The ICO (the Information Commissioner’s Office) polices data protection and, with our, hopefully massive, email marketing lists, you’d think we should be wary of them but it’s just the reverse. We should look upon them as a valuable asset.
It is almost as if the ICO doesn’t want a lot of bother. It’s the easy life for them, and if they don’t have to indulge in expensive litigation, the happier they will be. Their intent seems to be to make it easier for us not to fall foul of the regulations.
Take the Data Protection Impact Assessment (DPIA). They describe it as a process to help us identify and minimise the data protection risks of a project. The process consists of a series of checks, tick boxes if you like. The first step is to identify if your next project is likely to result in a high risk to individuals.
You will want to protect the integrity of your email marketing lists, but there’s always a risk attached to any processing. Our job is to minimise that risk, not only from a legal point of view, but a moral and practical one as well. We’ve been entrusted with personal data. We should look after it.
You might wonder what constitutes a high risk. To your aid comes the ICO, which provides a checklist. If there is a high risk, then there are processes which you must follow. If these do not lower the risk to an acceptable level, the ICO must be advised. It does not end there though.
Your particular project, perhaps a vital email marketing campaign that is integrated with other forms of advertising, might fall on the right side of risky. However, it might be useful and reassuring to run your project through the whole DPIA process. It might well indicate ways in which you can improve your security processes.
It could also be a useful defence if the worse comes to the worst and the ICO becomes interested.
The ICO website has much to offer anyone trusted with personal data in email marketing lists. Bother them and they probably won’t bother you later.