This page contains a Flash digital edition of a book.
ICO


Cracking down on data


The Information Commissioner’s Office (ICO) is targeting more than 400 companies believed to be using people’s personal details to promote online gaming websites. CIO reports.


T


he Information Commissioner’s Office (ICO) has announced that it is to crack down on the use of personal data in online gaming sector. Failure to comply with the law can result in


enforcement action from the ICO, including a fine of up to £500,000. The regulator is writing to companies demanding they set out how they use people’s personal details and send marketing texts. This includes where they got people’s personal information from and how many texts they sent. The campaign is part of an investigation by the ICO into large numbers of spam texts linked to the gambling sector. David Clancy, ICO anti-spam


investigations manager, explains: “Companies must comply with the law when using people’s personal information.


Not knowing the law or trying to pass the buck to another company in the chain is no excuse. “The public expect firms to be accountable


for how they obtain and use personal data when marketing by phone, email or text. Fail to be accountable and you could be breaking the law, risking ICO enforcement action and the future of your business.” The ICO is writing to companies identified as being involved in affiliate marketing. This is when firms offer to pay organisations that bring them new customers, sometimes leading to a situation where neither party is taking any responsibility for complying with the rules. The gambling sector is an area where the ICO has become aware of particular problems around affiliate marketing. “It’s thanks to consumers who’ve reported


spam texts to us, as well as intelligence from other sources, that we’ve been able to progress our investigations to this stage,” says Clancy. If businesses do not respond to the request


56 DECEMBER 2016


for information, the ICO can use its powers to demand the information to be provided. A new code of practice has been launched by the ICO this month which sets out how organisations should explain to people how they’re using their personal information.


About the ICO


The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003. The ICO can take action to change the


behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000. The Privacy and Electronic Communications


Regulations (PECR) sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications. There are specific rules on: marketing


calls, emails, texts and faxes; cookies (and similar technologies); keeping communications services secure; and customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings. The ICO aim to help organisations comply with PECR and promote good practice by offering advice and guidance, and will take enforcement action against organisations that persistently ignore their obligations. The rules on electronic mail marketing (which includes text messages) are in regulation 22 of PECR. In short, companies must not send electronic mail marketing to individuals, unless: they have specifically consented to electronic mail from you; or they are an existing customer who bought (or negotiated to buy) a similar product or service from you in the past, and you gave them a simple way to opt out both when you first collected their details and in every message you have sent. Companies must not disguise or conceal their identity, and you must provide a valid contact address so contacts can opt out or unsubscribe. Civil Monetary Penalties (CMPs) are subject


to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice. Any monetary penalty is paid into the


Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).


To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62