Monday 17 Oct 2016 @ 10:15
Information Commissioner's Office
Printable version

Barnet firm fined by Information Commissioner’s Office

A company which sent thousands of spam texts about loans has been fined £20,000by the Information Commissioner’s Office (ICO).

Rainbow (UK) Ltd, based in Barnet, broke the law about how people’s personal information can be used for marketing.

Steve Eckersley, ICO Head of Enforcement, said:

“Spam texts annoy and disturb people but also leave them worrying about how a company has got hold of their details.

“The people who reported spam texts from Rainbow have helped us to investigate this company and take action. I would urge anyone disrupted by spam texts from other firms to report them so we can continue to clamp down on businesses like Rainbow.”

An ICO investigation found Rainbow sent 21,000 spam texts over four months last year containing the following message:

Get a CASH loan of up to 1000 pounds today! Apply now at www.payday-loansfor.me.uk/m and get your money in 10 mins. To opt out reply STOP.

The scale of the contravention could have been much larger as Rainbow had attempted to send more than half a million text messages, but due to a technical error only 21,045 were successfully transmitted.

Organisations can only send marketing text messages to people who have specifically consented to receiving them. Any organisation buying marketing lists from suppliers must carry out rigorous checks to make sure the third party has obtained the data fairly and lawfully and that they have the necessary consent. Rainbow failed to do this.

Mr Eckersley said:

“The buck stops with the company sending the marketing texts to ensure they are complying with the law. It’s no excuse to rely on the supplier who gave you the names and numbers.”

The ICO has published detailed guidance for firms carrying out direct marketing by phone, text, email, post or fax.

There is advice on how to avoid spam texts on the ICO’s website as well as an online tool where people can report spam texts.

new code of practice has been launched by the ICO this month which sets out how organisations should explain to people how they’re using their personal information.

Notes to Editors

  1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
  3. The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000.
  4. The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications.

There are specific rules on:

  • marketing calls, emails, texts and faxes;
  • cookies (and similar technologies);
  • keeping communications services secure; and
  • customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

 We aim to help organisations comply with PECR and promote good practice by offering advice and guidance. We will take enforcement action against organisations that persistently ignore their obligations.

5. The rules on electronic mail marketing (which includes text messages) are in regulation 22 of PECR. In short, you must not send electronic mail marketing to individuals, unless:

  • they have specifically consented to electronic mail from you; or
  • they are an existing customer who bought (or negotiated to buy) a similar product or service from you in the past, and you gave them a simple way to opt out both when you first collected their details and in every message you have sent.

 You must not disguise or conceal your identity, and you must provide a valid contact address so they can opt out or unsubscribe. 

  1. Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
  1. Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
  1. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns/
Channel website: https://ico.org.uk/

Share this article

Latest News from
Information Commissioner's Office

Password manager provider fined £1.2m by ICO for data breach affecting up to 1.6 million people in the UK

11/12/2025 16:20:00

We have fined password manager provider LastPass UK Ltd £1.2 million following a 2022 data breach that compromised the personal information of up to 1.6 million of its UK users.

Jointly Prepared Statement from the Information Commissioner’s Office (ICO) and Financial Conduct Authority (FCA) on Targeted Support and Direct Marketing

11/12/2025 14:25:00

It is important for your customers to receive timely and relevant information to support decisions about their finances, while having their direct marketing preferences and data protection rights respected. This is crucial in order for customers to trust the information they receive, helping them to make informed decisions and pursue their financial goals.

People trying to access their own care records are being let down, Information Commissioner warns

10/12/2025 09:10:00

We have called for urgent improvements across UK local authorities and Health and Social Care Trusts in Northern Ireland after warning that people trying to access their own care records are being let down.

ICO action secures increased cookie compliance, giving millions stronger control over their personal information online

05/12/2025 10:10:00

The Information Commissioner’s Office (ICO) has provided an update on its action to tackle cookie compliance, which has brought the vast majority of the UK’s most used websites into compliance with rules on the use of advertising cookies. 

Regulator holds public bodies to account by cracking down on FOI failures

04/12/2025 11:10:00

The Information Commissioner’s Office (ICO) has issued a series of enforcement notices and practice recommendations to several public authorities after identifying significant failures to comply with the Freedom of Information (FOI) Act 2000.

Children’s online privacy in mobile games under spotlight

02/12/2025 12:25:00

The ICO yesterday announced that they will be scrutinising how popular mobile games played by children in the UK protect their online privacy.

Regulating for impact with our public sector approach

12/11/2025 11:10:00

As a regulator, sometimes we need to intervene directly with organisations to drive change. But our goal is always broader: to raise standards across entire sectors. That means choosing the right regulatory tools to hold decision-makers accountable, set clear expectations, and secure lasting improvements.

ICO call for views on enforcement procedural guidance

31/10/2025 12:25:00

We are calling for views on new guidance setting out how we approach investigations and take enforcement action. 

Crack down on police data delays

30/10/2025 12:25:00

We have issued an enforcement notice to South Wales Police (SWP) over serious delays in handling subject access requests (SARs).