HM Insights

Why cold calling could land you in hot bother for breaching data regulations

In was recently reported that a Scottish marketing firm, Omega Marketing Services, has been fined £60,000 for making 1.6 million unsolicited phone calls to householders in a bid to sell solar panels and green energy equipment. 

Cold Calling Data Protection

The company was fined for calling people who were registered with the Telephone Preference Service (TPS) and, therefore, had not given their permission to receive calls.

The TPS is a free service set up as a central opt-out register on which individuals can record their preference not to receive unsolicited sales or marketing calls. It is a legal requirement that all organisations (not just businesses, but also charities, voluntary organisations and political parties) do not make any calls to numbers registered on the TPS unless they have the caller's consent to do so. 

Such consent must be given in advance and it is not possible to call and seek consent during the course of the call. 

Opting in, not opting out

Most businesses are now aware, and take steps to ensure, that marketing materials are only sent to those who "opt-in", i.e. positively elect to receive them, rather than "opt-out", which used to be the rule. Websites and all online registrations should, therefore, require users to tick the box saying they consent to the receipt of marketing information rather than saying that if they do not tick the box they will be deemed to have consented. 

The TPS was set up to provide people with a route to make it clear that they did not wish to receive unsolicited calls for any marketing purposes. 

Powers of the ICO

The fine of £60,000 highlights the powers of the Information Commissioner's Office, which can enforce breaches of the TPS and has the power to carry out detailed investigations in to the activities of any business. 

In this case, a total of 177 people complained to the ICO about Omega's tactics, claiming they felt "victimised". Investigations by the ICO usually arise from a complaint from members of the public.  One complaint may not be enough, but if a number arise it will be clear to the ICO that there could be a pattern developing which suggests that a business is breaching the relevant regulations. 

It is important, therefore, that where any business carries on marketing which involves any form of direct communication with consumers, they have a clear record to show that the consumer has opted in to receive such marketing materials.

Of course, consumers can be mistaken – it is often the case that, at an early stage in some level of correspondence or use of a website of a business, they will have opted in to receive marketing materials; but the business will have to show that it has records to establish this if the individual is on the TPS. 

And where businesses use a marketing agency to find potential customers for them, if they do make a call it is the responsibility of the business on whose behalf the call is made to ensure that it is not carrying out unapproved marketing activity. 

More established businesses using call centres will, therefore, have digital equipment in place to ensure that a block is placed on those who have registered with the TPS unless they can confirm that authority has been given. But for smaller businesses, such investment in technology is probably far off. 

What happens if a complaint is made?

Clearly, in this case, a total of 1.6 million calls is excessive – and out of that, only 177 people complained. But if a complaint is made, an investigation may take place and the ICO will look to ensure that the business is fully aware of its legal responsibilities, possibly also requiring the business to give undertakings as to how it will act in future and any practical steps which it will take to ensure there is no further breach. 

There is no financial benefit from making a complaint to ICO – fines are not passed on to those who complained. But the fact that the business which made the cold calls has been fined and will, clearly, now be monitored by the ICO, will give those who complain some satisfaction and comfort. 

The risk is that if a complaint is made to the ICO about cold calls, this may prompt the ICO to carry out more detailed investigations regarding the business' use and security of data – and as fines of up to £500,000 may be imposed for breaches of personal data, that must surely be a wake-up call for all businesses to ensure they comply. 

Get in touch

Scott Kerr is a partner in the Corporate Department of Harper Macleod LLP with expertise in the field of Data Protection.