ICO announce fresh enforcement efforts

Credit: SpeedKingz/Shutterstock.com

The ICO are contacting more than 1,000 companies believed to be involved in compiling - and then selling on - lists of our names and numbers.

The companies will be required to prove that they're acting lawfully and to reveal who buys the information they sell.

On top of that, the ICO say they will be issuing three fines this week, two of which will be to companies responsible for making nuisance calls, as part of their continuing efforts to reform the sector.

That, they say, will mean that in the past four months alone they will have issued fines up to the value of £1 million pounds.

Cracking down

If they want to, the ICO can issue fines of up to £500,000. But so far, the largest fine they've issued has been for £200,000 - and it seems that they are choosing to try to educate rather than fine companies out of business.

As Information Commissioner Christopher Graham says: "There's a danger that where we remove one of the hydra's head, two grow back in its place".

So they're asking the 1,000 companies they contact to prove that they follow strict procedures when collecting and using personal data.

All the numbers they collect and sell should have been screened against the telephone preference service (TPS), thus weeding out those who have actively opted out of receiving direct marketing calls.

Numbers not listed on the TPS are fair game, provided that the person being called hasn't previously specified that they don't want to be contacted - so if, when a company does phone us, we tell them we'd like to be removed from their list, they have to honour that request in the future.

That means companies contacted by the ICO must be able to show how they get and people's consent, and when they've had that consent removed - such as up-to-date "do not call" lists.

They'll also need to show that they do not collect any unnecessary personal data.

Mr Graham says believes that "by targeting the illegitimate aspects of the list broking business... we have the chance to truly strike down this monster".

Latest batch

In the meantime, the first of this week's three ICO fines is for £80,000, and has been issued to a PPI claims company that sent more than 1.3 million spam texts.

UKMS Money Solutions Limited (UKMS) used mobile phone numbers bought from list brokers to encourage people to make PPI compensation claims.

Andy Curry, enforcement manager at the ICO, said that the company had relied on the word of the suppliers giving them the data that the people included had agreed to be contacted.

However, as alluded to above, companies are legally required to be able to prove they have consent to contact us.

"UKMS should have known that the responsibility to ensure they had the right consent to send messages to people rests with them," said Mr Curry, after issuing a fine for £80,000.

Pleading ignorance isn't a new - or effective - excuse.

In September the ICO issued a record £200,000 fine to a company who claimed they didn't know what the rules surrounding the use of personal data were.

As the ICO's head of enforcement at the time pointed out, the company "did not even bother to find out".

Ironic

Another of the fines due to be issued this week will be to a company trying to sell people "blocking" software that they say could help prevent unwanted sales and spam calls in the future.

They're not the first; in August this year another company, Stop The Calls, was fined £50,000 for doing the same thing.

This raises the question of whether the ICO's efforts to educate have been effective, and whether their warnings and fines are a strong enough deterrent.

A case in point would be the Welsh company, Help Direct UK Ltd, who in March this year received an "enforcement notice" regarding a campaign they ran in 2014.

The regulator's investigation had shown that Help Direct UK Ltd had sent almost 190,000 unsolicited marketing messages during that time, and they were warned to stop sending spam texts.

But then in April, they embarked on another campaign, spamming people with texts offering to help people reclaim PPI and bank refunds. The ICO received more than 6,750 complaints about them in just one month.

Having clearly paid not the slightest bit of attention to the ICO earlier, the company found themselves with a fine for £80,000 this time around, issued in October.

Anne Jones, Assistant Commissioner for Wales said that despite the warning, the company had "shown a blatant disregard for the rules" and "had deliberately broken the law".

Keeping tabs

So as well as issuing further fines and getting in touch with list brokers to make sure they know their obligations, Mr Graham is pushing for the ICO to be allowed to carry out "compulsory audits" on these companies.

Speaking to a group of MPs last week, he said such audits would be "very logical" tools to have for enforcement of both list brokers and lead generators.

In the meantime, the ICO rely on information from us, the people affected by the nuisance calls and texts, to find out which companies are behaving badly - and with more than 180,000 complaints per year, Mr Graham says they're getting a good picture of "who the truly bad actors are".