Beware the unsolicited email.

UK ICO fines a pensions company £40,000 for sending nearly two million direct marketing emails without consent.

Points to note:

  • You can’t generally send marketing emails without receiving the consent of the recipient.
  • Even if you use a third party mailer, it is your responsibility to ensure consent has been duly received.
  • Indirect consent, i.e. where an individual tells one company that they will consent to receive emails from another company, will not suffice for texts, emails or automated calls unless it is clear and specific enough.
  • Consent will not be valid if individuals are asked to consent to receive marketing from “similar organizations,” “partners” or “selected third parties” or similar generic descriptions. A long list of categories or organizations will not suffice.
  • The company should have ensured it was specifically named in the websites where the individuals’ consent was acquired.
  • The penalty was limited because the company consulted extensively with a recognized data protection consultant, though such advice was misleading.

Details from the ICO.