23 Aug 2011
We have definitive legal advice on the subject of sending 'unsolicited direct marketing emails' and a few suggestions on how to guard against breach of the legislation are also set out below.
What is the legal position?
1) The two key pieces of legislation governing the use of personal data are (a) the Data Protection Act, 1998 (DPA) and (b) the Privacy and Electronic Communications Regulations, 2003 (PECR). There is more detail on the Information Commissioner's Office (ICO) website (below).
2) The law states that we cannot transmit, or instigate the transmission of, unsolicited marketing material by electronic mail to an individual unless they have previously notified us, the sender, that they consent, for the time being, to receiving such communications.
There is an exception to this rule, which has been widely referred to as the 'soft opt in' clause of the PECR - Regulation 22(2). These rules state that we may send or instigate the sending of electronic mail for marketing purposes to an individual subscriber where:
- We have obtained the contact details of the recipient in the course of a sale or negotiations for the sale of a product or service to that recipient;
- The direct marketing material we send relates to similar products and services from SCI;
- The recipient has been given a simple means of refusing the use of their contact details for marketing purposes at the time those details were initially collected and, where the recipient did not refuse the use of those details, at the time of each subsequent communication.
We must satisfy all these criteria. If we do, then we do not need prior consent to send marketing by electronic mail to individuals. If we do not satisfy these criteria, we cannot send marketing by electronic mail to anyone without their prior consent.
SCI would generally meet the 'soft opt in' clause, as delegates (non-members) who attend our conferences/meetings were obtained in the course of a sale as outlined above. These individuals have 'consented' to our invitation to take part and can be contacted again so long as they do not 'opt out' of any future email communications we may send them to promote conferences (thereby refusing SCI or any member acting on behalf of SCI the use of their contact details).
3) Obtaining consent from an individual prior to carrying out 'any direct marketing' is paramount. Failure to do so would not only be unlawful, but would put the Society at potential risk of a fine and damage its brand reputation. The level of fine, the ICO can issue, has recently increased from £5,000 to £500,000. Two charities recently escaped being fined by the ICO for failure to secure their data, but a host of others organisations have been fined. It would appear that the maximum fine so far issued by the ICO is £120,000.
Who does it affect?
The DPA and PECR affects the SCI and anyone acting on its behalf (eg, SCI members or its partners).
John Brown, Honorary Treasurer, Board of Trustees