text marketing messages. The complaints continued through May of that year, totaling 2,629 in five months.
It turned out the company runs a competition and prize draw website that it used to gather mobile numbers for marketing purposes. To enter a competition, a person must agree to their terms, which included statements about receiving marketing messages.
On the surface, that arrangement might sound reasonable. People signed up in order to enter the competition, so they shouldn’t complain about getting the messages, right? But that isn’t what the rules say about SMS marketing.
Based on the complaints, the ICO requested information from the company on their practices and proof that the people they messaged had provided consent. After further investigation, they found that 4.4 million text messages were sent by the company based on their website “consent” to terms and conditions.
Here's where it went wrong
PRS Media ignored the first two requests for information by the ICO. They simply didn’t do anything to address the concerns or complaints received.
Eventually, the ICO was compelled to take the formal route of sending an Information Notice that legally requires organisations to provide the information requested. This time, the company pointed the ICO to their privacy policy and terms and conditions listed on their website.
Later in August and September 2016, the ICO requested more information and never received a response.
As a result, this past March the company was fined £140,000 for sending 4.4 million spam texts.
It didn't have to be this way
Based on the description of how PRS operated it’s SMS marketing, they certainly were going to have some sort of penalty from the ICO. It’s no longer sufficient to have a check box where someone agrees to terms and conditions that they probably never read (does anyone?).
But the Commissioner has many options when it comes to the action it takes against companies. And it seems that many of the decisions (monetary ones especially) come down to how the company handled the problem.
For example, in the Monetary Penalty Notice issued to PRS Media Limited, it specifically states that the breach was not deliberate. In other words, the Commissioner didn’t believe the company was trying to scam or circumvent regulations on purpose. They weren’t following the regulations, but it wasn’t intentional (my interpretation of the notice), though they should have known better.
However, because of how the company responded, the penalty was greater than it might have otherwise been. Here are the “aggravating features” of the case identified in the notice:
“PRS Media Limited failed on two separate occasions to answer requests for information and it required the service of an Information Notice to compel a response.”
and
“The response received from PRS Media Limited to the Information Notice provided unsatisfactory answers to the questions asked and figures provided were at odds with the Commissioners own findings.”
The result of the company’s inaction in response to the ICO requests resulted in the seriously hefty fine.
If it happens to your company
Staying compliant with the regulations isn’t hard. Even though there are changes coming with the GDPR next year, the ICO publishes easy to follow guidance on how to make sure your company stays on track.
But if somehow you end up with spam complaints and a letter from the ICO asking for more information – do everything you can, as fast as you can, to comply with the request. There may be consequences for not doing something correctly, but things will be much worse if you try to hide, ignore or talk your way out of it.
Related Articles
SMS Marketing – A Brief Guide to the Data Protection Act 1998
Any UK business that collects, stores and uses other people’s personal data for purposes such as marketing and selling is subject to the rules of the Data Protection Act, and those using SMS marketing are no exception. Having a basic understanding of the DPA legislation and its main requirements is useful to maintain best practice in direct marketing such as SMS marketing and also helps to uphold your hard won customer trust - as well as avoid the potentially costly consequences of falling foul of the law. Read this article to learn how to avoid the simple pitfalls and get your SMS marketing campaign off to the right start.
SMS Marketing: Ensuring Compliance with the Law
All businesses are subject to the law when it comes to advertising and marketing. Companies cannot make false claims or mislead consumers via advertising materials, for example. Designed to protect consumers and commercial clients, the law regulates most forms of marketing in some way. With companies carrying out various forms of marketing activity, it can be difficult to keep on top of the relevant laws and guidelines. By working with SMS marketing experts, however, you can ensure that your marketing campaigns are fully compliant with the necessary laws and that you’re able to connect with your target audience lawfully and effectively.
SMS Marketing Compliance and The New GDPR Regulations
As with anything in business, there are rules and regulations that need to be followed. Some of the key ones are laid out in the UK Privacy and Electronic Communications Regulation (PECR) - and while this can seem like a daunting document at first, it doesn't need to be...
Best Practices for SMS Marketing
In many of our previous posts, we have discussed the whys and hows of SMS marketing, listing the benefits, and the impacts on lead generation. There’s no doubt that by employing a marketing strategy that uses business SMS as a medium that your processes will become more efficient and your leads will become more targeted, meaning a better ROI. Here we will look at the best practices for SMS marketing to ensure your campaigns are offering the best for you and your users.
A review of the EC directive for SMS marketing
Here’s Why SMS Marketing Is Literally The Best Idea Ever
Is SMS marketing the worst idea ever? That’s the opinion of one author in Entrepreneur Magazine. He gives five reasons why companies should never bother sending SMS messages to customers. I take him on, point by point to show why he’s wrong and SMS marketing is the best idea ever.
Unsolicited SMS Messages Lead to Trouble…Even for Trump
Late last month reports surfaced that the Trump US presidential campaign had sent unsolicited SMS messages to voters in the Chicago area. One man, Joshua Thorne, and his lawyers have filed a class-action lawsuit alleging the Trump Campaign violated the Telephone Consumer Protection Act (TCPA, the US equivalent of the PECR).
3 Compliance Tips for Your Next SMS Marketing Campaign
When conducting an SMS marketing campaign, there are a number of compliance regulations you should be aware of, to ensure that your communications are as effective as possible, without being potentially damaging to your campaign or your business. If you're marketing to a UK market, the UK Privacy and Electronic Communications Regulations (PECR) gives clear guidelines on what falls within the rules. Here we've highlighted some key tips to ensure your next campaign is compliant, based on common questions that arise.
Why Finance Companies Should Excel at SMS Messaging
One of the most interesting use cases for SMS messaging is the financial industry. Just a couple weeks ago I wrote a blog on 7 ways the financial industry can use SMS messaging to communicate with customers. In this blog I'll expand on the topic from a different perspective: personalisation.
