Information Commissioner also warns entire data broking industry over its handling of people’s personal data
The Information Commissioner’s Office (ICO) has hit a data brokerage firm with a stiff £80,000 financial penalty for its failure to comply with data protection law.
The firm in question is Harpenden (Hertfordshire) based Verso Group (UK) Limited, which describes itself as ‘the UK’s Premier Lead Generation Provider’.
And the ICO has also issued a blunt warning to the entire data broking industry and warned them of their responsibilities when it comes to the handling and selling of people’s personal data.
The ICO decided to fine Verso Group because the company was not clear with people about what it was doing with their personal information.
It came the ICO found that Verso had supplied personal data for direct marketing to Prodial Ltd, which received a record fine for making 46 million nuisance calls, and to EMC Advisory Services Ltd (also fined by the ICO for making unsolicited calls).
This prompted a separate ICO investigation into Verso’s data trading practices, and it discovered that the firm was generating leads by two overseas call centres it was using to contact people in the UK.
The ICO also found that these call centres were gathering data from what the telephone operators described as surveys, but were in fact lead generation calls.
Verso also purchased data from various firms to be packaged up, in order to “sell on to companies for use in direct marketing without the correct consent required.”
The ICO said that this is the first fine to be issued and it follows a wider ICO investigation into the entire data broking industry.
“We have concerns about the impact of invisible data processing on UK citizens and are currently looking at the data broking industry including how businesses trade and use personal data behind the scenes,” explained James Dipple-Johnstone, ICO Deputy Commissioner (Operations).
“This type of unlawful data trading directly fuels the nuisance call and spam text industry and creates misery for millions of UK citizens,” said Dipple-Johnstone. “Businesses need to understand they don’t own personal data – people do and those people have the right to know what is happening to it and who is likely to be contacting them for marketing.”
Verso was found to have been carrying out these practices for a number of years, and the ICO said that anyone affected could not have known who would be obtaining and using their personal data for marketing.
“Verso should have ensured that the people whose personal data it was dealing in were given specific information about the companies who would potentially be marketing services to them,” said the ICO. It should have also gained people’s consent to use their information in this way, but Verso could not provide proof of this consent.
The ICO investigation into the data broking industry meanwhile continues, and is also looking at credit reference agencies.
The ICO has the power to levy fines of up to half a million pounds, and it has hit some organisations with extremely stiff penalties.
In 2012 for example, the Brighton and Sussex University Hospitals NHS Trust was fined £375,000 by the ICO.
Quiz: Are you a privacy expert?