PLEASE NOTE: Our website uses a technology called cookies to improve your experience. One of the cookies we use is essential for parts of the site to operate and may have already been set. You may delete and block all cookies from this site, but parts of the site will not work. For more information see our privacy policy.

To accept cookies from this site (and hide this notice) please check this box and click the continue button.

HomeThe IssuesOur ServicesOur TeamPublicationsTestimonialsOnline TrainingNewsletterContact us
publications issues

publications and press

publications from Opt-4 and press coverage

DMA Data Protection 2016 – Regulators’ plans to combat nuisance calls but no firm guidance yet on GDPR
Thursday, March 3, 2016
A capacity audience at the DMA Data Protection 2016 conference heard warnings from Government and the ICO that the nuisance call industry was under concerted attack.

Privacy Shield tweets – Safe and secure or a “ten layers of lipstick on a pig”
Thursday, March 3, 2016
To say that reactions on Twitter to the new Privacy Shield have been mixed is a significant understatement.

Telemarketing Campaigns – practical guidance on consent and due diligence
Thursday, March 3, 2016
Telephone lead generation, outbound telemarketing and fundraising have come in for a great deal of recent criticism from regulators and consumers. The very power of the channel means that it will always gain a reaction – good or bad. Add the fact that there has been some blatant bad practice and you have a recipe for consumer dissatisfaction and regulatory clampdown.

British Red Cross makes promises on fundraising
Thursday, March 3, 2016


Charities face enforced regulation and ‘opt-in’ consent
Friday, November 20, 2015
Proposed amendments to the Charities Bill could see organisations facing prosecution if they fail to abide by tough new fundraising rules. Two new clauses would give the Government reserve power to introduce statutory regulation and force large charities to sign up to a new fundraising watchdog.

European Commission guidance on EU-US data transfers
Friday, November 20, 2015
The European Commission has reiterated its wish for a swift agreement on a new Safe Harbor agreement. It has urged U.S. authorities to take the next step in on-going negotiations. Meanwhile, the EC has published guidelines for alternative methods for transatlantic data flows.

European legislators reveal the General Data Protection Regulation (GDPR) areas yet to be agreed
Friday, November 20, 2015
Negotiators working on the long-awaited GDPR are optimistic full agreement can be reached by the end of the year. However, some crucial issues remain outstanding.

Who is the ICO fining?
Friday, November 20, 2015
Losing data, selling data without permission, unsolicited text messages and dodgy telemarketing calls are the most likely offences to cost businesses money.

How a data breach could seriously harm your reputation
Friday, November 20, 2015
Talk Talk’s reputation has been seriously compromised in the aftermath of its cyber-attack and the company is taking a £30 million hit to put things right, but the list of big brands in the news over data breaches doesn’t end there.

Opt-4’s quick reference guide to General Data Protection Regulation (GDPR)
Wednesday, October 28, 2015
The much-anticipated General Data Protection Regulation has been hotly debated across Europe is now on the final stretch to becoming finalised.

Does your third party data really provide valid consent for marketing?
Thursday, September 10, 2015
Businesses which use personal data passed on by third parties for direct marketing purposes cannot rely solely on the terms of their data sharing agreements, an information rights tribunal has confirmed.

The benefits of a Preference Centre
Thursday, September 10, 2015
Preference Centres are becoming increasingly popular in the UK, especially businesses with multiple brands or products/services. The benefit to consumers is quite obvious: it gives them control and the opportunity to say what types of message they want to receive and how often. But there are also great benefits to business wishing to manage their opt-outs better.

Children’s websites
Thursday, September 10, 2015
An international project run by Global Privacy Enforcement Network (GPEN), which looked at almost 1,500 websites and apps used by children, has raised concerns over the personal information collected.

A third of workers admit they would leak sensitive data
Thursday, September 10, 2015
How secure is personal data in the hands of employees? Not at all safe it appears. A recent poll has revealed a third of employees would sell information on company patents, financial records and customer credit card details if the price was right.

Charities back 'strengthened' fundraising code
Thursday, September 10, 2015
The latest probe into fundraising activities has led some leading charities to say they will commit to a ‘strengthened’ fundraising code to stop vulnerable donors being exploited. Writing to the Sunday Times, the bosses of seventeen charities said they would support the creation of a new regulator which could investigate and use “strong penalties” for any charity breaking the rules. No-one should be "pressured into giving", the charity leaders wrote.

The public care about personal data but knowledge gap remains
Thursday, September 10, 2015
Consumer knowledge of personal data is growing and the public realise the importance they play in protecting their own data.

How will you use customer location data?
Wednesday, July 08, 2015
At Opt-4 we’ve been keeping an eye on the rapid growth of mobile and hyper-local services. This phenomenon has been fuelled by the continuing growth in smartphone & tablet usage.

A step closer to the new Data Protection Regulation
Wednesday, July 08, 2015
After 3 years of negotiations, the new General Data Protection Regulation moved a big step closer on 15th June. The first in a series of eight ‘Trilogue’ meetings took place between the European Parliament, Commission and Council in Brussels.

People feel out of control of their data
Wednesday, July 08, 2015
The new Eurobarometer Survey on Data Protection has been published and the results reinforce the need for the new Regulation, to keep up with the pace of technological change.

Improve your consent rate and grow your usable database!
Wednesday, July 08, 2015
Gaining consent for marketing communications is a challenge faced by most businesses. As technologies advance, the value of marketing consent is becoming greater and greater. But in the past writing statements to maximise consent rates was somewhat of a black art.

Three versions of the truth about marketing consent
Monday, May 18, 2015
While the data protection pundits argue about when the Data Protection Regulation will be finally agreed (our money is still on 2016) one thing is sure, the definition of what qualifies as “consent” will change

Conference contrasts
Wednesday, April 01, 2015
With just a weekend separating them, the DMA’s Data Protection Day 2015 and the ICO Data Protection Practitioner Conference presented some interesting contrasts.

12 months of Privacy
Tuesday, December 16, 2014
2014 has been a big year in privacy. Here are some highlights

A few of our favourite things in 2014
Tuesday, December 16, 2014
With all the news of breaches and blunders, it’s great to be able to celebrate good data protection practice and effective use of data so here are a few examples of the right way to do things...

Tech giants indulge in privacy one-upmanship
Tuesday, September 23, 2014
There seems to be a rather public mud-slinging match going on between tech giants Google, Microsoft and Apple and it’s all about privacy.

New Commissioner urged to get on with the Data Protection Regulation and e-Privacy is next
Tuesday, September 23, 2014
After the inevitable hiatus caused by the European Elections, the new- look Commission, under Jean-Claude Juncker, has defined its mission to get the draft Data Protection Regulation through the legislative process in the next six months.

ICO warns exiting employees to keep their hands off data
Tuesday, September 23, 2014
The Information Commissioner’s Office (ICO) has warned employees that walking off with the personal information of their employer when changing jobs is a criminal offence.

App-alling
Tuesday, September 23, 2014
The ICO recently reported that a survey of over 1,200 mobile apps by 26 privacy regulators from across the world showed that a high number of apps are accessing large amounts of personal information without adequately explaining how people’s information is being used.

Not forgotten
Tuesday, September 23, 2014
The Article 29 Working Party met on 16-17 September and the member Regulators were said to have had an “extensive exchange of views on the effects of the CJEU ruling recognising the right for an individual to have links removed from the list of results displayed following a search on the basis of a person’s name” (aka the Right to be Forgotten).

Not giving up
Tuesday, September 23, 2014
In a long running legal battle a US court recently found Microsoft in contempt for refusing to hand over copies of emails stored on a server in the Republic of Ireland, to the US government.

New Data Protection laws in Europe could have global impact
Tuesday, August 26, 2014
Some global brands are very worried about the impact of the revised European Regulation on Data Protection which is currently being debated in Europe and they probably should be.

New opt-in benchmark takes guesswork out of permission statements
Tuesday, July 08, 2014
As brands struggle with low opt-in rates and the legal regime for data collection tightens, permission wording is under the spotlight.

Mansfield case is not the end of soft-opt-in
Tuesday, July 08, 2014
The Mansfield case (where John Lewis found themselves in the dock over the interpretation of soft opt-in) shows just how easy it can be for individuals to “have a pop” at iconic brands regarding marketing permission

Facebook shocks users with sentiment testing
Tuesday, July 08, 2014
If you think Facebook users are pretty relaxed about privacy, you may want to think again

Evidence needed in defence of good lead gen practice
Tuesday, July 08, 2014
As part of the DCMS Action Plan on nuisance calls Which? has set up a task force to review how consumers give consent for marketing. The activity is in response to considerable consumer complaint about telemarketing and lead generation.

International marketers perplexed by Canada’s new anti-spam laws
Tuesday, July 08, 2014
The new anti-spam legislation in Canada (CASL) which came into force on 1st July is causing havoc for international email marketing. The combination of overbroad drafting and extra-territorial reach means a huge number of businesses mailing into Canada will be caught out.

FTC declares war on data brokers
Tuesday, July 08, 2014
As soon as they saw the title of the recently published Federal Trade Commission report, US data providers must have known what they were in for. “Data Brokers: A Call for Transparency and Accountability” is a hard-hitting look at the data industry which pulls no punches about what the Regulator thinks.

Forget Me, Google
Thursday, May 22, 2014
In a landmark ruling, Google has been ordered to take down historical search results of an individual in Spain, setting a legal precedent that could be hugely damaging for publishers and search engines alike.

Q&A: The evolving challenge that is anonymisation
Thursday, May 22, 2014
Sophie Cameron of E-Commerce Law & Policy spoke to Opt-4’s Michael Bond, about the Article 29 Working Party’s (WP29) recent opinion and what businesses need to do to ensure they are on top of the evolving challenge presented by data anonymisation.

Nuisance Calls Action Plan Gathers Pace
Thursday, May 22, 2014
The Department for Culture Media and Sport (DCMS) has released an action plan which includes legislative procedures that would lower the threshold for fines to be levied by the Information Commissioner’s Office (ICO) to marketers who breach the rules around marketing calls and other electronic marketing methods.

First TPS fine from Trading Standards
Friday, May 23, 2014
In another cold call development, TPS chief, John Mitchison, has warned organisations to expect more fines after Dorset County Council Trading Standards issued a landmark £36,000 penalty to a firm for not checking call lists against the Telephone Preference Service. This is the first time Trading Standards have used these powers.

DMA Clarifies ICO guidance on Direct Marketing
Thursday, May 22, 2014
As we reported last year, in September 2013 the Information Commissioner’s Office (ICO) issued an update to its guidance on direct marketing. While it is not legally binding, the guidance is important as it will govern the way the ICO assesses potential breaches of Data Protection laws. But there were parts of the guidance that were causing some marketers to scratch their heads; in some places the guidance was confusing and even contradictory. Since the guidance was issued, the DMA has been working hard to get some concessions from the ICO and answers to some key questions, especially around the crucial conditions for obtaining consent.

People Power catches Rogue Marketers
Thursday, May 22, 2014
On the 20th May 2014 the Information Commissioner’s Office (ICO) reported that two companies accused of making thousands of nuisance marketing calls, face substantial fines after it received a total of over 1200 complaints from the public.

International News -Ireland: Regulator releases 25th annual report
Thursday, May 22, 2014
International News -Ireland: Regulator releases 25th annual report, highlighting that public services need to do more to protect data.

International news: Canada
Thursday, May 22, 2014
Regulators address panic over new anti-spam rules

International news: USA
Thursday, May 22, 2014
USA - Freedom Act clears the House Judiciary Committee and heads to the House Floor

In praise of “legitimate interests”
Thursday, May 22, 2014
In one of its recent opinions, the Article 29 Working Party (consisting of all European data protection regulators) has clarified when the processing condition of “legitimate interests” can be used to justify marketing.

European Parliament rolls over to data protection concerns
Wednesday, March 12, 2014
I don’t know about you but I was amazed to hear that the European Parliament had voted by a massive 621 votes in favour (10 against and 22 abstentions) to support the latest draft of the General Data Protection Regulation from the LIBE Committee.

Are businesses walking into data disaster?
Thursday, February 20, 2014
Opt-4's Rosemary Smith's blog for the Direct Marketing Association looks at the importance of getting Data Protection into the boardroom!

Reding unveils timelines for reform - Data Protection Day 2104
Tuesday, January 28, 2014
Data Protection Reform could be agreed by the end of 2014 according to a memo issued by the European Commission and a speech by the main sponsor of the reform Viviene Reding.

Privacy… The word of 2013 but what does it mean?
Monday, January 20, 2014
An Internet search defines privacy as “freedom from interference” but that’s only one interpretation. It is certainly not what we mean when we talk about privacy in the context of the commercial use of Personal Data. Privacy means so many different things to virtually everyone but is there one defining element to privacy that society can agree on?

Reding urges for “full steam ahead” on Data Reform
Monday, January 20, 2014
EU Justice Commissioner, Viviane Reding, has made yet another attempt to speed up Council negotiations on the Data Protection Regulation reform as the May European elections edge closer and with it the deadline for agreement.

ICO consultation suggests enforcement on only the most serious cases
Monday, January 20, 2014
The Information Commissioner’s Office (ICO) launched a consultation on the 18th December called “Our new approach to Data Protection concerns”, which seeks stakeholder views on key changes to the way it handles complaints. The, consultation which ends on the 31st January 2014, proposes that the ICO will only investigate cases where there is serious breach or where an organisation is repeatedly reported to the ICO.

Unsolicited calls debate ramps up pressure for Government action
Monday, January 20, 2014
With Talk Talk now the only telecoms provider to offer free call screening services in order to prevent spam calls, and the number of complaints made to the Regulator about spam calls increasing, Government is increasing its efforts to improve privacy but at what cost for business?

Information Commissioner’s Office (ICO) looks to Privacy Seals
Monday, January 20, 2014
In its January newsletter the ICO has confirmed that it is exploring the development of an independent third party accreditation or privacy seal.

ICO to conduct workshop on Marketing Lists
Monday, January 20, 2014
The Information Commissioner’s Office is to hold a workshop focused on marketing lists. The aim is to garner a better understanding of what organisations experience when buying lists and identify areas of good and bad practice. The ICO is interested in seeing where improvements can be made to the process.

Singapore: PDPC allows companies to send marketing without checking Do-Not-Call registry
Monday, January 20, 2014
The Singapore Data Protection Commission (PDPC) has reached a decision that marketers may send certain messages to people registered on the Do Not Call registry (DNC) where certain conditions are met.

Germany: Authorities clarify marketing guidance
Monday, January 20, 2014
On the 10th December a German working group released new guidance that seeks to clarify existing rules relating to the use of Personal Data for advertising purposes.
While these are not new rules the guidance seeks to demystify confusion that exists. German laws are often interpreted differently across different regions and authorities.

CNIL Fines Google 150,000 Euros for non-compliance
Monday, January 20, 2014
Google has been fined by yet another Data Protection Regulator for non-compliance with national Data Protection Laws, in what is becoming a regular source of income for Data Protection authorities around Europe.

USA: CES highlights the future of connected devices & Privacy concerns
Monday, January 20, 2014
The Consumer Electronics Show (CES) being held in Las Vegas this week has always been a great predictor about how consumer electronics are evolving.

This year has been no exception with smart TVs, cars and connected devices. Samsung stole the show announcing a new feature that would connect all of its devices in your home that could talk to each other, moving us ever closer toward the “internet of things”.

Poland: New Data Protection rules on transfers and DPOs
Monday, January 20, 2014
Data transfers are set to become easier in Poland according to a new draft Data Protection law. The new rules would allow international data transfers without the consent of the regulator as long as there were adequate safeguards in place, i.e. data transfer agreements, which include standard contractual clauses approved by the European Commission.

Update: Progress of EU Data Protection Regulation
Tuesday, November 26, 2013
On the 21st October MEPs in the LIBE Committee, who are the lead committee in the European Parliament tasked with progressing the Data Protection reforms, agreed on a compromise text that can now be used in negotiations with the European Council and Commission, bringing the draft Data Protection Regulation one step closer to reality.

ICO extends consultation on privacy notices Code of Practice
Tuesday, November 26, 2013
The ICO has recently extended its consultation period, looking to business for views on how it could change its Code of Practice on privacy notices (The Code). The process will now end on the 30th of November.

Spam Texts Case – Monetary Penalty Cancelled
Tuesday, November 26, 2013
Tetrus Telecom, which was fined £300,000 in a monetary penalty notice (MPN) on the 26th November 2012, has had its fine cancelled on appeal by the Information Tribunal.

Private Members Bill moves to make TPS a register for those who opt-in to marketing
Tuesday, November 26, 2013
The Unsolicited Telephone Communications Bill (HL Bill 18) was introduced in on the 14th of May 2013 as a private members bill, and if passed into law, would reverse the way the Telephone Preference Service (TPS) works.

Privacy by Design: a vital tool for Business
Tuesday, November 26, 2013
Privacy by design (PbD) is a concept that many would think is reserved for academics and the public sector but they would be wrong! Given the significant emphasis on PbD in the draft Data Protection Regulation, it is a management tool that most organisations will have to adopt in future to be compliant with the law. Not such a bad thing, as Opt-4’s Mike Bond explains.

Malaysia: Personal Data Protection Act (PDPA) Finally in Force
Tuesday, November 26, 2013
Three years after it was passed by the Malaysian Parliament (2010) the PDPA is finally in force, and gives data users (organisations who use Personal Data) 3 months to get their houses in order.

India: Indian Privacy Protection Bill 2013 - a step in the right direction
Tuesday, November 26, 2013
The Indian Centre for Internet and Society has proposed a bill that would bring Indian Data Protection closer to the regimes that are found in Europe.

United States: New Californian law of “Erasure” will come in to effect in 2015
Tuesday, November 26, 2013
Law SB 568 or the “Eraser Button law” will take effect in the State of California on the 1st of January 2015 and will require organisations that focus on minors to make privacy-related changes to their businesses and websites.

Australia: Privacy Principles up for debate
Tuesday, November 26, 2013
Ahead of the new privacy laws that are expected to come into force in March 2014 (Privacy Amendment (Enhancing Privacy) Act 2012 (Cth)), the Australian Information Commissioner is in the process of consulting on a set of privacy principles that would, in theory, help organisations prepare for the impending changes.

Data Protection Regulation Webinar
Tuesday, November 05, 2013
Opt-4's Rosemary Smith recently took part in a roundtable webinar with other data protection experts to discuss the progress of the Regulation

UK Direct Marketing Industry to be hit by ICO guidance
Friday, October 11, 2013
The Information Commissioner’s Office (ICO) has published new tougher guidance on the rules surrounding direct marketing and the Telephone Preference Service, which will have a significant effect on how the industry can use Personal Data.

European discussions on Data Protection Regulation ramp up
Friday, October 11, 2013
On the 7th October the European Union’s Justice and Home Affairs Council met to discuss elements of the “one-stop-shop” provision in the Proposed Data Protection Regulation, resulting in widespread assent for the provisions.

Data Protection Authorities agree key resolutions at Annual Conference
Friday, October 11, 2013
On September 24th at the 35th International Conference of Data Protection and Privacy Commissioners representatives held a closed session to discuss several points of interest which resulted in the release of agreed Resolutions on vital policy areas, including: Apps, Profiling, Enforcement coordination, web-tracking and digital education.

ASA’s lack of teeth on OBA, a cause for concern for self-regulation
Friday, October 11, 2013
The Advertising Standards Authority (ASA) recently published its half-year report on the Regulation of Online Behavioural Advertising (OBA), revealing the extent to which the rules designed to protect consumers are largely being ignored.

fast.MAP’s Marketing Gap research for 2013: Marketers are struggling to keep up with consumers

Survey results in the 9th annual Fast.MAP Marketing-GAP Tracking Study show that marketers are often projecting their own channel prejudices on to the consumers they are targeting.

Information Commissioner to review Privacy Notices Code of Practice
Friday, October 11, 2013
In a recent newsletter the Information Commissioner’s Office (ICO) announced that it was seeking feedback on whether it should update its Code of Practice on Privacy Notices, which was last updated in 2010.

Singapore clarifies its position on Data Protection
Friday, October 11, 2013
On the 24th September the Singapore Personal Data Protection Commission issued guidance on the new Singapore Data Protection Act

USA pushes for Online Bill of Rights
Friday, October 11, 2013
In a report by Politico.com the Whitehouse is said to be pushing forward with plans to “boost online privacy safeguards for consumers”.

California gets “eraser” button for online posts
Friday, October 11, 2013
aw, S.B. 568 signed by California Governor Jerry Brown makes California the first state in America to allow under 18 year olds to remove information easily from websites and apps.

New "game-changing" Guidance from the ICO on Direct Marketing
Tuesday, September 10, 2013
New “game-changing” advice from the ICO on Direct Marketing

The Information Commissioner’s Office has published new tougher guidance on the rules surrounding direct marketing and is simultaneously calling for the law to be tightened to allow for more enforcement of the Telephone Preference Service.

Reding pushes for faster progress on Data Protection reform
Tuesday, August 20, 2013
On the 15th July Viviane Reding, the EU Commissioner for Justice issued a statement calling for the European Council to “speed up the work in the Council on this important file”.

ICO fines bank over fax blunder
Tuesday, August 20, 2013
The Bank of Scotland (BoS) has been fined by the UK Data Protection Regulator (ICO) after it repeatedly failed to stop financial details of customers to being sent to the wrong people.

Microsoft Vs Google: The battle for email
Tuesday, August 20, 2013
In a recent blog post on a Microsoft owned website, “Scroogled.com”, Microsoft launched its latest attacked Google, stating that the search engine not only reads user emails to target adverts but that it has now begun sending targeted adverts that look exactly like emails directly to the user’s inbox, a practice that the blog post has dubbed “GSpam”

Data Protection sweep finds hole in online Privacy Policies
Tuesday, August 20, 2013
23% of websites and mobile apps have no privacy policy according to a privacy sweep by a group of Data Protection regulators. The analysis of 2186 sites by the Global Privacy Enforcement Network (GPEN) took place in May this year and was designed to recreate the user journey through a website or mobile app and to assess the efficacy of those sites’ privacy policies.

ICO & Ofcom team up to tackle nuisance calls
Tuesday, August 20, 2013
The Information Commissioner’s Office and Ofcom have released a joint action plan that aims to tackle the increasing concerns of people about the prevalence of nuisance calls.

International news: Ukraine
Tuesday, August 20, 2013
On the 23rd of July the Ukrainian President signed a law crafted to improve data protection in the region.

International news: Australia
Tuesday, August 20, 2013
An update to the Australian Federal Privacy Act 1998 by the Privacy Amendment (enhancing Privacy Protection) Act 2012 is effective as of 12th March 2013 and will mean a step change in the way businesses must protect personal data.

International news: France
Tuesday, August 20, 2013
A court in France has ruled in favour of a company that dismissed an employee based on emails sent between the employee and a competitor that were found on his computer, according to Field Fisher’s Information Law blog.

Do Not Track Falters
Tuesday, July 16, 2013
W3C’s working group on tracking and protection issued a decision on the 16th July 2013 rejecting the Digital Advertising Alliance’s (DAA) proposal for an alternative base text to be used in developing a Do Not Track standard. A move that is likely to cause concern among Advertisers

Full DAPIX text Leaked
Thursday, July 11, 2013
On the 21st June 2013 the organisation Statewatch released an official document containing the full text of the Draft General Data Protection Regulation. The text shows the amendments, which the Council of Europe’s working group on information exchange and Data Protection (DAPIX) have been working on.

Draft General Data Protection Regulation Update June 2013
June 11 2013
“Battle of the texts” continues as Irish Presidency weighs in.

As the LIBE Committee wades through over 4,000 amendments to the draft General Data Protection Regulation, the Irish Presidency has issued a “compromise text” of Chapters I-IV showing some hopeful signs for marketers.


ICO ramps up enforcement on illegal marketing

The ICO has issued a press release stating that it has handed out monetary penalties totalling £440,000 to two rogue marketers, who for three years, sent millions of spam text messages to the public.

Ministry of Justice report shows huge compliance costs of Data Protection Proposals

A long awaited impact assessment produced by the Ministry of Justice (MOJ) has highlighted that if the new rules covering Data Protection law go through as currently drafted, the cost to businesses in the UK could be as high as £360 million pounds.

ICO under fire from Leveson

Lord Leveson has accused the ICO of ‘missing the opportunity’ to tackle press issues when they came to light over a decade ago

ICC UK issues second round of guidance on Cookies

Six months after its first round of guidance on implementation of the cookie law; the UK International Chamber of Commerce Digital Economy Group has issued a second edition of their advice to website owners.

ICO fines for inaccurate data

Prudential has been hit with a £50,000 fine for accidentally merging the accounts of two of its customers, who share the same name and date of birth.

International News

Ireland: Facebook questioned over privacy policy changes

Australia: Privacy Commission to get new powers

India: Minister to usher in new data protection regime

ICO to fine rogue marketers £250,000

The Information Commissioner’s Office is on course to issue two monetary penalties totalling a staggering quarter of a million pounds, to two marketers who were illegally distributing millions of spam text messages

Committee Releases second working document on the Data Protection Regulation

The Draft Data Protection Regulation has come under increasing scrutiny behind the scenes in the European Parliament during recent weeks. An updated working document highlights the need to clarify key definitions and terms in the text, which are likely to impact marketers significantly as they are currently drafted.

“Do Not Track” standards are not going far enough to help with cookie consent

In a recent Speech, Neelie Kroes, who is responsible for the European Union’s Digital Agenda, explained that the “Do Not Track” standard, as it currently stood, would not help cookie compliance.

UK issues Cloud Computing Guidance

In September the Information Commissioner’s Office (ICO) issued updated guidance on cloud computing. The Guidance makes it clear that organisations remain obliged to ensure data is handled responsibly, even when the data is passed to a cloud provider.

Digital Advertising Spend reaches £2.59 Billion

A report conducted by PricewaterhouseCooper (PWC) for the Internet Advertising Bureau (IAB) shows that advertising expenditure rose 12.6% in the first half of 2012, with a massive 132% rise in mobile spending.

International News

Uruguay given Adequacy Status and Monaco to Follow

Ireland Fines £24,000 for lost laptops

Austria Moves to Online Registration

Germany Gets Stricter Rules on Marketing and Advertising

Data Protection Proposals continue to evolve

A sense of pragmatism has emerged from the European Parliament in recent weeks, with the news that an agreement has been reached that would give the European Commission power to change the rules on data protection, as technology and attitudes change.

Cookies: Opt-4 creates new EU cookie chart

As the implementation of the e-Privacy Directive in the UK becomes clearer, attention is turning to other European countries. To help industry get the full picture Opt-4 has developed a chart, which maps the implementation of the ‘cookie law’ in all of the European Members States.

Monetary Penalty hits Private Sector

The Information Commissioner’s Office (ICO) has imposed a £150,000 civil monetary penalty (CMP) on the Consumer lender, Welcome Financial Services Limited, after they lost more than 500,000 customers’ details. The ICO hopes that such penalties will remind organisations of their duties to keep data safe.

Overseas News

Hong Kong Data Ordinance Amended:

The Hong Kong Legislative Council recently passed a bill to amend the Personal Data Ordinance, which will become effective in phases starting on 12th October 2012.

Italian TPS reaches 1 Million:

In July 2012 the Italian Telephone Robinson List has surpassed 1 million subscribers.

Online Data Protection Training with DPA 360.

Four out of five companies caught breaching the Data Protection Act have not trained their staff properly. Opt-4’s online training tool, DPA360 helps to educate staff on data protection issues and they don’t even have to leave their desks!

Reding sticks to her guns over tough new data protection Regulation

Despite a “battering” from both within and without the European Commission EU Commissioner Viviane Reding has proved to be a lady not for turning.

Cookie deadline looms – No silver bullet yet

Less than six months away from enforcement of the UK’s new cookie law website owners are still struggling to find a workable solution to the requirement for informed consent. Enforcement will happen in the UK as of 26th May 2012 but time is running out for the industry and Europe’s regulators are generally unsympathetic.

Facebook under fire as Google gets green light

It has been a torrid few months for Facebook which has found itself under fire on both sides of the Atlantic for its privacy practices.

Data concerns won’t go away

The ICO’s “Annual Track” research for 2011 shows that public confidence in how personal information is being handled continues to decline; less than half of our prospects believe we will process their information fairly.

Overseas news

New Data protection laws

New or amended data protection legislation has been passed in the last few months in Angola, Austria, China, Columbia, Hungary, India and Peru.


DPA360 – Online training in data protection

Four out of five companies caught breaching the Data Protection Act have not trained their staff properly. Opt-4’s online training tool, DPA360 helps to educate staff on data protection issues and they don’t even have to leave their desks!

ICO wants commerce to embrace audits

Launching his annual report in a webcast last week, the Information Commissioner encouraged the private sector to stand up and be audited.

“Permission Please” research published

The results of a new Opt-4 survey underline how gaining marketing permission is increasingly difficult for brands and nearly three quarters of respondents - all household names from a range of sectors - agreed that marketing opt-out rates represented a major business threat.

Data thieves pay the price

In the first meaningful prosecution of its kind, two former employees of T-Mobile who illegally sold customer data were ordered to pay a total of £73,700 in fines last month. The fines reflected, in part, the ill-gotten gains the pair made from the data sales.

ICC takes lead to find cookie solutions

In the frenetic run up to the Cookie Regulations becoming law, the International Chamber of Commerce (ICC) played a key role in bringing law makers, the regulator and commerce together. The – sometimes heated – exchanges at meetings facilitated by the ICC forced DCMS to issue an eleventh hour open letter of explanation and significantly influenced the ICO’s agreement of a 12 month enforcement “holiday”.

Overseas news

Data protection moves closer in Costa Rica
Twitter in trouble
Reding and Kroes speak out in Europe
Italian DP fines hit E4m
India changes rules for outsourcers


DPA360 – Online training in data protection

Four out of five companies caught breaching the Data Protection Act have not trained their staff properly. Opt-4’s online training tool, DPA360 helps to educate staff on data protection issues and they don’t even have to leave their desks!

Confusion reigns on “Cookie Day”

It’s “Cookie day” in the UK but website owners and legal experts are still desperately sifting through the new rules and advice from the Information Commissioner’s Office trying to get a clear picture of what it all means.

PECR violations will bring fines

Creeping in under the cookie storm there are other changes to the PECR regulations which will affect marketers. The first is an extension of the ICO’s fining powers to cover breaches (including the power to serve monetary penalties of up to £500,000 to organisations that make unwanted marketing phone calls or send illegal email messages).

Sony breach plays out

Data breach stories continue to hit the headlines, including the loss of some 77 million details on Play Station users after an aggressive hacking attack. In the aftermath the main issue seems to be that Sony did not admit the breach quickly enough.

ICO Data Sharing Code

Earlier this month the ICO issued a new statutory code of practice designed to help businesses and public sector bodies share people’s personal information appropriately.
It covers all types of data sharing (including sharing for marketing purposes) and it gives advice on when and how personal information can be legally shared as well as how to keep it secure.

Overseas news

New privacy rules for India
Korea passes new DP law
The Commission and the cloud
Italy adopts limited opt-out and will develop MPS

Privacy and Electronic Communications Regulations

A regime of strict control over the collection and use of electronic data has been established in the Directive on Privacy and Electronic Communications (2002/58/EC).

Cookies Regulations Primer - May 2011

The changes which came in on 26th May 2011 mean that consent is required for the use of most cookies.

Countdown to cookie law

There is furious activity going on, both in the UK and Brussels, ahead of the May 25th deadline for the implementation of the new cookie law. Last month Information Commissioner Chris Graham gave a straight talking assessment to the DMA Data Protection Conference.

US and EU divided by a common language of privacy?

Some commentators would have us believe that the US and Europe are coming closer together on the issue of privacy. There were even simultaneous meetings last month in Brussels and Washington to talk about the thorny issue of online privacy and the future of data protection. Not surprisingly, however, the approach taken was reportedly very different.

Your chance to meet Opt-4 -

Summer Events

Rub out the daft “right to be forgotten”

Despite EU Justice Minister Viviane Reding thinking that the proposed “Right to be forgotten” should be one of the four pillars of the new data protection directive, opposition to the idea is growing.

Drawing the line on hosted third party content

Here at Opt-4 we regularly get asked about email marketing rules and especially about what kind of consent (opt-in, soft opt-in or opt-out) is required. This is a tricky area where both the Data Protection Act and the PECR regulations can apply.

DPO or no DPO?

Businesses may have to appoint Data Protection Officers (DPOs) under the new privacy regime being discussed by the European Commission; currently these appointments are optional although in some Member States having a designated DPO relieves the Data Controller from notifying processing to the authorities.

Latest from the ICO

The ICO has had a busy time issuing a further two monetary penalties (to Ealing Council and Hounslow Council on 8 February after the loss of two unencrypted laptops containing sensitive personal information relating to 1,700 individuals). This establishes encryption as a “must have” protection for portable devices.

How will “do not track” work?

Amidst a flurry of activity in the USA around consumer’s rights not to be tracked on the internet we are fast approaching implementation of the “cookie” Directive here in the UK.

Overseas news

India consults on data security rules:

The Indian IT Ministry is consulting on various rules to improve data security – particularly for processors and those who handle sensitive data.

Limited Italian TPS introduced:

One month into operation of the Italian “Robinson” list for telemarketing, the file contains 185,000 phone numbers.

Irish data breach code falls at last hurdle:

Following a massive data breach in December of last year which saw half a million members of the Gaelic Athletic Association stolen, the Irish Government has failed to give backing to a data breach code.

Your chance to meet Opt-4 –

10 March 2011

Rosemary Smith will be chairing the re-launch of the DMA’s Data Seal certification at the Charlotte Street Hotel, London.

16 March 2011

Opt-4 will be joining Information Commissioner Chris Graham at the “DMA Data Protection Conference” to be held at the Wellcome Collection, London.

Online training DPA360 is here!

To celebrate European Data Protection Day today, Opt-4, is introducing DPA360 a thirty minute course that sets out in an engaging and practical way everything employees need to know about data security and implementing the eight principles of data protection.

Shaping the new data directive

Now that both the UK Government and the European Commission have consulted on the content of the new Data Protection Directive businesses can only stand by and wait nervously for the first draft due out later this year.

Confusion rules on Cookies

Good news at last for website owners. With implementation of the “Cookie” Directive due in May there is now serious doubt as to whether it will really mean that opt-in consent is required for cookie use.

Overseas news

Big fines in Italian privacy “swoop”:

The Italian Garante has been busy with a programme of compulsory Data Protection audits and has issued over 250 penalty proceedings.

Hong Kong Privacy law under review:

The current “Ordinance” which governs data use in Hong Kong is being reviewed.

New Data Law in the Philippines:

A major outsourcing region, the Philippines, has introduced a new bill on data protection which is expected to be implemented before March.

Your chance to meet Opt-4 –

22nd February 2011
Rosemary Smith will be running “Print and Privacy – Applying data protection rules in a print business”

24th February 2011
Opt-4 will be delivering the "Data Protection in Practice"

16 March 2011
Opt-4 will be joining Information Commissioner Chris Graham at the “DMA Data Protection Conference”

Change of use

Marketers are full of creative ideas and regularly think up new ways of using the personal data they control. At times this “re-purposing” of data pushes the boundaries of what might be obvious to the data subjects themselves and that’s where problems arise.

Magazine privacy promises block sale of reader data

This month, creditors of a defunct US magazine had reason to regret very strong privacy promises made to readers when the Federal Trade Commission banned sale of the magazine's circulation data.

Annual cost of compliance £53m?

The Ministry of Justice puts the annual cost of compliance with the DPA at £53m.
The figure - in an Impact Assessment accompanying the recent consultation on the Data Protection Act - is significantly lower than many would expect. By far the biggest cost is attributed to responding to Subject Access Requests (c£49.9m).

Changes in timeframe (again) for new Directive

Data protection watchers could be forgiven for wondering if the European Commission knows what it is doing when it comes to revising the current Directive.
As we reported last month, there was a flurry of activity in early summer with the promise of a first draft of the new Directive by end of 2010.

Overseas News

German telemarketers fined, Blackberry denies data access, Italy stop list imminent and French toast Cookies?

Your chance to meet Opt-4 - Autumn 2010

Events at The Institute of Direct Marketing, Blackbaud Europe Relationship Management Conference and the new mediaPro exhibition

“Re-permissioning” top DP concern for direct marketers

If Opt-4’s in-box is anything to go by, legal re-permissioning of legacy data is a major pre-occupation for marketers. Personal data which has been collected without suitable consent – or worse where the consumer’s choice hasn’t been adequately recorded – seems to be everywhere.

New ICO Online Code confirms opt-out for cookies

In defiance of the prevailing opinion amongst European Regulators, the new ICO Online Code of Practice permits the use of cookies and behavioural advertising under an opt-out rather than an opt-in.

Revision of Data Protection Directive on fast track

All of a sudden there is a real urgency to the revision of the European Data Protection Directive on which the UK’s next DP law will be based. With just a few days notice, the European Commission issued a questionnaire asking stakeholders for their views on everything from profiling, the “right to be forgotten” and compulsory breach notification.

Complaints to ICO up 30%

The latest ICO Annual Report shows that data protection complaints have soared by over 30%. 32,714 cases were closed in the year 2009/10. Queries about data use were also up and the Office dealt with over 200,000 calls, mostly from members of the public concerned about use of their data.

Overseas news

Queuing behind the Boucher-Stearns Bill (reported here in May) Congress now has the Best Practices Act which also seeks to enhance consumer protection (particularly online) and to allow consumers the right of legal redress for poor data practices.

Both the Ukraine and Mexico have recently passed new data protection legislation.

It is 10 years since the European Commission recognised the US “Safe Harbor” principles but criticism of the scheme is building.

Your chance to meet Opt-4 - Autumn 2010

23rd September - "Data Protection workshop for Digital and Direct Marketers" at The Institute of Direct Marketing in Teddington.

12th October - “Data protection in the digital space” at the annual Blackbaud Europe Relationship Management Conference.

ICO unveils corporate plan with more enforcement on the cards

The Information Commissioner’s Office has unveiled its three year Corporate Plan which shows a determination to use the new penalties it has been given.

Consumers savvy about data – research shows value of clear privacy policies and trust

Following last month’s Digital study, the first DMA/FastMAP Data Tracking study provides interesting insight into how consumers behave with their data and what makes them more likely to share their information when asked.

New Data Protection Baron has his work cut out as data breaches top 1,000

The minister responsible for data protection issues in the Ministry of Justice has been named as Lord McNally. His early focus will undoubtedly be on stemming the increasing flow of lost personal data from Government departments and agencies.

Ireland consults on compulsory breach notification

The “creep” of compulsory breach notification continues with the Irish Data Protection authority publishing a draft code of practice which would mean notification to the commissioner of any loss of over 100 personal records – providing that the data lost was not encrypted or password protected.

Overseas news

Is Safe Harbor safe? A group of German privacy officers has cast doubt on the efficacy of the US “Safe Harbor” solution for the export of personal data from the EU.

Opt-out is not sufficient consent for behavioural advertising. The Article 29 Data Protection Working Party has published an opinion clarifying how EU rules apply to online behavioural advertising.

Your chance to meet Opt-4 - June and July

Opt-4 will be attending the Data Marketing show at Olympia 29th and 30th June.

Jenny Moseley is running an interactive workshop at the NCVO Conference in London at their Regent’s Wharf conference facility.

What is the real risk of an ICO fine?

There is no doubt that a potential £500,000 fine concentrates the mind when it comes to data protection compliance but what kind of risk of receiving a Monetary Penalty Notice (MPN) are data controllers really running?

Facebook and Google under continued privacy pressure

Both Facebook and Google have had a busy time defending their privacy practices recently. As leaders in the online and social networking world they have been singled out by regulators who want them to ensure that their services always have “privacy by design” at heart.

DP Changes possible under Con-Lib coalition

The new Government has pledged to increase the Information Commissioner’s powers and roll back the public sector’s intrusive storage of sensitive personal data.

Research highlights opt-out concerns

The first Digital Tracking Study conducted by Fast.MAP for the DMA has identified some of the reasons why consumers opt-out of email communications.

Overseas news

There has been a great deal of negative response from the US direct marketing industry to a recently introduced draft privacy bill. The US DMA reports that Boucher-Stearns bill would require “covered entities” (all but the smallest commercial data users) to provide privacy notices and an opportunity to opt-out when personal data is collected.

Your chance to meet Opt-4 - July

Monday 12th July - Jenny Moseley is running an interactive workshop at the NCVO Conference in London at their Regent’s Wharf conference facility.

ICO warns politicos to behave in election campaign

Just weeks after serving an enforcement notice on the Labour Party after it breached the PECR regulations by making half a million illegal unsolicited automated marketing calls, Information Commissioner Chris Graham has warned political parties to stay in line in the run up to the election.

Orange red in the face after common email gaff

Falling prey to what must be the commonest data protection gaff of all, an employee of mobile phone operator Orange recently released the email addresses of 300 subscribers by forgetting to put them in the “bcc” field when sending out a customer survey.

Will the privacy dividend pay off?

In a report published by the ICO, companies are being encouraged to make the most of the “Privacy Dividend” which they can get from taking data protection seriously. As anyone tasked with compliance will know, getting senior management to focus on Data Protection - and provide the investment needed - can be an issue. Sadly, the report is short on the hard evidence needed to persuade a sceptical Board.

Controller and Processor definitions and new standard clauses

European data protection regulators have been deliberating on the definitions of a “data controller” and a “data processor” which are increasingly blurred in a world that encompasses cloud computing and significant outsourcing. The Article 29 Working party has produced a new opinion on the definitions and has also adopted a revised set of contractual clauses which allow EU data controllers to export personal data to processors in other countries.

Overseas news

There is disagreement between European States about the status of IP addresses under data protection law.

Are they, or are they not, personal data?


Your chance to meet Opt-4 - Summer 2010

Jenny Moseley will be delivering the "Data Protection workshop for Digital and Direct Marketers" at The Institute of Direct Marketing in Teddington.

Half a million new reasons to comply with the DPA

The Information Commissioner has finally been given the enforcement “teeth” he has lobbied for; the maximum fine for “serious” breaches of the Data Protection Act 1998 will be £500,000 from 6th April 2010.

Online advertising gets regulatory focus

In December, Opt-4 heard Chris Graham launch his consultation on a Code of Practice covering online. The code aims to set out clear rules for handling personal information properly and for giving individuals an appropriate level of choice and control.

Cookie law crumbles

If the recent amendment to the Telecoms Directive is implemented in the UK, consumers may have to give active consent to the use of cookies after June 2011.

Behavioural targeting not popular with regulators

Reading privacy reports from around the world, it’s hard to find any Government sources with a good word to say about behavioural targeting.

Overseas news

More countries chasing “adequacy” status - Israel and Andorra have joined the small group of countries which are deemed to have “adequate” data protection regimes meaning that European data can be readily exported there.

Opt-in, opt-out shake it all about - Odd things have happened in two European states with a reputation for tough data protection regimes.

New Commissioner to expose bad practice

Christopher Graham – who took over the Information Commissioner’s job in June – knows all about the value of brand and reputation. After all, in his previous job at the Advertising Standards Authority he had very little sanction apart from “naming and shaming” the advertising code breakers. Not surprising then that he plans to extend the impact of the Office’s enforcement activity by using the potential for reputational damage as one of his weapons.

List businesses at risk from new prison penalties?

Some list businesses could be at risk if the two year prison sentence for illegal trading in personal data becomes law in April 2010. The Government is consulting on whether custodial penalties for Section 55 offences – where personal data is illegally sold – are appropriate. Strong lobbying from the ICO suggests that custodial sentences will be imposed.

New research confirms the power of words to drive consent

Recently published research by DVL Smith backs up Opt-4 findings that companies are not focusing enough attention on opt-out rates.

FEDMA investigating European email landscape

FEDMA, the Federation of European Direct and Interactive Marketing, has launched the first Pan-European email marketing benchmark study and is offering respondents a free executive summary in return for participation.

Breach notification comes closer

Under the revised ePrivacy Directive which will shortly be adopted by the European Parliament it will be mandatory for some organisations to notify data protection authorities and individuals when personal data is compromised and there are likely to be adverse effects.

Adestra report shows increasing confidence about email compliance

The Adestra/econsultancy Email Marketing Census for 2009 shows that a large majority of email marketers and their agencies believe that they fully understand the legalities of email marketing.

Pressure increases online

As Facebook settles a $9.5m class action and shuts down its controversial Beacon marketing programme there are two consultations underway in the UK which may lead to further restrictions of online advertising and data collection.

Overseas news

Will South Africa finally score privacy goal?
After nearly nine years in gestation it looks likely that South Africa will have a data protection law by the time it hosts the football World Cup next year.

Fight against DNC own goal in Oz
The Australian Direct Marketing Association is fiercely opposing the extension of the Do Not Call Register to cover business-to-business telemarketing.

Beware Balls of Kryptonite!

For anyone who has ever been tempted to “cut and paste” someone else’s privacy policy illegally, beware a recent US Federal Trade Commission case against a company which revels in the name “Balls of Kryptonite”.

Your chance to meet Opt-4 - Autumn 2009

Opt-4 Autumn public speaking events.

Does privacy pay?

The ICO’s announcement that it has decided to produce a report on how to create a business case for investing in proactive privacy protection is music to Opt-4 ears.

Notification fees change on 1st October

As a result of an increase in the registration fees for the largest data controllers from 1 October 2009, the ICO hopes to raise in excess of £16m to deal with data protection issues.

ICO Annual Report shows telemarketing complaints still high

The latest figures from the UK Information Commissioner’s Office annual report reveal that 20% of the 25,000 complaints received last year were about telephone calls. That’s 15% more than the complaints about email.

Exceptions may save list industry in Germany

Since a new opt-in law was passed in Germany last month, commentators and in particular the German list industry have been attempting to de-code the legislation. Some are optimistic that exceptions written into the law – largely as a result of industry lobbying - will allow the continued trading of data for legitimate third party use.

More "Do not call" lists with big fines in Europe

Spain and the Netherlands are joining the European countries where legally enforceable “Do not call” lists will be mandatory for telemarketers.

BSI launches Data Protection Standard 10012 - June 2009

A new standard for Data Protection compliance has been issued by the British Standards Institution which provides an infrastructure for maintaining and improving compliance with the Data Protection Act 1998.

Are you re-permissioning? - June 2009

One of the most frequently asked questions that Opt-4 deals with is how to legally “re-permission” legacy data, which may have been collected previously, without breaching the Act.

We will be conducting research over the coming months into what works and what doesn’t and putting together anonymised results to provide a benchmark of the success rates you can expect for this kind of project.

Parting shots from retiring Information Commissioner - June 2009

Richard Thomas CBE, who retires as Information Commissioner this month, has used his last public appearances to fire a few parting shots at the establishment.

And finally.....new code of practice on privacy notices - June 2009

Literally in the eleventh hour of his tenure, Richard Thomas has launched a code of practice on privacy notices.

Connectivity hits mobile directory storm - June 2009

Despite clearance from the ICO, a media storm greeted the launch of Connectivity’s 118-800 mobile directory enquiry service this month.

Behavioural targeting row continues - May 2009

European privacy watchdogs are divided on the legality of the powerful targeting delivered by behavioural advertising and a row has broken out over a leading proponent, Phorm.

Rand Study admits that transfer rules need replacing - May 2009

A new report commissioned by the UK Information Commissioner has suggested that Europe’s international data transfer rules are unrealistic against a backdrop of high-volume, globalised data flows.

When is a breach not a breach? - May 2009

Europe has moved closer to the compulsory notification of all data breaches with a European Parliament vote.

Google Street View doesn’t breach DPA says ICO - May 2009

The Information Commissioner’s Office has rejected demands from privacy activists to close down Google Street View.

Junk Fax Abuse Halted - March 2009

The ICO has issued an Enforcement Notice after the Fax Preference Service received numerous complaints from individual and corporate subscribers, who received unsolicited marketing from The Debt Collectors Limited.

Opt-4 research shows publishers don’t recognise permission threat - May 2009

A recent Opt-4 survey amongst publishers shows continuing complacency about opt-outs and the impact they can have on revenue.

Cross selling for third parties in emails - March 2009

Email marketers often struggle with the law covering the hosting of email marketing content on behalf of related group companies. The advice from the ICO is pretty clear indicating that individuals have to be asked whether they consent to receiving unsolicited marketing.

European Laws Tighten - March 2009

There have been several important changes in European data protection legislation.

Annual Track research reveals increasing data cynicism - March 2009

The ICO publishes annual research into consumer views about personal data and this year’s results show a climate of increasing distrust for data controllers.

Does data protection give you the "PIP" - February 2009

To celebrate European Data Protection Day last month (don’t tell me you missed it!) the Information Commissioner's Office...

Coroners and Justice Bill to provide for tiered notification - February 2009

The Coroners and Justice Bill which amends the Data Protection Act 1998 is progressing through Parliament.

New man in the ICO hot seat - February 2009

Christopher Graham, currently the Director General of the Advertising Standards Authority has been announced by the Ministry of Justice as the probable successor to the current Information Commissioner.

Marketers [still] missing millions through high opt out rates - February 2009

Previous Opt-4 research identified the growth of opt-outs as a major problem for marketers.

On the case - January 2009

If you are a data protection commissioner, nirvana might be a place where data protection rules are the same everywhere in the world and the privacy of the individual is guaranteed.

On the case - December 2008

Where do we stand in terms of data protection compliance and the use of our database without permission?

On the case - November 2008

Tough Data Protection laws have always meant that Germany is not an easy place for direct marketers but things could be about to get a whole lot worse.

On the case - October 2008

Almost simultaneously on both sides of the Atlantic, changes have been made to the rules covering telemarketing

On the case - September 2008

The UK direct marketing industry is reeling from yet another sideswipe from privacy regulators.

On the case - August 2008

My business is registered in the UK but I am about to set up business in Australia and I’d like to know what pitfalls might exist once I start to send marketing communications, particularly by email?

On the case - July 2008

What happens when you find the privacy policy of an acquired company doesn't match yours?

Privacy tip: Revealing account information - May 2008
May 2008
How a student, a concerned mother and a professor are relevant to data protection practices.

More consumer caution about personal data - May 2008
May 2008
Eight out of ten consumers now take greater care in the way they look after their personal information.

CPR puts Spammers at risk of Jail - May 2008
May 2008
The law is changing around spamming.

ICO welcomes new fining powers - May 2008
May 2008
The Criminal Justice and Immigration Act has created tough new sanctions for the ICO.

Need for sensible response to data breaches - May 2008
May 2008
Data breaches are on the increase. But what should organisations do if a breach has occurred?

On the case - June 2008

When does a “special relationship” override privacy rules

On the case - May 2008

Europe plans revision of e-commerce rules but are they tough enough?

On the case - April 2008

I don't know where to start to find out if my company is at risk of a data breach and with all the news coverage of what is happening in other companies, I'm concerned. Can you point me in the right direction?

On the case - March 2008

Governments make laws but it is generally companies which bear the costs of implementing them. The cost to your company of complying with relevant privacy legislation will depend to some degree on where you are reading this column and whether you trade nationally or internationally.

On the case - February 2008

Email permission – what’s it worth?

On the case - January 2008

Is it time for data breaches to go public?

On the case - December 2007

Is Bluetooth broadcasting covered by data protection law?

Tougher powers sought by ICO - February 2008
February 2008
The ICO has issued a paper setting out the case for changes to be made to the Data Protection Act.

Data sharing review continues - February 2008
February 2008
The Data Sharing Review was set up at the end of last year by the Prime Minister and consultation runs until this month

PECR Fines for nuisance fax - but not enough - February 2008
February 2008
There has been a recent successful prosecution under the Privacy and Electronic Communications Regulations for sending unsolicited marketing faxes.

Big brands make undertakings after data losses - February 2008
February 2008
Skipton Building Society and Marks & Spencer have both felt the wrath of the ICO in recent weeks after losing personal data held on laptops stolen from staff and agents.

Your chance to meet Opt-4 - February 2008
February 2008
Opt-4 will be speaking at various events in the following months. These include.

On the case - November 2007
November 2007
Cheap data...is it legal?

Outsourced or out of contol?
October 2007
Rosemary Smith of permission marketing consultancy Opt-4 explores the data protection issues in outsourcing subscription / circulation management.

Marketing moves into the age of consent
October 2007
The grey areas regarding opt-in and opt-out consent that exist in the Data Protection Act are there to be exploited by unscrupulous firms. So a growing number of businesses are embracing permission-based marketing to create trust with their customers. But is it possible to be opt-in and increase the consenting customer base?

On the case - October 2007
October 2007
Exactly what is covered by the definition of 'personal data'?

On the case - September 2007
September 2007
Do data protection breaches really lead to brand damage?

On the case - August 2007
August 2007
I didn't think there were any national data protection laws in the United States covering consumers, so why are companies there getting such huge fines relating to data abuse?

On the case - July 2007
July 2007
London's Financial Times called it a retreat; industry pundits were less kind, referring to a 'cave in' by Google when it bowed to pressure from the Article 29 Working Party (for the second time in four months) to revise its policy on the length of time it keeps information derived from cookies.

On the case - June 2007
June 2007
'Do global privacy better'. That was the message from the UK Information Commissioner, Richard Thomas, when he delivered a keynote speech at the International Association of Privacy Professionals' Summit in Washington in March.

On the case - May 2007
May 2007
Who exactly are the 'Data Protection Tsars'?

On the case - April 2007
April 2007
My company publishes free newsletters and has always used the double opt-in procedure, especially since we send emails throughout Europe. We always thought this was best practice but that doesn’t seem to be the case in Germany. Can you help unravel this for us?

On the case - March 2007
March 2007
If Data Protection leglisation is introduced in the USA, what would it look like?

On the case - February 2007
February 2007
Who is responsible when marketing emails are sent to lists without permission?

On the case - January 2007
January 2007
What are the consent issues for telemarketing?

On the case - December 2006
December 2006
When do privacy rules cover business-to-business data?

On the case - November 2006
November 2006
Can indiviudals prevent use of their data when it is in the 'public domain'?

On the case - October 2006
October 2006
South Africa is a major outsourcing centre. What privacy rules do they have?

On the case - September 2006
September 2006
Is marketing to children permitted under data protection legislation?

On the case - August 2006
August 2006
Is spam filtering by ISPs a consumer benefit or an infringement of privacy?

On the case - July 2006
July 2006
Is it true that Eastern Europe has tougher privacy legislation than the rest of Europe?

On the case - June 2006
June 2006
How can I legally export data from within Europe?

On the case - May 2006
May 2006
What is the European Commission doing to improve implementation of the Data Protection Directive?

On the case - April 2006
April 2006
Our inbound customer service department may not be taking enough care on the phone to prevent disclosure of information to unauthorised persons. I want to write a set of procedures, can you give me some tips?

On the case - March 2006
March 2006
Do I need to appoint someone to look after privacy compliance?

On the case - February 2006
February 2006
How do the UK’s Data Protection enforcement record and penalties compare with other countries?

On the case - January 2006
January 2006
I am starting a new business in the UK where I will be collecting data for marketing purposes, by myself and potential affinity partners (some of whom are outside Europe), can you tell me the top 5 things I should be aware of in order to be compliant under data protection legislation?

On the case - December 2005
December 2005
How can I protect personal data when outsourcing my processing?

On the case - November 2005
November 2005
There seems to be conflicting advice on consumer telemarketing and the TPS. Can you help me to sort out the rules on what I have to do to telemarket to both cold and customer lists compliantly?

On the case - October 2005
October 2005
My company is looking to acquire another company with a large number of customers on their database. What do we have to do to make sure that we can legally contact the customers of the company after acquisition?

On the case - September 2005
September 2005
What are the rules regarding storage of credit card information within an ecommerce application?

Data Protection
17th March 2006
Jenny Moseley, Director of Opt-4 comments on the latest research for Catalogue & e-business magazine

On the case
April 3rd 2006
Data protection experts Rosemary Smith and Jenny Moseley answer your permission marketing questions.

Opt-4 wins PhysioRoom.com data advice business
December 8, 2005
Opt-4 has won the online data collection and permission marketing account for PhysioRoom.com.

DMA Data Protection 2016 – Regulators’ plans to combat nuisance calls but no firm guidance yet on GDPR
Thursday, March 3, 2016
A capacity audience at the DMA Data Protection 2016 conference heard warnings from Government and the ICO that the nuisance call industry was under concerted attack.

Privacy Shield tweets – Safe and secure or a “ten layers of lipstick on a pig”
Thursday, March 3, 2016
To say that reactions on Twitter to the new Privacy Shield have been mixed is a significant understatement.

Telemarketing Campaigns – practical guidance on consent and due diligence
Thursday, March 3, 2016
Telephone lead generation, outbound telemarketing and fundraising have come in for a great deal of recent criticism from regulators and consumers. The very power of the channel means that it will always gain a reaction – good or bad. Add the fact that there has been some blatant bad practice and you have a recipe for consumer dissatisfaction and regulatory clampdown.

British Red Cross makes promises on fundraising
Thursday, March 3, 2016


Charities face enforced regulation and ‘opt-in’ consent
Friday, November 20, 2015
Proposed amendments to the Charities Bill could see organisations facing prosecution if they fail to abide by tough new fundraising rules. Two new clauses would give the Government reserve power to introduce statutory regulation and force large charities to sign up to a new fundraising watchdog.

European Commission guidance on EU-US data transfers
Friday, November 20, 2015
The European Commission has reiterated its wish for a swift agreement on a new Safe Harbor agreement. It has urged U.S. authorities to take the next step in on-going negotiations. Meanwhile, the EC has published guidelines for alternative methods for transatlantic data flows.

European legislators reveal the General Data Protection Regulation (GDPR) areas yet to be agreed
Friday, November 20, 2015
Negotiators working on the long-awaited GDPR are optimistic full agreement can be reached by the end of the year. However, some crucial issues remain outstanding.

Who is the ICO fining?
Friday, November 20, 2015
Losing data, selling data without permission, unsolicited text messages and dodgy telemarketing calls are the most likely offences to cost businesses money.

How a data breach could seriously harm your reputation
Friday, November 20, 2015
Talk Talk’s reputation has been seriously compromised in the aftermath of its cyber-attack and the company is taking a £30 million hit to put things right, but the list of big brands in the news over data breaches doesn’t end there.

Opt-4’s quick reference guide to General Data Protection Regulation (GDPR)
Wednesday, October 28, 2015
The much-anticipated General Data Protection Regulation has been hotly debated across Europe is now on the final stretch to becoming finalised.

Does your third party data really provide valid consent for marketing?
Thursday, September 10, 2015
Businesses which use personal data passed on by third parties for direct marketing purposes cannot rely solely on the terms of their data sharing agreements, an information rights tribunal has confirmed.

The benefits of a Preference Centre
Thursday, September 10, 2015
Preference Centres are becoming increasingly popular in the UK, especially businesses with multiple brands or products/services. The benefit to consumers is quite obvious: it gives them control and the opportunity to say what types of message they want to receive and how often. But there are also great benefits to business wishing to manage their opt-outs better.

Children’s websites
Thursday, September 10, 2015
An international project run by Global Privacy Enforcement Network (GPEN), which looked at almost 1,500 websites and apps used by children, has raised concerns over the personal information collected.

A third of workers admit they would leak sensitive data
Thursday, September 10, 2015
How secure is personal data in the hands of employees? Not at all safe it appears. A recent poll has revealed a third of employees would sell information on company patents, financial records and customer credit card details if the price was right.

Charities back 'strengthened' fundraising code
Thursday, September 10, 2015
The latest probe into fundraising activities has led some leading charities to say they will commit to a ‘strengthened’ fundraising code to stop vulnerable donors being exploited. Writing to the Sunday Times, the bosses of seventeen charities said they would support the creation of a new regulator which could investigate and use “strong penalties” for any charity breaking the rules. No-one should be "pressured into giving", the charity leaders wrote.

The public care about personal data but knowledge gap remains
Thursday, September 10, 2015
Consumer knowledge of personal data is growing and the public realise the importance they play in protecting their own data.

How will you use customer location data?
Wednesday, July 08, 2015
At Opt-4 we’ve been keeping an eye on the rapid growth of mobile and hyper-local services. This phenomenon has been fuelled by the continuing growth in smartphone & tablet usage.

A step closer to the new Data Protection Regulation
Wednesday, July 08, 2015
After 3 years of negotiations, the new General Data Protection Regulation moved a big step closer on 15th June. The first in a series of eight ‘Trilogue’ meetings took place between the European Parliament, Commission and Council in Brussels.

People feel out of control of their data
Wednesday, July 08, 2015
The new Eurobarometer Survey on Data Protection has been published and the results reinforce the need for the new Regulation, to keep up with the pace of technological change.

Improve your consent rate and grow your usable database!
Wednesday, July 08, 2015
Gaining consent for marketing communications is a challenge faced by most businesses. As technologies advance, the value of marketing consent is becoming greater and greater. But in the past writing statements to maximise consent rates was somewhat of a black art.

Three versions of the truth about marketing consent
Monday, May 18, 2015
While the data protection pundits argue about when the Data Protection Regulation will be finally agreed (our money is still on 2016) one thing is sure, the definition of what qualifies as “consent” will change

Conference contrasts
Wednesday, April 01, 2015
With just a weekend separating them, the DMA’s Data Protection Day 2015 and the ICO Data Protection Practitioner Conference presented some interesting contrasts.

12 months of Privacy
Tuesday, December 16, 2014
2014 has been a big year in privacy. Here are some highlights

A few of our favourite things in 2014
Tuesday, December 16, 2014
With all the news of breaches and blunders, it’s great to be able to celebrate good data protection practice and effective use of data so here are a few examples of the right way to do things...

Tech giants indulge in privacy one-upmanship
Tuesday, September 23, 2014
There seems to be a rather public mud-slinging match going on between tech giants Google, Microsoft and Apple and it’s all about privacy.

New Commissioner urged to get on with the Data Protection Regulation and e-Privacy is next
Tuesday, September 23, 2014
After the inevitable hiatus caused by the European Elections, the new- look Commission, under Jean-Claude Juncker, has defined its mission to get the draft Data Protection Regulation through the legislative process in the next six months.

ICO warns exiting employees to keep their hands off data
Tuesday, September 23, 2014
The Information Commissioner’s Office (ICO) has warned employees that walking off with the personal information of their employer when changing jobs is a criminal offence.

App-alling
Tuesday, September 23, 2014
The ICO recently reported that a survey of over 1,200 mobile apps by 26 privacy regulators from across the world showed that a high number of apps are accessing large amounts of personal information without adequately explaining how people’s information is being used.

Not forgotten
Tuesday, September 23, 2014
The Article 29 Working Party met on 16-17 September and the member Regulators were said to have had an “extensive exchange of views on the effects of the CJEU ruling recognising the right for an individual to have links removed from the list of results displayed following a search on the basis of a person’s name” (aka the Right to be Forgotten).

Not giving up
Tuesday, September 23, 2014
In a long running legal battle a US court recently found Microsoft in contempt for refusing to hand over copies of emails stored on a server in the Republic of Ireland, to the US government.

New Data Protection laws in Europe could have global impact
Tuesday, August 26, 2014
Some global brands are very worried about the impact of the revised European Regulation on Data Protection which is currently being debated in Europe and they probably should be.

New opt-in benchmark takes guesswork out of permission statements
Tuesday, July 08, 2014
As brands struggle with low opt-in rates and the legal regime for data collection tightens, permission wording is under the spotlight.

Mansfield case is not the end of soft-opt-in
Tuesday, July 08, 2014
The Mansfield case (where John Lewis found themselves in the dock over the interpretation of soft opt-in) shows just how easy it can be for individuals to “have a pop” at iconic brands regarding marketing permission

Facebook shocks users with sentiment testing
Tuesday, July 08, 2014
If you think Facebook users are pretty relaxed about privacy, you may want to think again

Evidence needed in defence of good lead gen practice
Tuesday, July 08, 2014
As part of the DCMS Action Plan on nuisance calls Which? has set up a task force to review how consumers give consent for marketing. The activity is in response to considerable consumer complaint about telemarketing and lead generation.

International marketers perplexed by Canada’s new anti-spam laws
Tuesday, July 08, 2014
The new anti-spam legislation in Canada (CASL) which came into force on 1st July is causing havoc for international email marketing. The combination of overbroad drafting and extra-territorial reach means a huge number of businesses mailing into Canada will be caught out.

FTC declares war on data brokers
Tuesday, July 08, 2014
As soon as they saw the title of the recently published Federal Trade Commission report, US data providers must have known what they were in for. “Data Brokers: A Call for Transparency and Accountability” is a hard-hitting look at the data industry which pulls no punches about what the Regulator thinks.

Forget Me, Google
Thursday, May 22, 2014
In a landmark ruling, Google has been ordered to take down historical search results of an individual in Spain, setting a legal precedent that could be hugely damaging for publishers and search engines alike.

Q&A: The evolving challenge that is anonymisation
Thursday, May 22, 2014
Sophie Cameron of E-Commerce Law & Policy spoke to Opt-4’s Michael Bond, about the Article 29 Working Party’s (WP29) recent opinion and what businesses need to do to ensure they are on top of the evolving challenge presented by data anonymisation.

Nuisance Calls Action Plan Gathers Pace
Thursday, May 22, 2014
The Department for Culture Media and Sport (DCMS) has released an action plan which includes legislative procedures that would lower the threshold for fines to be levied by the Information Commissioner’s Office (ICO) to marketers who breach the rules around marketing calls and other electronic marketing methods.

First TPS fine from Trading Standards
Friday, May 23, 2014
In another cold call development, TPS chief, John Mitchison, has warned organisations to expect more fines after Dorset County Council Trading Standards issued a landmark £36,000 penalty to a firm for not checking call lists against the Telephone Preference Service. This is the first time Trading Standards have used these powers.

DMA Clarifies ICO guidance on Direct Marketing
Thursday, May 22, 2014
As we reported last year, in September 2013 the Information Commissioner’s Office (ICO) issued an update to its guidance on direct marketing. While it is not legally binding, the guidance is important as it will govern the way the ICO assesses potential breaches of Data Protection laws. But there were parts of the guidance that were causing some marketers to scratch their heads; in some places the guidance was confusing and even contradictory. Since the guidance was issued, the DMA has been working hard to get some concessions from the ICO and answers to some key questions, especially around the crucial conditions for obtaining consent.

People Power catches Rogue Marketers
Thursday, May 22, 2014
On the 20th May 2014 the Information Commissioner’s Office (ICO) reported that two companies accused of making thousands of nuisance marketing calls, face substantial fines after it received a total of over 1200 complaints from the public.

International News -Ireland: Regulator releases 25th annual report
Thursday, May 22, 2014
International News -Ireland: Regulator releases 25th annual report, highlighting that public services need to do more to protect data.

International news: Canada
Thursday, May 22, 2014
Regulators address panic over new anti-spam rules

International news: USA
Thursday, May 22, 2014
USA - Freedom Act clears the House Judiciary Committee and heads to the House Floor

In praise of “legitimate interests”
Thursday, May 22, 2014
In one of its recent opinions, the Article 29 Working Party (consisting of all European data protection regulators) has clarified when the processing condition of “legitimate interests” can be used to justify marketing.

European Parliament rolls over to data protection concerns
Wednesday, March 12, 2014
I don’t know about you but I was amazed to hear that the European Parliament had voted by a massive 621 votes in favour (10 against and 22 abstentions) to support the latest draft of the General Data Protection Regulation from the LIBE Committee.

Are businesses walking into data disaster?
Thursday, February 20, 2014
Opt-4's Rosemary Smith's blog for the Direct Marketing Association looks at the importance of getting Data Protection into the boardroom!

Reding unveils timelines for reform - Data Protection Day 2104
Tuesday, January 28, 2014
Data Protection Reform could be agreed by the end of 2014 according to a memo issued by the European Commission and a speech by the main sponsor of the reform Viviene Reding.

Privacy… The word of 2013 but what does it mean?
Monday, January 20, 2014
An Internet search defines privacy as “freedom from interference” but that’s only one interpretation. It is certainly not what we mean when we talk about privacy in the context of the commercial use of Personal Data. Privacy means so many different things to virtually everyone but is there one defining element to privacy that society can agree on?

Reding urges for “full steam ahead” on Data Reform
Monday, January 20, 2014
EU Justice Commissioner, Viviane Reding, has made yet another attempt to speed up Council negotiations on the Data Protection Regulation reform as the May European elections edge closer and with it the deadline for agreement.

ICO consultation suggests enforcement on only the most serious cases
Monday, January 20, 2014
The Information Commissioner’s Office (ICO) launched a consultation on the 18th December called “Our new approach to Data Protection concerns”, which seeks stakeholder views on key changes to the way it handles complaints. The, consultation which ends on the 31st January 2014, proposes that the ICO will only investigate cases where there is serious breach or where an organisation is repeatedly reported to the ICO.

Unsolicited calls debate ramps up pressure for Government action
Monday, January 20, 2014
With Talk Talk now the only telecoms provider to offer free call screening services in order to prevent spam calls, and the number of complaints made to the Regulator about spam calls increasing, Government is increasing its efforts to improve privacy but at what cost for business?

Information Commissioner’s Office (ICO) looks to Privacy Seals
Monday, January 20, 2014
In its January newsletter the ICO has confirmed that it is exploring the development of an independent third party accreditation or privacy seal.

ICO to conduct workshop on Marketing Lists
Monday, January 20, 2014
The Information Commissioner’s Office is to hold a workshop focused on marketing lists. The aim is to garner a better understanding of what organisations experience when buying lists and identify areas of good and bad practice. The ICO is interested in seeing where improvements can be made to the process.

Singapore: PDPC allows companies to send marketing without checking Do-Not-Call registry
Monday, January 20, 2014
The Singapore Data Protection Commission (PDPC) has reached a decision that marketers may send certain messages to people registered on the Do Not Call registry (DNC) where certain conditions are met.

Germany: Authorities clarify marketing guidance
Monday, January 20, 2014
On the 10th December a German working group released new guidance that seeks to clarify existing rules relating to the use of Personal Data for advertising purposes.
While these are not new rules the guidance seeks to demystify confusion that exists. German laws are often interpreted differently across different regions and authorities.

CNIL Fines Google 150,000 Euros for non-compliance
Monday, January 20, 2014
Google has been fined by yet another Data Protection Regulator for non-compliance with national Data Protection Laws, in what is becoming a regular source of income for Data Protection authorities around Europe.

USA: CES highlights the future of connected devices & Privacy concerns
Monday, January 20, 2014
The Consumer Electronics Show (CES) being held in Las Vegas this week has always been a great predictor about how consumer electronics are evolving.

This year has been no exception with smart TVs, cars and connected devices. Samsung stole the show announcing a new feature that would connect all of its devices in your home that could talk to each other, moving us ever closer toward the “internet of things”.

Poland: New Data Protection rules on transfers and DPOs
Monday, January 20, 2014
Data transfers are set to become easier in Poland according to a new draft Data Protection law. The new rules would allow international data transfers without the consent of the regulator as long as there were adequate safeguards in place, i.e. data transfer agreements, which include standard contractual clauses approved by the European Commission.

Update: Progress of EU Data Protection Regulation
Tuesday, November 26, 2013
On the 21st October MEPs in the LIBE Committee, who are the lead committee in the European Parliament tasked with progressing the Data Protection reforms, agreed on a compromise text that can now be used in negotiations with the European Council and Commission, bringing the draft Data Protection Regulation one step closer to reality.

ICO extends consultation on privacy notices Code of Practice
Tuesday, November 26, 2013
The ICO has recently extended its consultation period, looking to business for views on how it could change its Code of Practice on privacy notices (The Code). The process will now end on the 30th of November.

Spam Texts Case – Monetary Penalty Cancelled
Tuesday, November 26, 2013
Tetrus Telecom, which was fined £300,000 in a monetary penalty notice (MPN) on the 26th November 2012, has had its fine cancelled on appeal by the Information Tribunal.

Private Members Bill moves to make TPS a register for those who opt-in to marketing
Tuesday, November 26, 2013
The Unsolicited Telephone Communications Bill (HL Bill 18) was introduced in on the 14th of May 2013 as a private members bill, and if passed into law, would reverse the way the Telephone Preference Service (TPS) works.

Privacy by Design: a vital tool for Business
Tuesday, November 26, 2013
Privacy by design (PbD) is a concept that many would think is reserved for academics and the public sector but they would be wrong! Given the significant emphasis on PbD in the draft Data Protection Regulation, it is a management tool that most organisations will have to adopt in future to be compliant with the law. Not such a bad thing, as Opt-4’s Mike Bond explains.

Malaysia: Personal Data Protection Act (PDPA) Finally in Force
Tuesday, November 26, 2013
Three years after it was passed by the Malaysian Parliament (2010) the PDPA is finally in force, and gives data users (organisations who use Personal Data) 3 months to get their houses in order.

India: Indian Privacy Protection Bill 2013 - a step in the right direction
Tuesday, November 26, 2013
The Indian Centre for Internet and Society has proposed a bill that would bring Indian Data Protection closer to the regimes that are found in Europe.

United States: New Californian law of “Erasure” will come in to effect in 2015
Tuesday, November 26, 2013
Law SB 568 or the “Eraser Button law” will take effect in the State of California on the 1st of January 2015 and will require organisations that focus on minors to make privacy-related changes to their businesses and websites.

Australia: Privacy Principles up for debate
Tuesday, November 26, 2013
Ahead of the new privacy laws that are expected to come into force in March 2014 (Privacy Amendment (Enhancing Privacy) Act 2012 (Cth)), the Australian Information Commissioner is in the process of consulting on a set of privacy principles that would, in theory, help organisations prepare for the impending changes.

Data Protection Regulation Webinar
Tuesday, November 05, 2013
Opt-4's Rosemary Smith recently took part in a roundtable webinar with other data protection experts to discuss the progress of the Regulation

UK Direct Marketing Industry to be hit by ICO guidance
Friday, October 11, 2013
The Information Commissioner’s Office (ICO) has published new tougher guidance on the rules surrounding direct marketing and the Telephone Preference Service, which will have a significant effect on how the industry can use Personal Data.

European discussions on Data Protection Regulation ramp up
Friday, October 11, 2013
On the 7th October the European Union’s Justice and Home Affairs Council met to discuss elements of the “one-stop-shop” provision in the Proposed Data Protection Regulation, resulting in widespread assent for the provisions.

Data Protection Authorities agree key resolutions at Annual Conference
Friday, October 11, 2013
On September 24th at the 35th International Conference of Data Protection and Privacy Commissioners representatives held a closed session to discuss several points of interest which resulted in the release of agreed Resolutions on vital policy areas, including: Apps, Profiling, Enforcement coordination, web-tracking and digital education.

ASA’s lack of teeth on OBA, a cause for concern for self-regulation
Friday, October 11, 2013
The Advertising Standards Authority (ASA) recently published its half-year report on the Regulation of Online Behavioural Advertising (OBA), revealing the extent to which the rules designed to protect consumers are largely being ignored.

fast.MAP’s Marketing Gap research for 2013: Marketers are struggling to keep up with consumers

Survey results in the 9th annual Fast.MAP Marketing-GAP Tracking Study show that marketers are often projecting their own channel prejudices on to the consumers they are targeting.

Information Commissioner to review Privacy Notices Code of Practice
Friday, October 11, 2013
In a recent newsletter the Information Commissioner’s Office (ICO) announced that it was seeking feedback on whether it should update its Code of Practice on Privacy Notices, which was last updated in 2010.

Singapore clarifies its position on Data Protection
Friday, October 11, 2013
On the 24th September the Singapore Personal Data Protection Commission issued guidance on the new Singapore Data Protection Act

USA pushes for Online Bill of Rights
Friday, October 11, 2013
In a report by Politico.com the Whitehouse is said to be pushing forward with plans to “boost online privacy safeguards for consumers”.

California gets “eraser” button for online posts
Friday, October 11, 2013
aw, S.B. 568 signed by California Governor Jerry Brown makes California the first state in America to allow under 18 year olds to remove information easily from websites and apps.

New "game-changing" Guidance from the ICO on Direct Marketing
Tuesday, September 10, 2013
New “game-changing” advice from the ICO on Direct Marketing

The Information Commissioner’s Office has published new tougher guidance on the rules surrounding direct marketing and is simultaneously calling for the law to be tightened to allow for more enforcement of the Telephone Preference Service.

Reding pushes for faster progress on Data Protection reform
Tuesday, August 20, 2013
On the 15th July Viviane Reding, the EU Commissioner for Justice issued a statement calling for the European Council to “speed up the work in the Council on this important file”.

ICO fines bank over fax blunder
Tuesday, August 20, 2013
The Bank of Scotland (BoS) has been fined by the UK Data Protection Regulator (ICO) after it repeatedly failed to stop financial details of customers to being sent to the wrong people.

Microsoft Vs Google: The battle for email
Tuesday, August 20, 2013
In a recent blog post on a Microsoft owned website, “Scroogled.com”, Microsoft launched its latest attacked Google, stating that the search engine not only reads user emails to target adverts but that it has now begun sending targeted adverts that look exactly like emails directly to the user’s inbox, a practice that the blog post has dubbed “GSpam”

Data Protection sweep finds hole in online Privacy Policies
Tuesday, August 20, 2013
23% of websites and mobile apps have no privacy policy according to a privacy sweep by a group of Data Protection regulators. The analysis of 2186 sites by the Global Privacy Enforcement Network (GPEN) took place in May this year and was designed to recreate the user journey through a website or mobile app and to assess the efficacy of those sites’ privacy policies.

ICO & Ofcom team up to tackle nuisance calls
Tuesday, August 20, 2013
The Information Commissioner’s Office and Ofcom have released a joint action plan that aims to tackle the increasing concerns of people about the prevalence of nuisance calls.

International news: Ukraine
Tuesday, August 20, 2013
On the 23rd of July the Ukrainian President signed a law crafted to improve data protection in the region.

International news: Australia
Tuesday, August 20, 2013
An update to the Australian Federal Privacy Act 1998 by the Privacy Amendment (enhancing Privacy Protection) Act 2012 is effective as of 12th March 2013 and will mean a step change in the way businesses must protect personal data.

International news: France
Tuesday, August 20, 2013
A court in France has ruled in favour of a company that dismissed an employee based on emails sent between the employee and a competitor that were found on his computer, according to Field Fisher’s Information Law blog.

Do Not Track Falters
Tuesday, July 16, 2013
W3C’s working group on tracking and protection issued a decision on the 16th July 2013 rejecting the Digital Advertising Alliance’s (DAA) proposal for an alternative base text to be used in developing a Do Not Track standard. A move that is likely to cause concern among Advertisers

Full DAPIX text Leaked
Thursday, July 11, 2013
On the 21st June 2013 the organisation Statewatch released an official document containing the full text of the Draft General Data Protection Regulation. The text shows the amendments, which the Council of Europe’s working group on information exchange and Data Protection (DAPIX) have been working on.

Draft General Data Protection Regulation Update June 2013
June 11 2013
“Battle of the texts” continues as Irish Presidency weighs in.

As the LIBE Committee wades through over 4,000 amendments to the draft General Data Protection Regulation, the Irish Presidency has issued a “compromise text” of Chapters I-IV showing some hopeful signs for marketers.


ICO ramps up enforcement on illegal marketing

The ICO has issued a press release stating that it has handed out monetary penalties totalling £440,000 to two rogue marketers, who for three years, sent millions of spam text messages to the public.

Ministry of Justice report shows huge compliance costs of Data Protection Proposals

A long awaited impact assessment produced by the Ministry of Justice (MOJ) has highlighted that if the new rules covering Data Protection law go through as currently drafted, the cost to businesses in the UK could be as high as £360 million pounds.

ICO under fire from Leveson

Lord Leveson has accused the ICO of ‘missing the opportunity’ to tackle press issues when they came to light over a decade ago

ICC UK issues second round of guidance on Cookies

Six months after its first round of guidance on implementation of the cookie law; the UK International Chamber of Commerce Digital Economy Group has issued a second edition of their advice to website owners.

ICO fines for inaccurate data

Prudential has been hit with a £50,000 fine for accidentally merging the accounts of two of its customers, who share the same name and date of birth.

International News

Ireland: Facebook questioned over privacy policy changes

Australia: Privacy Commission to get new powers

India: Minister to usher in new data protection regime

ICO to fine rogue marketers £250,000

The Information Commissioner’s Office is on course to issue two monetary penalties totalling a staggering quarter of a million pounds, to two marketers who were illegally distributing millions of spam text messages

Committee Releases second working document on the Data Protection Regulation

The Draft Data Protection Regulation has come under increasing scrutiny behind the scenes in the European Parliament during recent weeks. An updated working document highlights the need to clarify key definitions and terms in the text, which are likely to impact marketers significantly as they are currently drafted.

“Do Not Track” standards are not going far enough to help with cookie consent

In a recent Speech, Neelie Kroes, who is responsible for the European Union’s Digital Agenda, explained that the “Do Not Track” standard, as it currently stood, would not help cookie compliance.

UK issues Cloud Computing Guidance

In September the Information Commissioner’s Office (ICO) issued updated guidance on cloud computing. The Guidance makes it clear that organisations remain obliged to ensure data is handled responsibly, even when the data is passed to a cloud provider.

Digital Advertising Spend reaches £2.59 Billion

A report conducted by PricewaterhouseCooper (PWC) for the Internet Advertising Bureau (IAB) shows that advertising expenditure rose 12.6% in the first half of 2012, with a massive 132% rise in mobile spending.

International News

Uruguay given Adequacy Status and Monaco to Follow

Ireland Fines £24,000 for lost laptops

Austria Moves to Online Registration

Germany Gets Stricter Rules on Marketing and Advertising

Data Protection Proposals continue to evolve

A sense of pragmatism has emerged from the European Parliament in recent weeks, with the news that an agreement has been reached that would give the European Commission power to change the rules on data protection, as technology and attitudes change.

Cookies: Opt-4 creates new EU cookie chart

As the implementation of the e-Privacy Directive in the UK becomes clearer, attention is turning to other European countries. To help industry get the full picture Opt-4 has developed a chart, which maps the implementation of the ‘cookie law’ in all of the European Members States.

Monetary Penalty hits Private Sector

The Information Commissioner’s Office (ICO) has imposed a £150,000 civil monetary penalty (CMP) on the Consumer lender, Welcome Financial Services Limited, after they lost more than 500,000 customers’ details. The ICO hopes that such penalties will remind organisations of their duties to keep data safe.

Overseas News

Hong Kong Data Ordinance Amended:

The Hong Kong Legislative Council recently passed a bill to amend the Personal Data Ordinance, which will become effective in phases starting on 12th October 2012.

Italian TPS reaches 1 Million:

In July 2012 the Italian Telephone Robinson List has surpassed 1 million subscribers.

Online Data Protection Training with DPA 360.

Four out of five companies caught breaching the Data Protection Act have not trained their staff properly. Opt-4’s online training tool, DPA360 helps to educate staff on data protection issues and they don’t even have to leave their desks!

Reding sticks to her guns over tough new data protection Regulation

Despite a “battering” from both within and without the European Commission EU Commissioner Viviane Reding has proved to be a lady not for turning.

Cookie deadline looms – No silver bullet yet

Less than six months away from enforcement of the UK’s new cookie law website owners are still struggling to find a workable solution to the requirement for informed consent. Enforcement will happen in the UK as of 26th May 2012 but time is running out for the industry and Europe’s regulators are generally unsympathetic.

Facebook under fire as Google gets green light

It has been a torrid few months for Facebook which has found itself under fire on both sides of the Atlantic for its privacy practices.

Data concerns won’t go away

The ICO’s “Annual Track” research for 2011 shows that public confidence in how personal information is being handled continues to decline; less than half of our prospects believe we will process their information fairly.

Overseas news

New Data protection laws

New or amended data protection legislation has been passed in the last few months in Angola, Austria, China, Columbia, Hungary, India and Peru.


DPA360 – Online training in data protection

Four out of five companies caught breaching the Data Protection Act have not trained their staff properly. Opt-4’s online training tool, DPA360 helps to educate staff on data protection issues and they don’t even have to leave their desks!

ICO wants commerce to embrace audits

Launching his annual report in a webcast last week, the Information Commissioner encouraged the private sector to stand up and be audited.

“Permission Please” research published

The results of a new Opt-4 survey underline how gaining marketing permission is increasingly difficult for brands and nearly three quarters of respondents - all household names from a range of sectors - agreed that marketing opt-out rates represented a major business threat.

Data thieves pay the price

In the first meaningful prosecution of its kind, two former employees of T-Mobile who illegally sold customer data were ordered to pay a total of £73,700 in fines last month. The fines reflected, in part, the ill-gotten gains the pair made from the data sales.

ICC takes lead to find cookie solutions

In the frenetic run up to the Cookie Regulations becoming law, the International Chamber of Commerce (ICC) played a key role in bringing law makers, the regulator and commerce together. The – sometimes heated – exchanges at meetings facilitated by the ICC forced DCMS to issue an eleventh hour open letter of explanation and significantly influenced the ICO’s agreement of a 12 month enforcement “holiday”.

Overseas news

Data protection moves closer in Costa Rica
Twitter in trouble
Reding and Kroes speak out in Europe
Italian DP fines hit E4m
India changes rules for outsourcers


DPA360 – Online training in data protection

Four out of five companies caught breaching the Data Protection Act have not trained their staff properly. Opt-4’s online training tool, DPA360 helps to educate staff on data protection issues and they don’t even have to leave their desks!

Confusion reigns on “Cookie Day”

It’s “Cookie day” in the UK but website owners and legal experts are still desperately sifting through the new rules and advice from the Information Commissioner’s Office trying to get a clear picture of what it all means.

PECR violations will bring fines

Creeping in under the cookie storm there are other changes to the PECR regulations which will affect marketers. The first is an extension of the ICO’s fining powers to cover breaches (including the power to serve monetary penalties of up to £500,000 to organisations that make unwanted marketing phone calls or send illegal email messages).

Sony breach plays out

Data breach stories continue to hit the headlines, including the loss of some 77 million details on Play Station users after an aggressive hacking attack. In the aftermath the main issue seems to be that Sony did not admit the breach quickly enough.

ICO Data Sharing Code

Earlier this month the ICO issued a new statutory code of practice designed to help businesses and public sector bodies share people’s personal information appropriately.
It covers all types of data sharing (including sharing for marketing purposes) and it gives advice on when and how personal information can be legally shared as well as how to keep it secure.

Overseas news

New privacy rules for India
Korea passes new DP law
The Commission and the cloud
Italy adopts limited opt-out and will develop MPS

Privacy and Electronic Communications Regulations

A regime of strict control over the collection and use of electronic data has been established in the Directive on Privacy and Electronic Communications (2002/58/EC).

Cookies Regulations Primer - May 2011

The changes which came in on 26th May 2011 mean that consent is required for the use of most cookies.

Countdown to cookie law

There is furious activity going on, both in the UK and Brussels, ahead of the May 25th deadline for the implementation of the new cookie law. Last month Information Commissioner Chris Graham gave a straight talking assessment to the DMA Data Protection Conference.

US and EU divided by a common language of privacy?

Some commentators would have us believe that the US and Europe are coming closer together on the issue of privacy. There were even simultaneous meetings last month in Brussels and Washington to talk about the thorny issue of online privacy and the future of data protection. Not surprisingly, however, the approach taken was reportedly very different.

Your chance to meet Opt-4 -

Summer Events

Rub out the daft “right to be forgotten”

Despite EU Justice Minister Viviane Reding thinking that the proposed “Right to be forgotten” should be one of the four pillars of the new data protection directive, opposition to the idea is growing.

Drawing the line on hosted third party content

Here at Opt-4 we regularly get asked about email marketing rules and especially about what kind of consent (opt-in, soft opt-in or opt-out) is required. This is a tricky area where both the Data Protection Act and the PECR regulations can apply.

DPO or no DPO?

Businesses may have to appoint Data Protection Officers (DPOs) under the new privacy regime being discussed by the European Commission; currently these appointments are optional although in some Member States having a designated DPO relieves the Data Controller from notifying processing to the authorities.

Latest from the ICO

The ICO has had a busy time issuing a further two monetary penalties (to Ealing Council and Hounslow Council on 8 February after the loss of two unencrypted laptops containing sensitive personal information relating to 1,700 individuals). This establishes encryption as a “must have” protection for portable devices.

How will “do not track” work?

Amidst a flurry of activity in the USA around consumer’s rights not to be tracked on the internet we are fast approaching implementation of the “cookie” Directive here in the UK.

Overseas news

India consults on data security rules:

The Indian IT Ministry is consulting on various rules to improve data security – particularly for processors and those who handle sensitive data.

Limited Italian TPS introduced:

One month into operation of the Italian “Robinson” list for telemarketing, the file contains 185,000 phone numbers.

Irish data breach code falls at last hurdle:

Following a massive data breach in December of last year which saw half a million members of the Gaelic Athletic Association stolen, the Irish Government has failed to give backing to a data breach code.

Your chance to meet Opt-4 –

10 March 2011

Rosemary Smith will be chairing the re-launch of the DMA’s Data Seal certification at the Charlotte Street Hotel, London.

16 March 2011

Opt-4 will be joining Information Commissioner Chris Graham at the “DMA Data Protection Conference” to be held at the Wellcome Collection, London.

Online training DPA360 is here!

To celebrate European Data Protection Day today, Opt-4, is introducing DPA360 a thirty minute course that sets out in an engaging and practical way everything employees need to know about data security and implementing the eight principles of data protection.

Shaping the new data directive

Now that both the UK Government and the European Commission have consulted on the content of the new Data Protection Directive businesses can only stand by and wait nervously for the first draft due out later this year.

Confusion rules on Cookies

Good news at last for website owners. With implementation of the “Cookie” Directive due in May there is now serious doubt as to whether it will really mean that opt-in consent is required for cookie use.

Overseas news

Big fines in Italian privacy “swoop”:

The Italian Garante has been busy with a programme of compulsory Data Protection audits and has issued over 250 penalty proceedings.

Hong Kong Privacy law under review:

The current “Ordinance” which governs data use in Hong Kong is being reviewed.

New Data Law in the Philippines:

A major outsourcing region, the Philippines, has introduced a new bill on data protection which is expected to be implemented before March.

Your chance to meet Opt-4 –

22nd February 2011
Rosemary Smith will be running “Print and Privacy – Applying data protection rules in a print business”

24th February 2011
Opt-4 will be delivering the "Data Protection in Practice"

16 March 2011
Opt-4 will be joining Information Commissioner Chris Graham at the “DMA Data Protection Conference”

Change of use

Marketers are full of creative ideas and regularly think up new ways of using the personal data they control. At times this “re-purposing” of data pushes the boundaries of what might be obvious to the data subjects themselves and that’s where problems arise.

Magazine privacy promises block sale of reader data

This month, creditors of a defunct US magazine had reason to regret very strong privacy promises made to readers when the Federal Trade Commission banned sale of the magazine's circulation data.

Annual cost of compliance £53m?

The Ministry of Justice puts the annual cost of compliance with the DPA at £53m.
The figure - in an Impact Assessment accompanying the recent consultation on the Data Protection Act - is significantly lower than many would expect. By far the biggest cost is attributed to responding to Subject Access Requests (c£49.9m).

Changes in timeframe (again) for new Directive

Data protection watchers could be forgiven for wondering if the European Commission knows what it is doing when it comes to revising the current Directive.
As we reported last month, there was a flurry of activity in early summer with the promise of a first draft of the new Directive by end of 2010.

Overseas News

German telemarketers fined, Blackberry denies data access, Italy stop list imminent and French toast Cookies?

Your chance to meet Opt-4 - Autumn 2010

Events at The Institute of Direct Marketing, Blackbaud Europe Relationship Management Conference and the new mediaPro exhibition

“Re-permissioning” top DP concern for direct marketers

If Opt-4’s in-box is anything to go by, legal re-permissioning of legacy data is a major pre-occupation for marketers. Personal data which has been collected without suitable consent – or worse where the consumer’s choice hasn’t been adequately recorded – seems to be everywhere.

New ICO Online Code confirms opt-out for cookies

In defiance of the prevailing opinion amongst European Regulators, the new ICO Online Code of Practice permits the use of cookies and behavioural advertising under an opt-out rather than an opt-in.

Revision of Data Protection Directive on fast track

All of a sudden there is a real urgency to the revision of the European Data Protection Directive on which the UK’s next DP law will be based. With just a few days notice, the European Commission issued a questionnaire asking stakeholders for their views on everything from profiling, the “right to be forgotten” and compulsory breach notification.

Complaints to ICO up 30%

The latest ICO Annual Report shows that data protection complaints have soared by over 30%. 32,714 cases were closed in the year 2009/10. Queries about data use were also up and the Office dealt with over 200,000 calls, mostly from members of the public concerned about use of their data.

Overseas news

Queuing behind the Boucher-Stearns Bill (reported here in May) Congress now has the Best Practices Act which also seeks to enhance consumer protection (particularly online) and to allow consumers the right of legal redress for poor data practices.

Both the Ukraine and Mexico have recently passed new data protection legislation.

It is 10 years since the European Commission recognised the US “Safe Harbor” principles but criticism of the scheme is building.

Your chance to meet Opt-4 - Autumn 2010

23rd September - "Data Protection workshop for Digital and Direct Marketers" at The Institute of Direct Marketing in Teddington.

12th October - “Data protection in the digital space” at the annual Blackbaud Europe Relationship Management Conference.

ICO unveils corporate plan with more enforcement on the cards

The Information Commissioner’s Office has unveiled its three year Corporate Plan which shows a determination to use the new penalties it has been given.

Consumers savvy about data – research shows value of clear privacy policies and trust

Following last month’s Digital study, the first DMA/FastMAP Data Tracking study provides interesting insight into how consumers behave with their data and what makes them more likely to share their information when asked.

New Data Protection Baron has his work cut out as data breaches top 1,000

The minister responsible for data protection issues in the Ministry of Justice has been named as Lord McNally. His early focus will undoubtedly be on stemming the increasing flow of lost personal data from Government departments and agencies.

Ireland consults on compulsory breach notification

The “creep” of compulsory breach notification continues with the Irish Data Protection authority publishing a draft code of practice which would mean notification to the commissioner of any loss of over 100 personal records – providing that the data lost was not encrypted or password protected.

Overseas news

Is Safe Harbor safe? A group of German privacy officers has cast doubt on the efficacy of the US “Safe Harbor” solution for the export of personal data from the EU.

Opt-out is not sufficient consent for behavioural advertising. The Article 29 Data Protection Working Party has published an opinion clarifying how EU rules apply to online behavioural advertising.

Your chance to meet Opt-4 - June and July

Opt-4 will be attending the Data Marketing show at Olympia 29th and 30th June.

Jenny Moseley is running an interactive workshop at the NCVO Conference in London at their Regent’s Wharf conference facility.

What is the real risk of an ICO fine?

There is no doubt that a potential £500,000 fine concentrates the mind when it comes to data protection compliance but what kind of risk of receiving a Monetary Penalty Notice (MPN) are data controllers really running?

Facebook and Google under continued privacy pressure

Both Facebook and Google have had a busy time defending their privacy practices recently. As leaders in the online and social networking world they have been singled out by regulators who want them to ensure that their services always have “privacy by design” at heart.

DP Changes possible under Con-Lib coalition

The new Government has pledged to increase the Information Commissioner’s powers and roll back the public sector’s intrusive storage of sensitive personal data.

Research highlights opt-out concerns

The first Digital Tracking Study conducted by Fast.MAP for the DMA has identified some of the reasons why consumers opt-out of email communications.

Overseas news

There has been a great deal of negative response from the US direct marketing industry to a recently introduced draft privacy bill. The US DMA reports that Boucher-Stearns bill would require “covered entities” (all but the smallest commercial data users) to provide privacy notices and an opportunity to opt-out when personal data is collected.

Your chance to meet Opt-4 - July

Monday 12th July - Jenny Moseley is running an interactive workshop at the NCVO Conference in London at their Regent’s Wharf conference facility.

ICO warns politicos to behave in election campaign

Just weeks after serving an enforcement notice on the Labour Party after it breached the PECR regulations by making half a million illegal unsolicited automated marketing calls, Information Commissioner Chris Graham has warned political parties to stay in line in the run up to the election.

Orange red in the face after common email gaff

Falling prey to what must be the commonest data protection gaff of all, an employee of mobile phone operator Orange recently released the email addresses of 300 subscribers by forgetting to put them in the “bcc” field when sending out a customer survey.

Will the privacy dividend pay off?

In a report published by the ICO, companies are being encouraged to make the most of the “Privacy Dividend” which they can get from taking data protection seriously. As anyone tasked with compliance will know, getting senior management to focus on Data Protection - and provide the investment needed - can be an issue. Sadly, the report is short on the hard evidence needed to persuade a sceptical Board.

Controller and Processor definitions and new standard clauses

European data protection regulators have been deliberating on the definitions of a “data controller” and a “data processor” which are increasingly blurred in a world that encompasses cloud computing and significant outsourcing. The Article 29 Working party has produced a new opinion on the definitions and has also adopted a revised set of contractual clauses which allow EU data controllers to export personal data to processors in other countries.

Overseas news

There is disagreement between European States about the status of IP addresses under data protection law.

Are they, or are they not, personal data?


Your chance to meet Opt-4 - Summer 2010

Jenny Moseley will be delivering the "Data Protection workshop for Digital and Direct Marketers" at The Institute of Direct Marketing in Teddington.

Half a million new reasons to comply with the DPA

The Information Commissioner has finally been given the enforcement “teeth” he has lobbied for; the maximum fine for “serious” breaches of the Data Protection Act 1998 will be £500,000 from 6th April 2010.

Online advertising gets regulatory focus

In December, Opt-4 heard Chris Graham launch his consultation on a Code of Practice covering online. The code aims to set out clear rules for handling personal information properly and for giving individuals an appropriate level of choice and control.

Cookie law crumbles

If the recent amendment to the Telecoms Directive is implemented in the UK, consumers may have to give active consent to the use of cookies after June 2011.

Behavioural targeting not popular with regulators

Reading privacy reports from around the world, it’s hard to find any Government sources with a good word to say about behavioural targeting.

Overseas news

More countries chasing “adequacy” status - Israel and Andorra have joined the small group of countries which are deemed to have “adequate” data protection regimes meaning that European data can be readily exported there.

Opt-in, opt-out shake it all about - Odd things have happened in two European states with a reputation for tough data protection regimes.

New Commissioner to expose bad practice

Christopher Graham – who took over the Information Commissioner’s job in June – knows all about the value of brand and reputation. After all, in his previous job at the Advertising Standards Authority he had very little sanction apart from “naming and shaming” the advertising code breakers. Not surprising then that he plans to extend the impact of the Office’s enforcement activity by using the potential for reputational damage as one of his weapons.

List businesses at risk from new prison penalties?

Some list businesses could be at risk if the two year prison sentence for illegal trading in personal data becomes law in April 2010. The Government is consulting on whether custodial penalties for Section 55 offences – where personal data is illegally sold – are appropriate. Strong lobbying from the ICO suggests that custodial sentences will be imposed.

New research confirms the power of words to drive consent

Recently published research by DVL Smith backs up Opt-4 findings that companies are not focusing enough attention on opt-out rates.

FEDMA investigating European email landscape

FEDMA, the Federation of European Direct and Interactive Marketing, has launched the first Pan-European email marketing benchmark study and is offering respondents a free executive summary in return for participation.

Breach notification comes closer

Under the revised ePrivacy Directive which will shortly be adopted by the European Parliament it will be mandatory for some organisations to notify data protection authorities and individuals when personal data is compromised and there are likely to be adverse effects.

Adestra report shows increasing confidence about email compliance

The Adestra/econsultancy Email Marketing Census for 2009 shows that a large majority of email marketers and their agencies believe that they fully understand the legalities of email marketing.

Pressure increases online

As Facebook settles a $9.5m class action and shuts down its controversial Beacon marketing programme there are two consultations underway in the UK which may lead to further restrictions of online advertising and data collection.

Overseas news

Will South Africa finally score privacy goal?
After nearly nine years in gestation it looks likely that South Africa will have a data protection law by the time it hosts the football World Cup next year.

Fight against DNC own goal in Oz
The Australian Direct Marketing Association is fiercely opposing the extension of the Do Not Call Register to cover business-to-business telemarketing.

Beware Balls of Kryptonite!

For anyone who has ever been tempted to “cut and paste” someone else’s privacy policy illegally, beware a recent US Federal Trade Commission case against a company which revels in the name “Balls of Kryptonite”.

Your chance to meet Opt-4 - Autumn 2009

Opt-4 Autumn public speaking events.

Does privacy pay?

The ICO’s announcement that it has decided to produce a report on how to create a business case for investing in proactive privacy protection is music to Opt-4 ears.

Notification fees change on 1st October

As a result of an increase in the registration fees for the largest data controllers from 1 October 2009, the ICO hopes to raise in excess of £16m to deal with data protection issues.

ICO Annual Report shows telemarketing complaints still high

The latest figures from the UK Information Commissioner’s Office annual report reveal that 20% of the 25,000 complaints received last year were about telephone calls. That’s 15% more than the complaints about email.

Exceptions may save list industry in Germany

Since a new opt-in law was passed in Germany last month, commentators and in particular the German list industry have been attempting to de-code the legislation. Some are optimistic that exceptions written into the law – largely as a result of industry lobbying - will allow the continued trading of data for legitimate third party use.

More "Do not call" lists with big fines in Europe

Spain and the Netherlands are joining the European countries where legally enforceable “Do not call” lists will be mandatory for telemarketers.

BSI launches Data Protection Standard 10012 - June 2009

A new standard for Data Protection compliance has been issued by the British Standards Institution which provides an infrastructure for maintaining and improving compliance with the Data Protection Act 1998.

Are you re-permissioning? - June 2009

One of the most frequently asked questions that Opt-4 deals with is how to legally “re-permission” legacy data, which may have been collected previously, without breaching the Act.

We will be conducting research over the coming months into what works and what doesn’t and putting together anonymised results to provide a benchmark of the success rates you can expect for this kind of project.

Parting shots from retiring Information Commissioner - June 2009

Richard Thomas CBE, who retires as Information Commissioner this month, has used his last public appearances to fire a few parting shots at the establishment.

And finally.....new code of practice on privacy notices - June 2009

Literally in the eleventh hour of his tenure, Richard Thomas has launched a code of practice on privacy notices.

Connectivity hits mobile directory storm - June 2009

Despite clearance from the ICO, a media storm greeted the launch of Connectivity’s 118-800 mobile directory enquiry service this month.

Behavioural targeting row continues - May 2009

European privacy watchdogs are divided on the legality of the powerful targeting delivered by behavioural advertising and a row has broken out over a leading proponent, Phorm.

Rand Study admits that transfer rules need replacing - May 2009

A new report commissioned by the UK Information Commissioner has suggested that Europe’s international data transfer rules are unrealistic against a backdrop of high-volume, globalised data flows.

When is a breach not a breach? - May 2009

Europe has moved closer to the compulsory notification of all data breaches with a European Parliament vote.

Google Street View doesn’t breach DPA says ICO - May 2009

The Information Commissioner’s Office has rejected demands from privacy activists to close down Google Street View.

Junk Fax Abuse Halted - March 2009

The ICO has issued an Enforcement Notice after the Fax Preference Service received numerous complaints from individual and corporate subscribers, who received unsolicited marketing from The Debt Collectors Limited.

Opt-4 research shows publishers don’t recognise permission threat - May 2009

A recent Opt-4 survey amongst publishers shows continuing complacency about opt-outs and the impact they can have on revenue.

Cross selling for third parties in emails - March 2009

Email marketers often struggle with the law covering the hosting of email marketing content on behalf of related group companies. The advice from the ICO is pretty clear indicating that individuals have to be asked whether they consent to receiving unsolicited marketing.

European Laws Tighten - March 2009

There have been several important changes in European data protection legislation.

Annual Track research reveals increasing data cynicism - March 2009

The ICO publishes annual research into consumer views about personal data and this year’s results show a climate of increasing distrust for data controllers.

Does data protection give you the "PIP" - February 2009

To celebrate European Data Protection Day last month (don’t tell me you missed it!) the Information Commissioner's Office...

Coroners and Justice Bill to provide for tiered notification - February 2009

The Coroners and Justice Bill which amends the Data Protection Act 1998 is progressing through Parliament.

New man in the ICO hot seat - February 2009

Christopher Graham, currently the Director General of the Advertising Standards Authority has been announced by the Ministry of Justice as the probable successor to the current Information Commissioner.

Marketers [still] missing millions through high opt out rates - February 2009

Previous Opt-4 research identified the growth of opt-outs as a major problem for marketers.

On the case - January 2009

If you are a data protection commissioner, nirvana might be a place where data protection rules are the same everywhere in the world and the privacy of the individual is guaranteed.

On the case - December 2008

Where do we stand in terms of data protection compliance and the use of our database without permission?

On the case - November 2008

Tough Data Protection laws have always meant that Germany is not an easy place for direct marketers but things could be about to get a whole lot worse.

On the case - October 2008

Almost simultaneously on both sides of the Atlantic, changes have been made to the rules covering telemarketing

On the case - September 2008

The UK direct marketing industry is reeling from yet another sideswipe from privacy regulators.

On the case - August 2008

My business is registered in the UK but I am about to set up business in Australia and I’d like to know what pitfalls might exist once I start to send marketing communications, particularly by email?

On the case - July 2008

What happens when you find the privacy policy of an acquired company doesn't match yours?

Privacy tip: Revealing account information - May 2008
May 2008
How a student, a concerned mother and a professor are relevant to data protection practices.

More consumer caution about personal data - May 2008
May 2008
Eight out of ten consumers now take greater care in the way they look after their personal information.

CPR puts Spammers at risk of Jail - May 2008
May 2008
The law is changing around spamming.

ICO welcomes new fining powers - May 2008
May 2008
The Criminal Justice and Immigration Act has created tough new sanctions for the ICO.

Need for sensible response to data breaches - May 2008
May 2008
Data breaches are on the increase. But what should organisations do if a breach has occurred?

On the case - June 2008

When does a “special relationship” override privacy rules

On the case - May 2008

Europe plans revision of e-commerce rules but are they tough enough?

On the case - April 2008

I don't know where to start to find out if my company is at risk of a data breach and with all the news coverage of what is happening in other companies, I'm concerned. Can you point me in the right direction?

On the case - March 2008

Governments make laws but it is generally companies which bear the costs of implementing them. The cost to your company of complying with relevant privacy legislation will depend to some degree on where you are reading this column and whether you trade nationally or internationally.

On the case - February 2008

Email permission – what’s it worth?

On the case - January 2008

Is it time for data breaches to go public?

On the case - December 2007

Is Bluetooth broadcasting covered by data protection law?

Tougher powers sought by ICO - February 2008
February 2008
The ICO has issued a paper setting out the case for changes to be made to the Data Protection Act.

Data sharing review continues - February 2008
February 2008
The Data Sharing Review was set up at the end of last year by the Prime Minister and consultation runs until this month

PECR Fines for nuisance fax - but not enough - February 2008
February 2008
There has been a recent successful prosecution under the Privacy and Electronic Communications Regulations for sending unsolicited marketing faxes.

Big brands make undertakings after data losses - February 2008
February 2008
Skipton Building Society and Marks & Spencer have both felt the wrath of the ICO in recent weeks after losing personal data held on laptops stolen from staff and agents.

Your chance to meet Opt-4 - February 2008
February 2008
Opt-4 will be speaking at various events in the following months. These include.

On the case - November 2007
November 2007
Cheap data...is it legal?

Outsourced or out of contol?
October 2007
Rosemary Smith of permission marketing consultancy Opt-4 explores the data protection issues in outsourcing subscription / circulation management.

Marketing moves into the age of consent
October 2007
The grey areas regarding opt-in and opt-out consent that exist in the Data Protection Act are there to be exploited by unscrupulous firms. So a growing number of businesses are embracing permission-based marketing to create trust with their customers. But is it possible to be opt-in and increase the consenting customer base?

On the case - October 2007
October 2007
Exactly what is covered by the definition of 'personal data'?

On the case - September 2007
September 2007
Do data protection breaches really lead to brand damage?

On the case - August 2007
August 2007
I didn't think there were any national data protection laws in the United States covering consumers, so why are companies there getting such huge fines relating to data abuse?

On the case - July 2007
July 2007
London's Financial Times called it a retreat; industry pundits were less kind, referring to a 'cave in' by Google when it bowed to pressure from the Article 29 Working Party (for the second time in four months) to revise its policy on the length of time it keeps information derived from cookies.

On the case - June 2007
June 2007
'Do global privacy better'. That was the message from the UK Information Commissioner, Richard Thomas, when he delivered a keynote speech at the International Association of Privacy Professionals' Summit in Washington in March.

On the case - May 2007
May 2007
Who exactly are the 'Data Protection Tsars'?

On the case - April 2007
April 2007
My company publishes free newsletters and has always used the double opt-in procedure, especially since we send emails throughout Europe. We always thought this was best practice but that doesn’t seem to be the case in Germany. Can you help unravel this for us?

On the case - March 2007
March 2007
If Data Protection leglisation is introduced in the USA, what would it look like?

On the case - February 2007
February 2007
Who is responsible when marketing emails are sent to lists without permission?

On the case - January 2007
January 2007
What are the consent issues for telemarketing?

On the case - December 2006
December 2006
When do privacy rules cover business-to-business data?

On the case - November 2006
November 2006
Can indiviudals prevent use of their data when it is in the 'public domain'?

On the case - October 2006
October 2006
South Africa is a major outsourcing centre. What privacy rules do they have?

On the case - September 2006
September 2006
Is marketing to children permitted under data protection legislation?

On the case - August 2006
August 2006
Is spam filtering by ISPs a consumer benefit or an infringement of privacy?

On the case - July 2006
July 2006
Is it true that Eastern Europe has tougher privacy legislation than the rest of Europe?

On the case - June 2006
June 2006
How can I legally export data from within Europe?

On the case - May 2006
May 2006
What is the European Commission doing to improve implementation of the Data Protection Directive?

On the case - April 2006
April 2006
Our inbound customer service department may not be taking enough care on the phone to prevent disclosure of information to unauthorised persons. I want to write a set of procedures, can you give me some tips?

On the case - March 2006
March 2006
Do I need to appoint someone to look after privacy compliance?

On the case - February 2006
February 2006
How do the UK’s Data Protection enforcement record and penalties compare with other countries?

On the case - January 2006
January 2006
I am starting a new business in the UK where I will be collecting data for marketing purposes, by myself and potential affinity partners (some of whom are outside Europe), can you tell me the top 5 things I should be aware of in order to be compliant under data protection legislation?

On the case - December 2005
December 2005
How can I protect personal data when outsourcing my processing?

On the case - November 2005
November 2005
There seems to be conflicting advice on consumer telemarketing and the TPS. Can you help me to sort out the rules on what I have to do to telemarket to both cold and customer lists compliantly?

On the case - October 2005
October 2005
My company is looking to acquire another company with a large number of customers on their database. What do we have to do to make sure that we can legally contact the customers of the company after acquisition?

On the case - September 2005
September 2005
What are the rules regarding storage of credit card information within an ecommerce application?

Data Protection
17th March 2006
Jenny Moseley, Director of Opt-4 comments on the latest research for Catalogue & e-business magazine

On the case
April 3rd 2006
Data protection experts Rosemary Smith and Jenny Moseley answer your permission marketing questions.

Opt-4 wins PhysioRoom.com data advice business
December 8, 2005
Opt-4 has won the online data collection and permission marketing account for PhysioRoom.com.

 

Save 20% on your order 

Click below to download an order form for your copy of 'New Data Protection Liabilities & Risks for Direct Marketers' and you could save 20%.

http://www.opt-4.co.uk/DPL.pdf



FREE report for newsletter subscribers