Thought for day: Spot e-marketing pitfalls

IT directors should take heed of EU anti-spam ruling, says Gillian Cameron

New Asset  

IT directors should take heed of EU anti-spam ruling, says Gillian Cameron






With spam making up an estimated two-thirds of all e-mail traffic, it was inevitable that the European Union should intercede with a directive imposing tough new regulations covering all electronic direct marketing.

The Privacy and Electronic Communications (EC Directive) Regulations, which came into force in the UK at the end of 2003, impose strict restrictions on who may be contacted, for what purpose and in what way. Any IT professional involved in web design or e-mail/SMS marketing must be aware of these rules.

Previously, organisations could send unsolicited communications, both hard copy and electronically, provided the recipients had not opted out of receiving these. The regulations have reversed this position for e-mail, SMS and fax communications, so recipients now have to opt in.

An accurate and up-to-date marketing database not only ensures that mailings reach willing targets but also complies with data protection legislation. Opt-out flags, incorporated within the marketing database, can assist this process. These should include global opt-outs from individuals registered with the Direct Marketing Association preference lists, which now have the backing of the law.

The use of cookies on websites is also prohibited under the regulations, except where clear information is provided on how and why these are being incorporated, and the opportunity given to refuse these prior to personal data being collected or processed.

Any company using cookies on its site must include this information in a privacy policy or in the site's terms of use. At points where personal data is being collected from users, it is important to direct them to this policy. Systems also need to be put in place to enable data to be deleted or depersonalised as required.

An increasing number of businesses are also likely to be affected by the location data element of the regulations. The rules state that where services rely on data about an individual's location at any time, it should be held anonymously.

The only exception is where this data adds value to services. In such cases, consent must be obtained, together with full information about the purpose and duration of processing. There are similar rules in the regulations about processing e-mail/SMS traffic data.

Despite potentially hefty fines, the full force of the regulations has yet to be felt by businesses. But any IT professionals responsible for marketing campaigns and website design must take all necessary precautions if they are to avoid becoming a test case.

Gillian Cameron is a partner specialising in IP and technology at law firm Maclay Murray & Spens

Read more on IT risk management