Payday loan firm QuickQuid has admitted it got hold of non-customer details from third parties, following last week's huge blunder when it emailed many consumers with incorrect demands for cash.
This hammers home our message to always beware of opting into receiving marketing messages from firms, as your data could be shared or sold on – though the correct action for anyone who received the email last week was to totally ignore it.
Many of those QuickQuid emailed had never used the high-cost lender and were baffled as to how it had got hold of their details (see the Ignore QuickQuid emails demanding non-existent debts MSE News story).
We are unsure how many people received the email as QuickQuid will not confirm any figures. But we suspect the numbers are large as scores of users contacted us on Twitter, via email and on our forum saying they'd received an email from QuickQuid, chasing them for a debt.
At the time, the payday loan company said the names and email addresses of non-customers would have been people who may have enquired about a loan product through the QuickQuid website or "other sources".
Now QuickQuid has confirmed these "other sources" were actually "affiliate third parties" and "licenced credit intermediaries".
How do firms share data?
It's not unusual for similar firms to share data amongst themselves, as long as they have your permission.
For example, sometimes when you visit a comparison website to get a quote for a product, you may be asked to either tick or un-tick a box to say you're happy to be contacted by that website, as well as its partners or other relevant firms.
In a statement, QuickQuid said: "In addition to QuickQuid's direct marketing channels, QuickQuid has established relationships with licensed credit intermediaries that assist in matching potential borrowers with potential lenders.
"Consumers will often visit these websites to compare lending products and prices, and have the choice to opt into receiving relevant product information from affiliated financial services companies.
"QuickQuid exercises due diligence on its partners to ensure they have a valid Consumer Credit Licence, make proper filings with the Information Commissioner's Office, and are obtaining the appropriate consent to obtain and transfer customer data."
QuickQuid added that since the email was issued on 11 July, it has been contacting every recipient telling them to disregard it and to apologise for any inconvenience caused.
What are the rules on sharing data?
According to the Information Commissioner's Office (ICO), which is the independent body responsible for data protection in the UK, the following rules apply to data sharing:
- Companies can only send marketing emails to customers, or to those who've given their consent to receive them.
- Companies can only share customer information with other parts of their organisation, or with firms offering similar products or services.
- Companies don't have to list which other firms they'll share your data with, but they have to give some kind of indication that they are relevant.
- To share your information without asking is against the Data Protection Act.
See our No Cold Callers guide for help preventing spam texts, calls and mail.
Can I complain?
If you think your data has been shared without your consent, first complain to the company involved.
If you get nowhere, take your complaint to the ICO. Unlike the Financial Ombudsman Service, there's no strict procedure on when you can refer your case after first having got in touch with the company involved.
But while the ICO can take enforcement action against a firm and fine it up to £500,000 for serious failings, it can't award individual compensation.
If the ICO upholds a case in your favour, you can however use this evidence to try to claim compensation from a firm in court.