BUSINESSES should think twice before they buy a new database from a third party.

The renewed warning from Yorkshire law firm Cobbetts comes in light of an important decision last week, by the Advertising Standards Authority (ASA), against a company which used a database bought from a third party for marketing purposes to communicate with potential customers.

A normal step for most companies, but in this case the company was ruled to be in breach of the Direct Marketing Code administered by the ASA, on two counts, landing it in hot water.

Wendi Lunn, data protection specialist at Cobbetts, said: "In this case, the company, moviechoices.com, ended up in trouble because it could not prove that the consumers included on the database had given prior consent to receiving unsolicited communications from third parties.

"Although the company had been given contractual assurances by the vendor that the necessary consent had been obtained, it had no evidence to prove it. The complainant, on the other hand, denied that he had given consent to receiving communications from third parties."

The company was also found to have committed a further breach of the code, by not including an opt-out clause in the email, to enable recipients to opt out of receiving marketing material in the future.

This, it claimed, was due to a one-off error - leaving it in breach of not only the ASA's British Code of Advertising, Sales Promotion and Direct Marketing, but also the Privacy and Electronic Communications (EC Directive) Regulations 2003, administered by the Information Commission.

The code and particularly the regulations, present significant obstacles to e-marketers and marketers in general who may use third party mailing lists more frequently than other businesses, she said. What's more, if caught contravening the law, adverse and unwanted publicity may result, as well as other possible sanctions.

She said: "This case sends a warning to all businesses that they need to re-examine their marketing and communication methods to check they comply with the intricacies of data protection, to avoid falling foul of the law.

"Specifically, it emphasises the importance of thorough due-diligence and receipt of documentary evidence of necessary consent prior to the purchase of third party mailing lists."

Updated: 10:28 Friday, October 29, 2004