The Information Commissioner’s Office (ICO) has issued an £80,000.00 fine to broking company Verso Group (UK) Limited. The ICO found that the company violated data protection laws because it didn’t adequately inform data subjects what was being done to their personal information.
Whilst investigating two other companies for breaches of the Privacy and Electronic Communications Regulations, the ICO noticed that Verso Group may have been supplying the two companies with personal information for the others to send unsolicited direct marketing communications to unwilling subjects. One of the companies, Prodial Ltd, was fined for making 46 million nuisance calls and was subsequently fined £350,000 by the ICO.
The ICO began corresponding with Verso to find out how the company managed to get hold of so much information and how it was supplying it to other organisations. Verso used a number of websites, including their own, to gather personal data. They also used telemarketing campaigns to grab information as well, and they would then sell the details to other companies for marketing purposes.
The ICO found that the way Verso was obtaining and selling the personal data constituted as data processing. Data Protections laws, specifically principle 1, provide that:
“Personal data shall be processed fairly and lawfully”
Verso failed to comply with this provision as they didn’t take enough steps to ensure the people (whom the personal data belonged to) were sufficiently informed that their information would be sold or shared with others for the purpose of direct marketing.
The ICO’s Deputy Commissioner, James Dipple-Johnstone, expressed his concerns, “about the impact of invisible data processing on UK citizens and are currently looking at the data broking industry including how businesses trade and use personal data behind the scenes.”
Too often are companies taking our personal data without us knowing it and then sharing it between them for all sorts of uses behind our backs. This is why so many annoying calls asking about irrelevant things like your non-existent car accident and PPI eligible loans are received. Nuisance callers may have bought your contact details from another company who bought it from yet another company that may have stored your personal data from when you signed up for a membership for something completely unrelated to the nuisance call.
The Deputy Commissioner also said:
“This type of unlawful data trading directly fuels the nuisance call and spam text industry and creates misery for millions of UK citizens. Businesses need to understand they don’t own personal data – people do and those people have the right to know what is happening to it and who is likely to be contacting them for marketing.”
Marketing calls are incredibly annoying and distressing for many. People should be able to view advertisements for products and services that they actually want, when they want and in a way that is not invasive and irritating. Nuisance callers can exploit vulnerable people who may not understand the full nature of these pushy calls and messages.
The ICO are set to continue their investigations in to the data broking industry next to see the role they have in processing personal data.