eircom gives €35k to charity after Data Protection Commissioner investigation

NO court cases. Another slap on the wrist. We won’t do it again. Again. Again. eircom keep having these database errors that mean they accidently ring ex-customers when they shouldn’t. They kept promising ComReg it would not happen again. Yet it does. See my views of the DPC from last year.

Case Study 9: Marketing Calls by Eircom – remedial action – amicable resolution.

During the first half of 2007 I received a large number of complaints from members of the public who had received marketing telephone calls from a telecommunications company, Eircom. Many of the complaints came from people who were ex-customers of Eircom and the marketing calls from the company were made in an effort to win back their business. Some of these complainants informed Eircom that they did not wish to receive further marketing calls but the company continued to call them. Others had their phone numbers listed on the National Directory Database (NDD) opt-out register but continued to receive marketing calls from Eircom.

Regulation 13 (4) of Statutory Instrument 535 of 2003 prohibits the making of an unsolicited telephone call for marketing purposes to the line of a subscriber where the subscriber has notified the person or company making the marketing call that he/she does not consent to the receipt of such a call on his/her telephone line or where the subscriber has had his/ her telephone number recorded in the NDD opt-out register. It is an offence to make a marketing call which breaches this Regulation.
My Office investigated the complaints and engaged at length with Eircom on the matter. This involved meetings with the company as well as several exchanges of correspondence which eventually led to the following favourable and positive outcome from my perspective:

• • • Eircom assured me that it is fully committed to ensuring compliance with data protection legislation within the organisation. It expressed concern about the complaints received by my Office and it assured me that it takes all such complaints very seriously. Eircom introduced a number of measures to Eircom conveyed its sincere apologies to the • complainants to my Office for any inconvenience caused to them and it entered the complainants’ contact details on its suppression list to prohibit further marketing calls from the company to those individuals. In order to demonstrate its commitment to•

• • • reduce the risk of any reoccurrence of such complaints. These measures involved the completion of a full internal review of the processes which are followed by all customer-facing channels when recording requests to opt-out of direct marketing by Eircom and its related companies. Where any points of weakness within these processes were identified, the process was revised to ensure that it was both robust and compliant with data protection legislation. Eircom briefed all relevant staff on the issues which gave rise to complaints and on the new processes which were put in place. The new processes also became an integral part of the training material for new staff. Eircom established a centralised and dedicated ‘suppression’ unit with responsibility for processing “do not call” requests received by post, email or fax. A statement was placed on Eircom’s Intranet homepage emphasising the importance of ensuring compliance with data protection rules. The statement also explains the process which must be followed to implement a suppression request (i.e. an individual’s stated preference not to be called by the company for marketing purposes) and it provides details of the new centralised ‘suppression’ unit. the protection of individuals’ data protection rights and its regret for the issues which gave rise to complaints to my Office, Eircom made a donation of €35,000 to a reputable Irish charity. Finally, following agreement with my Office •

on the content, Eircom published a statement on its website regarding the protection of customer information. In the statement, among other things, Eircom acknowledged that it had communicated with individuals whose preference to decline marketing contact was not recorded due to a problem with its systems and processes and it expressed regret that these people were contacted when they did not want to be. It also stated that it had identified areas for improvement and had implemented those improvements. Overall, I am very pleased with the investigation of these complaints and the steps taken by Eircom in response to my Office’s intervention. The complainants concerned had good reason to complain to my Office about unsolicited marketing telephone calls which have become, in recent years, an all-too-frequent intrusion into the personal lives of individuals in their homes. Eircom identified the failings in its marketing processes and it did what a responsible data controller should do in similar circumstances -it took effective remedial action. In addition, it responded positively to my Office’s efforts to amicably resolve the complaints

-the Data Protection Acts make provision for the amicable resolution of complaints in the first instance between the parties concerned – by apologising to the complainants and by making a substantial donation to charity. Furthermore, I am happy to report that since Eircom took the remedial steps outlined above I have received no further complaints of substance regarding its marketing activities.

FAIL
Me = Harry Potter?
Photo owned by smurfster1 (cc)

image001
Photo owned by Simon Davison (cc)

Comments are closed.