Data Review casts doubt on mass marketing and effective targetingby
Recommendations from the new Data Sharing Review could have major implications for not only junk mailers and mass marketing campaigns, but also efficient targeting.
By Stuart Lauchlan, news and analysis editor
The Government needs to strengthen data sharing rules, according to a new report by the information commissioner and the director of the Wellcome Trust, which could spell trouble for the junk mail industry.
The Data Sharing Review said there is a “lack of transparency and accountability” in how many businesses dealt with personal information, and confusion remains around the Data Protection Act. Legislation is “deeply confusing”, the report said. The review calls for new laws to strengthen and simplify data sharing guidance for front line staff; a clear code of practice on how data is handled; more transparency in data handling; tougher and further reaching powers for the Information Commissioner's Office to enforce rules; more leadership and accountability on data protection; and greater protection of information online and, in particular, in the electoral register.
"The case for change is overwhelming. The law and its framework lack clarity,” said Dr Mark Walport, director of the medical research charity the Wellcome Trust. "The technology enabling the collection and sharing of large amounts of personal data continues to advance. But public confidence in how personal information is safeguarded is evaporating. Our package of recommendations is aimed at transforming the way personal information is collected, managed, used and shared."
Richard Thomas, information commissioner
Information commissioner Richard Thomas questioned whether personal details should be sold to car clamping companies and asked why councils automatically sent out bus passes to people over 60 when it can cause offence. "The risks in the information age are also very real, particularly if organisations are cavalier about sharing,” he added "The regulatory system governing data sharing needs to have much more bite - and reform is now long overdue. There is undoubtedly a lot of confusion and uncertainty, particularly about the law. People can sometimes hide behind the law and there is a significant lack of public trust in data-sharing. If there is to be sharing it's got to be absolutely crystal clear who is responsible for getting it right.
"There's a significant lack of public trust in data handling in general, and data sharing in particular," he added. "There's got to be clear governance and accountability. Who is responsible for getting it right? If the top managers are assuming techie people are [responsible], that wouldn't be right; if the techies assume HR are doing it, that wouldn't be right."
The recommendations would have serious implications for companies dealing in mass marketing campaigns and junk mail. Local authorities make hundreds of thousands of pounds a year from selling on details from an edited form of the electoral register, which contains information on six out of ten voters who allow their details to be included. The information is then used by market research companies and direct marketing organisations to send out millions of junk mail offers as well as making it easier to make unsolicited phone calls. Typically companies pay £20 plus £1.50 for each 1,000 entries, according to a fee scale set out in the Representation of the People Regulations 2001.
The Data Sharing Review concludes: "We feel that selling the edited register is an unsatisfactory way for local authorities to treat personal information. It sends a particularly poor message to the public that personal information collected for something as vital as participation in the democratic process can be sold to anyone for any purpose. The sale of the electoral register deters some people from registering at all. We therefore recommend that the government removes the provision allowing the sale of the edited electoral register. The edited register would therefore no longer serve any purpose and so should be abolished."
Alarm bells ringing
A spokesman for the Electoral Commission, which regulates elections, said: "Our view is that, as a matter of principle, electoral registers should be compiled exclusively for electoral and other limited statutory purposes and that they should not be made available for sale for commercial purposes."
But inevitably alarm bells began ringing in marketing circles. The Direct Marketing Association said the changes would only produce barriers to efficient targeting. It argued that people have the choice to opt in or out of the register and insisted that there is "no evidence" that the language used on forms linked to the resource were confusing – one of the claims made by the Data Review.
Caroline Roberts, director of public and legal affairs, Direct Marketing Association
"Everyone agrees that direct mail should be correctly targeted and access to the edited electoral register is an efficient way of verifying data to do just that,” said Caroline Roberts, director of public and legal affairs at the Direct Marketing Association. "Marketers use data from many different sources to help with accurate targeting and the edited register is an additional layer to ensure data accuracy. Removing access to the edited register for data cleaning purposes will make it harder for marketers to target accurately and effectively."
But it's not just private sector junk mail firms that came under fire. So did the Government itself, which is accused of concentrating on the benefits of increased data sharing at the expense of focusing on the dangers. "The tenor of the Government's argument has focused closely on the benefits of data sharing, paying perhaps too little attention to the potential hazards associated with ambitious programmes of data sharing," stated the report.
"The Government has consistently laid itself open to the criticism that it considers 'data sharing' in itself an unconditional good, and that it will go to considerable lengths to encourage data-sharing programmes, while paying insufficient heed to the corresponding risks or to people's legitimate concerns."
The report also called for the information commissioner to be given tougher powers similar to the Financial Services Authority, with the power to impose fines on organisations for "reckless" data breaches. It also wants to see the sole information commissioner replaced by an executive board of commissioners, with greater powers and funding. "A large majority of contributors to the review expressed the consistent and strongly held view that the information commissioner and his office have neither adequate powers nor sufficient resources to promote or enforce proper information-management practices," stated the report.
The report made uncomfortable reading in Whitehall, still rocked by data security scandals. "[The Government] is already working on possible amendments to the powers available to the information commissioner and the funding arrangements for his office to support the exercise of any new powers,” said a spokesman for the Ministry of Justice. “We will assess the other recommendations in the report in further detail and issue a more detailed statement once we have had time to fully consider the implications and costs of bringing about such changes.”
In the meantime, there is also a need for individual citizens to get tough on who gets access to what personal information. Walport called on people to start questioning why they were being asked for personal information. "When you check into a hotel they don't need to know your name and address, they just need to know that the bill will be paid,” he said. “People should ask questions."