UK cracks down on claims industry SMS spam

Text-message spam is coming under close scrutiny from the U.K.'s data protection authority, which is trying to blunt an increasing wave of insurance industry and accident compensation-related spam.

The Information Commissioner's Office said on Thursday it has conducted one raid and plans more raids targeting operations that collect sales leads by illegally sending unsolicited text messages.

The messages are often sent from SIM banks, or a hardware devices in which dozens of SIM cards can be inserted and used with automated software to dial hundreds of phones, according to an ICO spokesman.

The SIM cards are frequently changed so if a number is reported as being spam-related, it won't be used for very long. The messages frequently instruct a user to text back "stop" to receive no further messages. But that action merely confirms it is a valid number.

For compensation-related spam messages, a user is instructed to text back "claim" if they are considering legal action related to an accident. But that plays right in the hands of the spammers.

"Even more so, if someone texts back 'claim,' they not only know that it's a live number but potentially someone is ready to take legal action in relation to an accident," the spokesman said.

The data collected is sold by the spammers to insurance agencies, lawyers and others with an interest in purchasing sales leads. Those purchasers are supposed to ensure the information was collected legitimately, but have little legal liability unless they make no attempt to check how it was collected, the spokesman said. The ICO has been meeting with lead-generation and claims management companies to ask how they obtain data.

In May, the ICO gained the power to fine organizations up to £500,000 (US$788,000) for breaching the Privacy and Electronic Communications Regulations 2003, which lays out rules for marketing text messages. The ICO has not issued a fine yet.

The regulations mandate that marketing messages are legal if the sender obtained the phone number through a sale, the products are related to the sender and that the receiver had an option to opt out. Senders also must provide a simple way to opt out of future messages.

According to a survey of 1,014 people by the ICO, 681 said they had received a text that had caused them "concern." More than 200 said they were troubled by text spam and wondered how their details were obtained.

Operators have spam-reporting services. For Orange, O2, T-Mobile and Three, a spam message can be sent to the number 7726. Vodafone's spam forwarding code is 87726.

Earlier this year the ICO also gained the power to ask operators and for any information connected with a specific phone number, the spokesman said. The operators had previously said there was no legal reason to turn over personal data.

Most of the SIMs used for spam are prepaid, which does not require the buyer to give personal information. But the one raid conducted by the ICO was the result of a registered SIM card, the spokesman said.

The ICO will release more information on its investigation when it is complete, the spokesman said.

Send news tips and comments to jeremy_kirk@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark