Data protection stopping you getting the full value from existing customer databases?

Marketing and profiling activity may be compromised or restricted by data protection law. Informed planning can open up those databases to new activities. Here are some examples...

Case study – the B2B promoter

Business users of an on-line service had been reassured that their personal data would not be used for marketing purposes without their consent. Subsequently the service provider wanted to send its own and third party marketing material to users by email. Although the environment was business to business, as sole traders and partnerships are "individual subscribers" within the meaning of the Privacy and Electronic Communications (EC Directive) Regulations 2003, some business customers have the benefit of the anti-spam regulations which means that an opt-in is required to market to them by email or text message.

The business to business environment presents a lower data protection risk than dealing with consumers. Our business persona is more public than in our personal lives and we are more tolerant of marketing activity and less likely to complain. The anti-spam regulations are designed to provide protection for domestic users but the definition of an "individual subscriber" as the protected party in the regulations means that many small businesses are offered the protection of the regulations because the telephone line subscriber will be an individual, not a company.

The solution we suggested was to amend the terms of the log-in to the on-line subscription service. As well as altering the terms on which the service was available to include marketing purposes, it also forewarned users that their personal data would be used for marketing third party goods and services unless they opted-out of the service completely.

The administrator

A company providing administration services to trustees involving the maintenance a large database of consumer beneficiaries wanted to grant access to the consumer database to its sister company to market financial advice.

Unfortunately, the administrator and its sister company did not have the consent of those individuals to use their personal information for marketing financial advisory services. Allowing access to their records would also constitute an unauthorised disclosure of personal data under the Data Protection Act 1998.
We suggested that the administrator, the marketer and various pension scheme trustees enter into a tripartite agreement for the provision of services to the trustees and pension scheme members. As a party to the contract, there was no effective disclosure of personal data between the administrator and the marketer. Appropriate wording in letters and brochures from the trustees ensured that individual data subjects were aware of the changes and so prepared to receive marketing material from the financial adviser.

The employer

A large employer wanted to allow third parties access to its extensive employee database for marketing purposes. However it did not have the required consent to marketing activity ("opt-in" is the required standard for marketing third party products and services to employees).
We suggested an enhancement to the in-house intranet to allow routine employee administration to be undertaken on-line, for example booking holidays and arranging company medical examinations. Then third parties were allowed to place advertisements and banners on the intranet site. Employees were free to choose which third party offers, if any, they investigated. This meant that personal information was not being processed for marketing purposes.