As a headline it would surely grab the attention. From Tuesday 6^th April 2010 the Information Commissioner is now able to issue Monetary penalty notices up to £500,000 where companies persistently contravene the Data Protection Act.

Statements such as “I am trying to raise awareness not revenue” from Chris Graham, the Information Commissioner, suggest the probability of such a sanction for poorly maintaining an email programme is unlikely. This is backed up further by the guidance notes issued by the ICO.

However the change in the ICO’s power of sanction does provide a reminder to revisit the DPA principles and overlay them to your own data at a minimum. In fact it is a great opportunity to spring clean your programme, develop better targeting and improve the effectiveness of your activity.

The recent DMA National Client Email Survey reports that

• Only 30% have a newsletter based on purchase habits
• Only 43% have a contact strategy for the maximum amount of contact
• 55% don’t know if they segment , don’t segment or have only 2-3 segment.
• 77% are unable to track the value of an email

Even allowing for the fact that 62% of statistics are made up (source www.6sm.co.uk) this is more thought provoking given that respondents to this survey are likely to be more aware of email best practice.

Feedback from the recent DMA/IAB Ready Steady email workshop is that whilst the “Do – Review – Refine” approach is acknowledged,  operational constraints often stop this from happening. People are too busy doing, to do it!

So how can the ICO’s new powers help you ?

 a)      Why to do ?  The ICO’s new powers provide the opportunity / alarm call to review if and how well you comply with the Data Protection Act – Which manager would not want an update highlighting the risks and proposed mitigating actions?    

 b)      How to do ? The DPA provides eight principles of good information handling e.g. personal information must be

• 3. Adequate, relevant and not excessive
• 4. Accurate and where necessary kept up to date   
• 5. Not kept for longer than is necessary.

It does not provide definitions of what “relevant” or “kept longer than necessary” means but it does provide the questions your company should define and can highlight where you can be more effective.

For example

• Relevant -  Does your sign up form collect information that you are not sure how you are going to use ?
• Excessive -  Can you tell / control how often you email individuals ?
• Up to date -  Can you confirm / prove opt in initially and how do you define it ongoing ?
• How long is it kept for – Do you set a date for a different approach for non openers / purge them after x months, keep mailing them in the hope that they will open one day?         

Whilst the ICO’s new power of sanction headlines are moving data protection up the board agenda it provides a great opportunity to review and improve your email activity.