we've moved!

As part of a whole iCompli refresh, we're adding more resources into our blogging. Without boring you with all the technical blah blah, we've scooted over to a new location. 'Compliancespeak' now resides here! Information on this blog will not be update, and remains as archive only. See you on the new Blog!

Perils of data protection

Dedicated to searching out the hidden costs of implementing a secure data solution, we bring you "snow storm in the office". Shredding manual files has been a good idea for a long time, and in many situations a very necessary part of Principle 7 compliance in the Data Protection Act. What the Regulatory Impact Assessment (RIA) does not bring out is the potential for hidden costs and frustrations. With the increasing demand for 'working from home options', it's important to understand how a 3 and 5 year old view your secure data destruction policy. To you, it's confidential information destroyed, to them it's a 'snow storm in the office'! [No children were harmed in the aftermath of this 'storm']

Duncan Smith joins CIM for House of Commons debate

iCompli founder and CIM Course Director Duncan Smith joins a hand-picked panel of marketing experts at the House of Commons to debate the motion that "Marketers have the prime responsibility for protecting consumer rights". The CIM, key sponsors of the industry leading Debating Group, proposed a motion that was guaranteed to provoke some empassioned and in-depth argument. Presided over by Liberal Democrat Peer Lord McNally, the motion FOR was put forward by Food Standards Agency Deputy Chair Julia Unwin and iCompli founder Duncan Smith. The motion was opposed by Jim Murray Director of the European Consumer Organisation (BEUC), and Renzo Marchini of Dechert’s law firm. Despite well-voiced opinion from ‘the floor’ that marketers must act more responsibly and recognise that their actions can have affect far beyond the boundaries of the organisations they work for, the motion for was resoundingly defeated. A surprising result, to an extent, yes. There was a palpable sense of ‘short-termism’ from the floor, fuelling the arguments that marketers should have more regard to corporate profitability than to the protection of consumer rights. This view only has merit so long as the consumer continues their (profitable) relationship with the supplier. Once consumer rights have, or have perceived to have been breached, then the relationship is likely to break down; a particular concern in commoditised markets with low switching inertia. Wherever the marketer can influence the consumer into a perception (real or otherwise) that their basic rights are being protected, then surely the evolving trust must greatly influence the profitability AND sustainability of the relationship.

First court victory for anti-spam legislation!

It's a small victory, but it could have enormous repercussions. Channel Islands businessman Nigel Roberts had enough of the unsolicited email marketing emanating from the Scottish company Media Logistics UK. Their contract car hire and fax broadcasting emails did not impress Mr Robert's at all. He claimed that Media Logistics UK were in breach of the Privacy & Electronic Communications Regulations 2003, and duly filed a claim through the 'small claim' process. Although acknowledging the claim, Media Logistics UK did not defend the claim and a judge subsequently ruled in favour of Mr Roberts, awarding him the full £270 plus a £30 filing fee. Roberts said ...

"This may be a tiny victory but perhaps now spammers will begin to realise that people don't have to put up with their e-mail inboxes being filled with unwanted junk."

So is £300 fine a CREDIBLE THREAT? Frankly no, many companies will see this as business risk they are prepared to take. But what if we begin to see some of the class action cases so prevalent in the US? The multipliers can be enormous when you consider the size of the membership databases belonging to Amazon, Ebay etc. Convince 1000 people to file a claim and the numbers look a lot more impressive. Is this likely to happen, no. Could it happen? Let's here from the lawyers!

Legal Management of Information Systems

A new book emerging out of Sweedish academia looks like being a promising read. We haven't read/reviewed it yet, but it's on order! Edited Cecilia Magnusson Sjöberg, it is a detailed compendium of articles that look at issues very close to our 'heart'.

basic notions of law and IT

automating the law

legal information retrieval

information management in the legal environment

information security and the law

To order the book, follow this link

Personal data 'in the balance'

The case of Mr Durant versus the FSA could be coming to a close! As reported in the Times today (13th October, 2005):

"Last night, lawyers for Mr Durant said no formal agreement between the parties had been reached and stressed: "Our client's position is reserved." The FSA confirmed that discussions were ongoing while officials' in the House of Lords' judicial office confirmed the appeal had not been formally withdrawn.
But lawyers said if a deal were reached and the appeal withdrawn, it might be years before another test case made its way to Britain's highest court. The current, narrow interpretation of personal data would continue to operate and employers would be under no obligation to hand over a significant volume of documents."

Even if the ruling were to stand, would it be reasonable for businesses to 'hide behind', what is likely to become, a mechanism for shirking responsibilities that would 'normally' be expected of a data controller?

Is 'Comment SPAM' illegal?

Below you will see an example of 'Comment Spam'; Annonymous seems to "like what we're doing" (really), and would like Compliance speak readers to have a look at their 'autocad' site. Mmmm. Lets simplify things by assuming that the poster (or instigator) resides in the UK. Unlikely I know. Would this be illegal? Has the poster breached the Privacy and Electronic Communications (EC Directive) Regulations 2003? Is this unsolicited 'electronic mail' for the purposes of direct marketing? I think so! Is it illegal? Probably not. Comments made to Compliance speak are in effect 'email', and compliance speak is operated by a corporate subscriber. The responsibility of the sender is therefore to identify themselves AND provide a vaild opt-out mechanism. A little bit of surfing demonstrates that they fulfil both of the obligations above; so legal! Now to see if they honour my request not to send unsolicited dm messages to compliance speak. Fat Chance!

Acceptable Use Policies; the 'gossamer safety net'

The threat of employment related litigation has led most companies to develop and promulgate Acceptable Use Policies (AUPs) as a first-line safety net. The problem with many of these AUPs is that they are gossamer thin, and often left to rot in the corner, unattended, unused and plunging towards obsolescence! These policies are there to protect the organisation (and the employee) and have a very specific risk-management purpose; a purpose that is frequently unfulfilled. The soft underbelly of many AUPs is the inconsistency with which they are applied and enforced. The root cause of this is, I contend, a failure to apply a technology led, business process model to policy management. In short; 'too many ring-binders and not enough intranet'. The paper policy chase is ineffectual, expensive and increasingly likely to incur the wrath of Regulators as requirements for corporate govenance continue to grow.

"It's not the name before the '@ sign' that's going to get in trouble; it's the name after it that will"

Michelle Drolet, president and CEO of ConQwest

60 Second Survey

Are the DMA doing the right thing? On the iCompli website this month we're running a '60 second survey'™ to gauge opinion on the proposed DMA Code of Practice changes. Why not add your 'two penneth' clicky clicky , it only takes 60 seconds, after all!

Silent Calls - where's it heading?

Do you operate power diallers in your call centre? Are you busy managing 'No Agent Available' (NAA) stats and the ratio of silent versus completed calls? If you are, then no doubt you are also struggling with the complex issue of compliance versus best practice versus profitability. In the UK, this particular potato is warming up nicely! BT have clearly spotted this as a major cause for concern and have invested heavily in promoting their new ‘BT Privacy’ package in an attempt to win ‘hearts and minds’ and customers of course! But what are the business drivers here; is it legislation, codes of practice, or ‘people power’? In an article recently published on the iCompli website and our free subscription newsletter, Duncan Smith examines the issues behind compliance and the Silent Call. Grab your copy here Silent calls 101 What’s a silent call? According to the Ofcom website “Silent calls are those calls where the called person hears silence on answering. A common cause of such calls is that the call has been terminated before the called person has had time to answer. These calls are often generated by automated calling systems (also referred to as power diallers or automated calling equipment) used by call centres” What’s the problem? People are complaining; to BT, to Ofcom to the DTI. They’re not happy about silence, and many feel threatened by the lack of person (or message) when they pick up the phone. According to Ofcom, BT is receiving over 160,000 silent call complaints, per MONTH! In a recent survey for the DMA (Brookmead Report) 12% of Telephone Preference Service (TPS) registrations were directly attributed to silent calls. Where is this all heading? An ever-diminishing pool of phone numbers that can legitimately receive unsolicited direct marketing calls, that’s where! Here’s a ‘fag-packet calculation’ to get you thinking.

• The number of residential phone lines at end of 2004 stood at 34 million
• The total number of phone lines registered on TPS by mid-2005 was 7.4 million, leaving an available pool of around 26.8 million.
• At the same time, new registrations on TPS stood at 73,000 per week on a rapidly rising trend.

In less than 7 years, there will be no one left to call.

Taking some ideas for a walk

I'd like to take a few ideas for a walk; a great expression, by the way, that I picked from a blog by the Privacy Commissioner for Alberta. I recently had a 'chat' with Jennifer Kirkby from Insight Exec whilst she was working on an article exploring some of the problems associated when call centre agents push the 'Big Red Privacy button', and refuse to give any information out, to anyone, even a close relative; your spouse for example. I'd like to take this idea for a walk The Data Protection Act 1998 is based on a series of common sense principles, often referred to as eight principles. Used with care AND imagination, principles one and two can empower an organisation to deliver excellent customer service. Principle one allows us to agree with our customers how their data will be used, allowing them to make the choice whether we share with their partner or not. A lack of understanding surrounding the principle of 'fair processing' often results in a poorer customer experience. Principle two, a.k.a. 'Don't stitch people up', is there to prevent companies from using data in a manner that hasn't been agreed (consented) to. This should be the safeguard which gives customers the 'comfort zone' they require when first building the relationship, and it should be the mechanism by which organisations are able to manage the use of customer data, to enhance the customer experience .... but it doesn't, does it? Why is this? Perhaps because one of the major barriers to moving from a blanket ban, where call centre agents (CSAs) refuse to deal with anyone except the account holder, to a more empowered workforce who can accommodate a more liberal sharing of data, is the limitation that technology and identification mechanisms place on companies. The consequences of inappropriate data sharing, both to the companies finances and their reputation, could easily outweigh any of the benefits gained from the 'shared customer experience. You have to get this right! Getting it right requires an investment in technology and training for both workforce and customers. It is important that identity authentication is carried out effectively. Fortunately this is now recognised as one of the most important (limiting) areas of 21st Century commerce and information systems and technology are emerging that can facilitate this level of authentication. Our assessment of the CRM marketplace, including the 'Big Systems', their on-demand services and the mid-market applications, reluctantbeen reluctent to embrace the requirements of Information Law & Privacy (or ILAP as we know it). The time is surely right to start looking at the CRM business processes, mapping these versus the requirements of ILAP, then identifying and integrating some of the best-in-class 'point solutions' that are now emerging in the authentication market. And if you want to know where to look for these 'point solutions', look to countries where identity (theft) management is a burning issue ie the United States. In the US, compliance with legislation like the Patriot Act, will drive a veritable 'feeding frenzy' in just the sort of technology that could unleash real opportunity in the CRM market place. Does the cost/benefit model stack up? I'm not convinced it does yet; but it will soon. The sheer size of the North American market will surely drive down the cost of appropriate technology. It's now up to the CRM vendors to apply a little imagination and see if there isn't a unique selling point staring them in the face :-) ps Jennifer's article is here

What's it all about?

In the absence or failure of self-regulation, governments have introduced ever-more legislation to force businesses to carry out their activities in a way which better protects ALL stakeholders, not just the business itself. For a business wanting to achieve or maintain compliance with this growing body of legislation, there are plenty of challenges along the way. This Blog is all about getting those challenges on your radar scope and equiping yourself with the knowledge to conquer those challenges. This could be via personal advancement, acquiring the skilss and knowledge yourself, or learning from others.