The Information Commissioner’s Office (ICO) is essentially the data protection police. People often worry about minor breaches of data protection laws and getting in trouble with the ICO, but it is breaching direct marketing laws that should be of most concern.
Breaches of these rules can cost businesses up to £500,000 in fines, prohibition on their business activities and serious damage to their commercial reputations. Not forgetting the potential liability of the company directors for the same eye-watering fines – and disqualification if the fines are not paid.
Yes, the UK General Data Protection Regulation (GDPR) and Data Protection Act (DPA) are important, but companies often overlook, or in lots of cases aren’t aware of the rules that they are most likely to fall foul of, The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
Definition of direct marketing
‘Direct marketing’ is the communication by whatever means of advertising or marketing material which is directed to particular individuals. It covers any form of marketing when you are doing so to named people. It can be in any form, via phone, emails, texts, social media and so on.
Direct marketing covers any form of marketing when you are doing so to named people.
Many companies are doing, but not always aware that they are engaged in direct marketing, which could be contacting people who have previously indicated an interest in buying, selling or renting a property or other forms of sales.
‘PECR’ sets out what you can and can’t do when it comes to direct marketing. The regulations dictate what you must consider when telemarketing, like adhering to the rules of the Telephone Preference Service or people’s preferences for your marketing. Likewise, they tell us what you can do with electronic marketing, such as emails, and when you need consent.
Relevance to agents
Why is this of interest to the property sector? ICO investigations and enforcement are very often triggered by complaints being received about particular companies. These are directly from members of the public and through third parties, such as the Telephone Preference Service, a blocking service for unwanted marketing calls, and the 7726 Spam Reporting Service regarding unwanted text messages. The ICO will monitor the complaints being received and, if they are significant in volume, they may start a formal investigation.
However, they will also closely monitor the sectors that are being most complained about and pay particular attention to companies within them. As an example, they have recently been investigating a lot of companies in the energy and home improvement sector, which they called ‘Operation Tinago’.
This is because the sector generated a high level of complaints from its collective marketing activities and therefore came to the attention of the ICO. Some of the companies involved have received hefty fines, for example a company in Preston called Crown Glazing Limited has just been fined £130,000 for breaching PECR.
The ICO publish its monthly complaint figures and it seems property and estate agents are creeping up the leaderboard. In May 2023, the sector generated 191 complaints to the ICO, which was mainly from email marketing. Whilst the home improvement businesses generated 440 complaints in the same month, the number is still high and places the property sector in the top 10 most complained about.
Given this unfortunate league table position, it may only be a matter of time before the ICO turns its attention on the sector and starts knocking on the doors of property companies and estate agents. If the figures do not improve for the property sector, it looks as if it is just as matter of time before it becomes the focus of the ICO’s attention and individual investigations will follow.
Keeping the ICO at bay
The easiest, quickest and cheapest way to protect your business is to get savvy and train your staff. One of the main problems I encounter when representing such companies is that they have not paid any attention to the rules and, in particular PECR. The ICO expect that they have provided relevant training to their staff and have suitable PECR policies and procedures in place, but very few companies ever do. Their lack of attention to the marketing rules can actually aggravate the situation and make matters worse.
The ICO requests a lot of information at the start of an investigation but the one sticking point for most companies always comes in the form of this request: “Please provide copies of any policies, procedures or training materials used to inform staff about PECR.”
Most companies struggle to provide such materials. How would you do? If you are doing any direct marketing at all, you should make sure that you understand the laws that apply. You should provide staff training and have relevant policies and procedures. If you don’t, you are more likely to get it wrong and have the ICO knocking at your door.
Andrew Swan is a a leading specialist solicitor in the UK, defending companies subject to regulatory investigation and enforcement, in trouble with the ICO. He offers training and advice on direct marketing laws.