Callcredit calls on industry to clean up its act following damning Which? investigation

Which?Callcredit Information Group, one of the UK’s leading credit reference agencies and consumer data management specialists, is calling on the data industry to improve its standards following a Which? investigation which revealed evidence of irresponsible behaviour and opaque supply chains.

Which? completed an undercover operation where it claimed to be a pension advice firm. As part of its investigations it found that just four out of the 14 firms it contacted refused to consider the bogus firm as a potential buyer of personal data. The other ten offered names and numbers even though it said it planned to call people as young as 50 with ‘early pension release opportunities’ despite the Financial Conduct Authority (FCA) warnings on such scam schemes1.

The results of the Which? investigation are reported in the February 2017 issue of Which? Money magazine. In the article it points out that under the Data Protection Act (DPA) all companies involved in the data trade are required to ensure their handling of people’s personal data is fair and lawful. Guidance on the sale of data, which accompanies the legislation, requires sellers to check how potential clients are going to use the information.

Worryingly, as part of its investigations Which? was sent a list by one company containing personal details, including telephone numbers, where 13 out of 18 people were registered with the Telephone Preference Service (TPS).

However, perhaps most worrying of all was the fact that simple checks into the bogus company Which? had created for the purpose of the investigation, would have revealed it was neither listed at Companies House, nor FCA (despite disclosing it was going to offer investment advice) or Information Commissioner’s Office (ICO) registered – a must for anyone trading in personal data.

Encouragingly, as part of its investigations Which? contacted the ICO who pledged to investigate further.

During the report Callcredit was highlighted as observing best practice, insisting on seeing proof from the bogus company to show its status as well as its ICO and FCA registrations before it would proceed.

Commenting on the Which? report Steve McNicholas, Managing Director, Marketing Solutions, Callcredit Information Group, said: “It is disappointing to see that there are still those within the industry that are acting irresponsibly and are failing to grasp the gravity of the situation, choosing to abuse the position of trust they are in.

“Although we were delighted that Callcredit was highlighted as an example of best practice, it is bitter sweet to see so many firms failing to adhere to even the most basic principles and legislation.

“As a business, we set a very high bar for consented marketing data. Last year we took the decision to strengthen the requirements we had regarding Fair Processing Notices and supporting Privacy Policies used by our own data suppliers to gather marketing data. Sadly, much of the industry still doesn’t take this rigorous approach, and based on the findings of the Which? investigation, is willing to put clients at risk by selling non-compliant data to a company that shouldn’t be able to buy it in the first place.”

Callcredit Information Group introduced its enhanced requirements following careful scrutiny of the Information Commissioner’s Office’s guidance on direct marketing and recent decisions by the First Tier Tribunal2. Callcredit no longer accepts data from any contributor which is unable to comply with the new standards of good practice for prospecting by telephone, email and SMS.

References: 1. https://www.fca.org.uk/consumers/early-pension-release 2. The First Tier Tribunal is the judicial body to which enforcement decisions of the ICO can be appealed https://www.gov.uk/guidance/information-rights-appeal-against-the-commissioners-decision