The Claims Management Regulator at the Ministry of Justice (MoJ) has not only imposed a fine of £4,000 on a London-based claims management company but has also compelled the company to comply with a series of onerous requirements regarding its use of data.
The company was found to have breached the following areas of the MoJ’s Conduct of Authorised Persons Rules:
- General Rule 2d – the need to maintain appropriate records and audit trails
- General Rule 2e – the requirement to ensure that that any referrals, leads or data are obtained in accordance with the requirements of the MoJ’s rules and relevant legislation
As a result of its failure to comply, the requirements imposed on the company include:
- Before purchasing any data from third parties, the company must require these third parties to complete due diligence forms. The authorised CMC must then obtain evidence to support the answers these third parties provide, which includes checking that all data has been screened against the Telephone Preference Service (TPS) register no more than 28 days prior to purchase; and that the opt-ins being used are freely given, specific and informed, and meet the other requirements of the Data Protection Act 1998
- The company must corroborate the information provided by the third parties regarding TPS screening and opt-ins
- When each set of data is purchased, or a new relationship with a third party commences, the company must obtain a proportionate sample of data, which must contain: the full name of the client; the telephone number and/or email address of the client; the date, time and wording of the client’s opt-in; evidence that the client has agreed to the opt-in; and confirmation of the provenance of the data, including the original consent provided by the client and a record of the data journey
- The company must then check the sample data and contact clients from the sample. Recordings of these telephone calls must be retained. In the event that any client expresses dissatisfaction, then details of their grievances must be maintained and disclosed to the data supplier. The CMC must then cease purchasing data from the relevant supplier until they have provided evidence that the issues raised by the client have been rectified
The company’s name suggests that car hire is its main line of business, although it is authorised by the MoJ to provide personal injury claims services.
The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article.