WIREDGOV

A PPI claims company that sent more than 1.3 million spam texts has been fined £80,000 by the ICO.

It is the first of three fines totalling £250,000 that the ICO will issue this week to companies behind nuisance calls and texts.

The fine has been issued to UKMS Money Solutions Limited (UKMS). It used mobile phone numbers it had bought from list brokers to encourage people to make a claim for PPI compensation.

But the Birmingham-based firm did not check that the people had agreed to receive marketing text messages – something they are legally required to ensure.

A total of 1,442 people complained to the ICO and the 7726 spam text reporting service during UKMS’ nine-week direct marketing campaign between April and June 2015.

Andy Curry, enforcement manager at the ICO, said:

“UKMS relied on their data suppliers’ word that the people on the lists had agreed to be contacted. That’s simply not good enough.

“UKMS should have known that the responsibility to ensure they had the right consent to send messages to people rests with them.”

While companies controlling personal data must ensure it is used fairly and lawfully under the Data Protection Act (DPA) and the Privacy and Electronic Communications Regulations (PECR), the ICO is also reminding companies that sell the data of their legal responsibilities.

It will this week write to 1,000 firms, known as list brokers, asking them how they comply with the law when compiling and selling lists of names and numbers used by cold callers.

The ICO is also working with the Claims Management Regulation Unit (CMRU) to audit five claims management companies and check they are complying with direct marketing guidelines.

Later this week the ICO will fine another two companies, this time for making nuisance telephone calls.

This will bring the total number of fines issued over the last four months around nuisance marketing to £1 million.

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
3. The ICO is on Twitter, Facebook and LinkedIn. Read more in the ICO blog and e-newsletter.Our Press Office page provides more information for journalists.
4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection

5. Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
6. Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).