Information regarding caller ID, law, statistics

Greg Smith made this Freedom of Information request to Information Commissioner's Office

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

The request was partially successful.

Dear Information Commissioner's Office,

1: Who is responsible for monitoring and preventing the use of non-genuine or spoof phone numbers (via Calling Line Identification) in the UK?

2: What is the current law regarding the use of non-genuine calling line ID, for live calls, recorded messages and SMS, to both landline and mobile phone numbers?

3: What action has been taken, since January 2018, to minimalise the use of non-genuine numbers?

4: Since then, how many organisations have been stopped from using inauthentic calling line ID?

5: When are the ICO going to release the latest minutes of Op LINDEN, as promised on your web site earlier in 2019?

Yours faithfully,

Greg Smith

Information Access Inbox, Information Commissioner's Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit:

[1]https://ico.org.uk/about-the-ico/our-inf...

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

For information about what we do with personal data see our [2]privacy
notice.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found
[3]here.

Twitter

Find us on Twitter [4]here.

 

References

Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/about-the-ico/news-an...
4. http://www.twitter.com/ICOnews

Information Commissioner's Office

16 May 2019

 

Case Reference Number IRQ0842638

 

Dear Mr Smith,

Thank you for your correspondence which we received on 13 May 2019, in
which you have made a request for information held by the Information
Commissioner's Office (ICO). 
 
Your request has been passed to the ICO’s Information Access Team, and is
being dealt with in accordance with the Freedom of Information Act 2000
under the reference number shown above. 
 
As you are probably aware the FOIA provides individuals with the right of
access recorded information held by public authorities. It is important to
note that a release under FOIA is applicant blind and therefore
effectively a release to the wider world.
 
We will respond to your FOIA request promptly, and no later than 11 June
2019, which is 20 working days from the day after we received your
request.
 
Should you wish to reply to this email please be careful not to amend the
information in the ‘subject’ field. This will ensure that your reply is
added directly to your case.
 
Yours sincerely
 

Shannon Keith
Senior Information Access Officer, Risk and Governance Department
Corporate Strategy and Planning Directorate
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0330 313 1636  F. 01625 524510  [1]ico.org.uk  [2]twitter.com/iconews
For information about what we do with personal data see our [3]privacy
notice.
Please consider the environment before printing this email

References

Visible links
1. http://ico.org.uk/
2. https://twitter.com/iconews
3. https://ico.org.uk/global/privacy-notice/

Information Commissioner's Office

3 June 2019

 

Case Reference Number IRQ0842638

 

Dear Mr Smith,

Thank you for your recent request for information. We received your
request on 13 May 2019. Further to our acknowledgment of 16 May 2019 we
are now in a position to respond.
 
We have dealt with your request in accordance with your ‘right to know’
under section 1(1) of the Freedom of Information Act 2000 (FOIA).
  
Request

In your email you asked:

 1. Who is responsible for monitoring and preventing the use of
non-genuine or spoof phone numbers (via Calling Line Identification)
in the UK?
 2. What is the current law regarding the use of non-genuine calling line
ID, for live calls, recorded messages and SMS, to both landline and
mobile phone numbers?
 3. What action has been taken, since January 2018, to minimalise the use
of non-genuine numbers?
 4. Since then, how many organisations have been stopped from using
inauthentic calling line ID?
 5. When are the ICO going to release the latest minutes of Op LINDEN, as
promised on your web site earlier in 2019?

Response

Question 1

In relation to your first question I can advise you that the ICO has
specific responsibilities set out in the Privacy and Electronic
Communications Regulations 2003.

We aim to help organisations comply with PECR and promote good practice by
offering advice and guidance. We will take enforcement action against
organisations that persistently ignore their obligations. 

The ICO has several ways of taking action to change the behaviour of
anyone who breaches PECR. They include criminal prosecution, non-criminal
enforcement and audit. The Information Commissioner can also serve a
monetary penalty notice imposing a fine of up to £500,000 which can be
issued against the organisation or its directors.

Question 2

In relation to your second question I can advise you that the Privacy and
Electronic Communications Regulations (PECR) give people specific privacy
rights in relation to electronic communications. There are specific rules
on:
 

* marketing calls, emails, texts and faxes;
* cookies (and similar technologies);
* keeping communications services secure; and
* customer privacy as regards traffic and location data, itemised
billing, line identification, and directory listings.

You can view the legislation [1]here.

Specific ICO guidance on the rules about electronic and telephone
marketing is available on our website [2]here.

The regulations are derived from European Law and implement [3]European
Directive 2002/58/EC. They have been amended seven times since they came
into effect, most recently in January 2019 to ban cold-calling of pensions
schemes in certain circumstances. You can see detail of the other
amendments on our website [4]here.

Question 3

In relation to your third question I can advise you that the ICO
proactively publishes information on a quarterly basis about the action
we’ve taken in relation to PECR. This is available [5]here.

The report on the website is current to the end of January 2019 and
provides information in concluded cases and cases under investigation, as
well as current trends in live calls, text messages, and automated calls.

We separately publish a list of the civil monetary penalties issued
[6]here. Penalties issued under PECR appear in column G.

Monetary penalty notices are available [7]here.

As this information is available on our website, it is technically exempt
under Section 21—information accessible to applicant by other means.

Question 4

In relation to your fourth question I can advise you that the ICO does not
hold information within the scope of your request, as we do not hold a
list of organisations “stopped from using inauthentic calling line ID”.

While the ICO can take regulatory action in relation to 'spoofing' (for
example—issuing a monetary penalty notice and/or seeking to obtain future
compliance with PECR by serving an enforcement notice), this action may
not stop an organisation or individual from spoofing.

If an organisation or individual fails to pay a monetary penalty the ICO
can, in partnership with the Insolvency Service, act to disqualify
individuals from acting as the director of a company, take part in the
management of a company or limited liability partnership, or be the
receiver of a company’s property. This would have the effect of stopping
organisations from using inauthentic calling line ID, except in
circumstances where an individual is able to re-establish another company
with the same trading activity (known as ‘phoenixing’).

Question 5

In relation to your fifth question I can advise you that the minutes and
action items from Operation Linden strategy meetings are published on the
ICO website. The meetings are held on a quarterly basis, with the most
recent taking place on 23 October 2018, and 13 February 2019.

Thank you for bringing to our attention that the most recent Operation
Linden minutes are not available on our website. This is an oversight on
our part, and we apologise if it has caused you any inconvenience. The
minutes for the October 2018 and February 2019 meetings are being prepared
for publication and will be uploaded to the website in the near future. As
such, we are currently withholding them under Section 22 of the FOIA –
information intended for future publication.

The exemption at section 22 is qualified by the public interest test,
meaning that the information should be disclosed if the public interest in
the maintenance of the exemption does not outweigh the public interest in
disclosure.
 
In this case, the public interest factors in favour of disclosing the
information are:   
 

* to promote openness by providing information about the ICO’s
operational work and joint-agency initiatives; and
* a preference to proactively share information in a timely manner.

The factors in favour of maintaining the exemption are:
 

* The ICO has a history of publishing this information on a regular
basis and has committed to proactively publishing minutes from
Operation Linden strategy meetings, with only the minutes from the two
most recent meetings not yet available publicly.
* Disclosing the minutes without a thorough consideration of information
intended for publication could result in an unintended data breach;
and
* Earlier disclosure is not necessary to satisfy any pressing public
interest at the present time.

Having considered the public interest arguments, we consider it reasonable
in the circumstances to withhold this information under section 22 of the
FOIA.

This concludes my response to your request. I hope the information
provided is helpful.

Review Procedure
 
However, if you are dissatisfied with this response and wish to request a
review of our decision or make a complaint about how your request has been
handled you can write to the Information Access Team at the address below
or e-mail [8][ICO request email].
 
Your request for internal review should be submitted to us within 40
working days of receipt by you of this response.  Any such request
received after this time will only be considered at the discretion of the
Commissioner.
 
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation. To make such an application, please write
to our Customer Contact Team at the address given or visit our website if
you wish to make a complaint under the Freedom of Information Act.
 
A copy of our [9]review procedure can be accessed from our website.

Yours sincerely

Shannon Keith
Senior Information Access Officer
Information Commissioner’s Office

T. 0330 313 1636
 
 

References

Visible links
1. https://www.legislation.gov.uk/uksi/2003...
2. https://ico.org.uk/for-organisations/gui...
3. https://eur-lex.europa.eu/legal-content/...
4. https://ico.org.uk/about-the-ico/what-we...
5. https://ico.org.uk/action-weve-taken/nui...
6. https://ico.org.uk/media/action-weve-tak...
7. https://ico.org.uk/action-weve-taken/enf...
8. mailto:[ICO request email]
9. https://ico.org.uk/media/1883/ico-review...