I have long thought that perhaps the most valuable commodity in the world is information. In the twenty first century, pieces of data, placed in the correct context and disseminated to the right user for whom they have a particular value, despite having no material weight or tangible presence, can be transmuted into money with an ease that the seekers of the philosophers’ stone could only dream about.
In the legal field, one particular example of this phenomenon, is the trade in personal data of those who have a valuable cause of action at law to those who are able to monetise that cause of action into a settlement of damages and costs.
Anodyne contact details consisting of names, addresses, emails and above all telephone numbers, which identify someone who potentially has a valuable cause of action are a valuable commodity.
Yet this trade is not unfettered by regulation. The individuals concerned have an interest in their data, and an interest in maintaining their privacy. Often both those interests may be infringed, by the sale or transmission without their consent of their data and a consequent intrusion into their privacy by incessant telephone calls or texts, by claims management companies seeking to secure business.
It is therefore of interest to note with claims management regulation passing from the Ministry of Justice to the Financial Conduct Authority on 1st April 2019, what its likely approach will be to the acquisition, handling and use of personal data by claims management companies.
This month saw the publication of a consultation paper on how the new regime may work:
Cold calling and nuisance texts are noted as a particular problem and amongst the measures which are proposed is a requirement for CMCs to retain recordings of telephone calls and copies of messages for a defined period of time:
4.10 In line with the Brady Review’s recommendation, we propose to require CMCs to record all calls and electronic communications such as text messages and e-mails with all their customers and potential customers. We propose that CMCs will need to keep call recordings for a minimum of 12 months after the latest of:
- the CMC’s final contact with the customer
- the conclusion of the contract with the customer
- the settlement of the claim
- the decision by the customer to no longer pursue the claim or the withdrawal of the claim by the customer
- any related ongoing legal proceedings have finished
- the conclusion of the handling of any complaint made by the customer to or about the CMC
4.11 A recording of a sales call to a customer which does not result in any further contact will therefore need to be kept for 12 months.
4.12 CMCs carry out a large amount of business by telephone; so this is where much of the harm in the market happens. For example, harms resulting from misleading or aggressive sales or marketing techniques, and cold calling. So we consider it appropriate to require CMCs to record all customer calls about the claim, from advising a customer about the claim to conversations giving information and updates. It would also apply whether the CMC or the customer makes the call.
4.13 Among other benefits, this will help us to identify if a CMC is not complying with the prohibition on cold calling without consent. Having this information means we will be able to work with the relevant authorities to identify and act on poor practices.
4.14 CMCs would not have to record communications with third parties (eg financial services providers) under these new requirements.
That in a sense will be one of the least onerous of the requirements, because the FCA have also indicated that they wish to see a step change in due diligence regarding the acquisition of leads:
4.8 We propose that CMCs should undertake due diligence on any lead generator from whom they accept leads. For example, the CMC should check that the lead generator is authorised (or is entitled not to be authorised) and has processes in place to ensure leads are obtained in line with relevant data protection legislation and privacy and electronic communications legislation which includes the government cold calling ban. We propose that CMCs must not use a lead generator if the CMC is not satisfied about the systems and processes in place for that lead generator. CMCs will also need to keep a record of the source of any leads.
4.9 CMCs that get leads from third parties based overseas must also ensure that the third parties have followed the relevant requirements. Generally, leads from third parties based in the UK or outside the EEA must have been acquired in line with UK requirements. Leads from third parties within the EEA (except the UK) need to be acquired in line with the requirements set down by that EEA state.
One of the ironic consequences of a tougher approach to regulation, is that the CMCs themselves, may find that they become targets for data breach litigation, in the post GDPR world, which might form a useful supplement to enforcement action by the regulators, and bring an end to the practice of annoying telephone calls from Manchester, asking quizzically about “that no fault accident you’ve had, in the last 3 years?”