Privacy and Electronic Communication Regulations
|This legal obligation is deply integrated with the Data Protection Act with some shared definitions. Regulations apply where marketing material is directed to a named person - an email. Marketing material includes everything that is not a transactional message such as an invoice that is mandated part of a business interaction. If you are not sure, then it includes marketing, promotional, reference, appeal, rally etc..|
|1. Where the communication is a normal part of a current business transaction or interaction.|
2. Where the communication is to a company such as "firstname.lastname@example.org" rather than to a named person.
|The UK Information Commissioners Office (ICO) must be notified within 24 hours of any data security breach. A log of all breaches must be kept and all (impacted) customers must be notified. A security breach is where data involving living people is lost, altered or disclosed. This includes the loss of a computer, tablet or phone containing such CRM data.|
|CRM data must never be stored on any desktop, laptop, tablet or phone. Where a computer holding CRM data is stolen, the ICO may fine the company that permitted CRM data to be stolen. Fines of up to 5% of worldwide revenue have been recommended.|
Nationwide was fined £1.5 million after a thief broke into an Executives home and stole a laptop containing CRM data. A sole trader was fined £5000 after a thief stole a laptop from the passenger seat of his car when stopped at traffic lights.
ACRM ensures that CRM data never needs to be stored on a local computer that may be stolen or lost.
|Before a named person can be sent any marketing material such as a quotation, the named person must opt-in to recieve such marketing information. A person may opt-in to recieve some kinds of material but not others - evidence must be recorded as to what, how and when the person opted-in. Where a person has opt-in to recieve a specific product price that does not mean they have opted in to recieve other product price messages. It is hard to imagine that a person could consent to third parties providing marketing material.|
ACRM is designed to ensure that every message to a customer contact is fully compliant with PECR with regard to opt-in evidence.
|Every communication with a named person must include the ability for that person to easily opt-out of recieving any similar material. Once a person has opted-out, they must not be sent any marketing material until after they have formally opted-in again. Any marketing message to a customer contact without an easy opt-out button may be illegal.|
ACRM is designed to ensure that every message to a customer contact is fully compliant with PECR with an opt-out button.
|A key factor for PECR compliance is to ensure that when challenged, evidence can be provided to clearly demonstrate that the named person opted-in before any marketing material was sent to them. An implied opt-in by telephone may not be adequate evidence to a court. Pretending that sending a greeting card is not marketing material is not likely to work.|
ACRM has built in procedures and methods of working that ensure that the company fully comply with the law - protection from people who like to claim damages. Every communication with a customer contact is recorded, every opt-in is recorded, every opt-out is recorded and the contacts prefered contact method is always up to date - it may say NONE.