Buying in Third Party Email Lists

How the law affects you

Building up your own permission-based email list using website signups, competitions, registrations etc, is the most effective way to use email marketing data.

But what if you need to buy or rent-in a list? What does the law require of you as a Data Controller and how can you ensure you comply with data protection legislation?

What the ICO states

If you are buying or renting an email list from a broker, you will need to seek assurances about the basis on which the information was collected.

In short, if you wish to buy in or rent a list from a third party you can only use it if the data was obtained on a clear prior consent basis, that is, where the intended recipient has actively consented to receiving unsolicited messages by electronic mail from third parties.

You have a general obligation to make sure the recipient is provided with a valid address for opt-out requests in every message you send. Should you receive an opt-out request, you must make sure you suppress that individual’s details immediately.

As with all email marketing messages, you must ensure that the identity of the sender is neither disguised or concealed.

Some practical tips

When approaching an email list broker, ask for references from their existing clients and follow them up.

Ask to see a sample of the data you are going to buy and check it for quality.

For example, a good quality list from a trusted provider will not have generic email addresses such as ‘info@…’ and ‘webmaster@…’ Do the same eyeball check of the full data set you are sent.

Another practical point to consider is the age of the list. The older the list that you buy or rent, the less likely it is that those contacts on the list are going to respond positively to marketing messages.

It may damage the reputation of your business to send poorly targeted, unwanted marketing messages, and damage your email sender reputation with the ISPs, compromising your deliverability rate.