Irish Data Protection Regulations combat misuse of email addresses in particular for marketing use - opt-ins essential
Bookassist deals with hundreds of bookings daily where online customers must enter details to complete a booking. Following best PCI DSS standards, data protection is paramount to Bookassist operations.
But additionally to help hotels police their own data, the booking engine requires an opt-in for customers who are giving their personal details, where the customer must specifically consent to their information being used. Bookassist reports this choice to the hotel so that the hotel is fully aware of what they can and cannot do with the customer's contact details in the future.
To highlight the importance of this to all industries who handle personal data, the Data Protection Commissioner recently issued a press release on foot of new legislation introduced in December which significantly increases penalties for misuse of personal data. The full press release is reproduced below.
22 December, 2008
Data Protection Commissioner welcomes new Regulations on unsolicited communications
The Data Protection Commissioner, Billy Hawkes, today welcomed the introduction of new Regulations by the Minister for Communications, Energy and Natural Resources, Mr. Eamon Ryan T.D., to deal with unsolicited communications in the area of electronic communications networks and services. Statutory Instrument No. 526 of 2008 which has now come into effect amends Statutory Instrument No. 535 of 2003 which has been in force since November 2003. Amongst the changes in the new Statutory Instrument are:
An increase from €3,000 to €5,000 in the penalty for a summary offence in respect of a contravention of the regulation relating to unsolicited communications.
The creation of an indictable offence for a contravention of the regulation relating to unsolicited communications. Where the person tried is a body corporate the fine imposed may not exceed €250,000 or, if 10% of the turnover of the person is greater than that amount, an amount equal to that percentage. Where the person tried is a natural person, the fine imposed may not exceed €50,000.
Provision for the prosecution of an officer of a body corporate for an offence under the regulations whether or not the body corporate itself has been proceeded against or been convicted of the offence committed by the body.
In relation to offences concerning the contravention of the regulation relating to unsolicited communications if, in court proceedings concerning such offences, the question of whether or not a subscriber consented to receiving an unsolicited communication is in issue, the onus of establishing that the subscriber consented will lie on the defendant.
Speaking today, Billy Hawkes said: “The signing of these Regulations by the Minister is an important and significant step in the fight against unsolicited communications for marketing purposes. I welcome the increase in penalties which have come into effect I am confident that the strengthening of the law in this area will help me in my task to enforce the regulations concerning unsolicited communications. I want to take this opportunity to remind persons engaged in direct marketing activities that my Office continues to pay close attention to the whole area of unsolicited communications by telephone, fax, email and text message. The new regulations, together with the serving of a considerable volume of summonses by my Office in the past fifteen months, serve to send a strong message to all involved in direct marketing about the necessity of compliance with the law.”
Concluding, the Commissioner said: “I want, in particular, to send a message to all involved in business to familiarise themselves with the law which applies to unsolicited communications for direct marketing purposes. Increasingly, in this period of economic downturn, my Office is receiving complaints about businesses making unsolicited contact with their past customers for marketing purposes. In many cases, such contact is unlawful and, if carried out by telephone, text message or email it may be a criminal offence. Ignorance of the law is not an acceptable excuse for non-compliance and I will have no hesitation in applying the full force of the new regulations to offenders.”
Labels: data protection