Replies from the ICO about Sage and FindMyPast

While talking about the junk email I’d received from Virgin Media, I mentioned my previous junk emails from Sage and from FindMyPast. These are instances where I’d decided to report the emails to the Information Commissioner’s Office – and while writing about Virgin Media, it occurred to me that I should probably write about the responses I had from the ICO. So, in the order in which they happened:


I received a telephone call from someone at the ICO to ask for permission to pass my email address on to FindMyPast in the context of instructing them to suppress it in future. I know the ICO does this, and it’s somewhat annoying that this is done in preference to actually slapping a worthwhile fine on companies that break the rules, but that’s life. During that call, the nature of the email and FindMyPast’s justification of it was mentioned – they called the email a “service update” and said it was “necessary” for the administration of my account, even after I initially complained directly to them, and despite that it was advertising a discounted subscription rate – which the chap from ICO agreed was definitely out of order. (I may have used the words “taking the piss” to describe it.)

Anyway, I gave the ICO my permission to instruct FindMyPast to suppress my email address, then received the stock response from the ICO on 12th October, 2011, in which they – as usual – said:

I have now written to the organisation to inform them of their obligations under the PECR and to ask them to suppress your email address from their databases.  This suppression should not take any longer than 28 days and should ensure that they do not email you again.

If you receive any further marketing emails from the same organisation after 28 days have elapsed then please write to us, quoting the reference number above and forwarding a copy of the relevant marketing email.

So, FindMyPast, you can’t get around the rules by calling your marketing emails “service updates” – and therefore, as I originally said, you are spammers.


The reply from ICO about Sage came on 28th November, 2012. My complaint included three emails, as detailed in my original post on the subject. Two of those emails (the first and the third) were surveys (a “customer survey” and a “SageCover survey”) and the other was advertising a discounted price on stationery. The result of my complaint was that Sage had been contacted about one of the three emails – the one advertising stationery – and told to suppress my email address from their databases (see the stock wording above about FindMyPast).

The ICO decided, though, that the survey emails:

do not appear to be in breach of the PECR as they do not appear to contain any form of unsolicited direct marketing

Where an organisation contacts a customer only to request feedback about the services they provide and the message does not contain any marketing or any attempts to further solicit the recipient, the communication in question would not constitute unsolicited direct marketing.

As you appear to be an existing customer of the organisation in question, we deem it reasonable to expect that the organisation may contact you from time to time despite any previously notified marketing preferences you may have made.

We are therefore unable to investigate these emails further.

The Privacy and Electronic Communications (EC Directive) Regulations 2003 do, very specifically, talk of the “use of electronic mail for direct marketing purposes” – with the relevant section actually having that title – so according to the regulations, the ICO is technically correct.

However, while I have to reluctantly agree with the Information Commissioner’s Office that those two emails are not something they can deal with, because they contain no direct marketing and are therefore not in breach of the 2003 regulations, that does not change my opinion of what those emails are: They remain emails that were unsolicited and commercial in nature.


Note that the term often used to describe spam is UCE, which stands for “Unsolicited Commercial Email” and not UME or UDE which might stand for “Unsolicited Marketing Email or Unsolicited Direct-marketing Email”. This term was in use long before 2003 for a very good reason – the regulations introduced in that year really missed the point.

On the subject of Sage, I should also note that I received another email from them a couple of days ago, to the same address as before. This email was actually a SageCover Extra newsletter. Having previously made sure I was not subscribed to receive anything at all from Sage – except replies to emails, obviously – I hold that I should not have received this email. And I commented about it on Twitter as soon as I saw it, but did nothing else.

This morning, while writing about the Virgin Media email, I received a phone call from someone at Sage in response to that comment on Twitter. The caller pointed out that the nature of the email was purely informational, being about the software I already have (for example containing tips) than actually selling anything, and a quick glance at the contents of the email shows he is correct (which means it would be disregarded by the ICO if I was to complain to them for the reasons given above). He also explained how my email address was probably added – I had contacted Sage support by email about an issue a few weeks earlier, and it looks like the person I spoke to may have added my address to the newsletter as a courtesy, noting it wasn’t already listed for it, without any knowledge of my previous objections.

I have accepted that explanation and the caller’s apology – and his assurance that my address has been removed again!

My SageCover Extra contract was extended as a courtesy after my previous complaints, and doesn’t run out until July. I think that, until then, should I contact Sage with any support issues, I’ll have to try to remember doing so by phone to avoid my email address being picked up and used in this way again.

Related posts