Information Commissioner's Office
ICO issues £200,000 fine for unsolicited text messages
Help Direct UK Ltd, a Swansea-based lead generation company has been fined £200,000 by the ICO for sending out thousands of unsolicited marketing text messages.
A marketing campaign run by the company in April 2015 prompted 6,758 complaints in just one month. People complained about a variety of messages offering services including the reclaim of PPI payments, bank refunds and loans. A typical text read: “Its been signed off, we have 3886.41 in your name for the accident you had, for us to put in your bank Now just fill out www.accidentinjuryclaim.so”
One complainant to the ICO explained they had never had an accident and was worried someone may be fraudulently using their identity. Another was concerned they may have unknowingly caused an accident.
An ICO investigation discovered that Help Direct UK was using unregistered SIM cards to send the messages, a common practice by companies looking to avoid the mobile networks’ spam detectors.
Anne Jones, Assistant Commissioner for Wales said:
“This was a marketing campaign on a massive scale from a company who has already been warned by us to stop sending these marketing messages.
“Help Direct has deliberately broken the law by continuing to send these messages, which is why the company has received the first monetary penalty under our new powers.
“The company has also shown a blatant disregard for the rules by ignoring enforcement action we issued earlier this year. They are now facing the consequences of that decision.
“Help Direct’s actions are unacceptable and we will act to stop companies behaving in this way. We have the power to prosecute anyone ignoring our enforcement notices and, as well as the fine, Help Direct can expect even more action from us.”
The ICO issued an enforcement notice seven months ago ordering Help Direct to stop sending marketing texts after a previous investigation showed it had sent 187,960 messages in 2014, many offering pension reviews. Mobile phones and devices used by the company in the past were linked to the current investigation. Breaching an enforcement notice is a criminal offence and the ICO is now considering further action.
A change in the law makes it easier for the ICO to issue fines to companies that break the law. Previously, the ICO has had to prove that a company caused ‘substantial damage or substantial distress’ to individuals by making nuisance calls or sending spam text messages. But from April 2015, the ICO just has to prove that the company was committing a serious breach of the Privacy and Electronic Communication Regulations (PECR); either the breach was deliberate or the company knew or ought to have known that there was a risk that the contravention would occur; and the company failed to take reasonable steps to prevent it. This is the first fine under these new rules.
Spam texts can be reported to the ICO or to a network operator by sending them, free of charge, to '7726'. The networks are also working to block the worst offenders.
The ICO has published detailed guidance for companies carrying out marketing – explaining their legal requirements under the Data Protection Act and the Privacy and Electronic Communications Regulations. The guidance covers the circumstances in which organisations are able to carry out marketing over the phone, by text, by email, by post or by fax.
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
- The ICO is on Twitter, Facebook and LinkedIn. Read more in the ICO blog and e-newsletter. Our Press Office page provides more information for journalists.
- Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection
- Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
- Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO).
Latest News from
Information Commissioner's Office
Blog: Information Commissioner looks ahead to 202126/01/2021 10:25:10
Blog posted by: Elizabeth Denham, 25 January 2021.
Blog: Maintaining data flows for a digital world25/01/2021 15:38:00
Information Commissioner Elizabeth Denham looks at the data protection aspects of the recently agreed UK-EU trade agreement.
Adtech investigation resumes25/01/2021 12:25:00
Simon McDougall, ICO Deputy Commissioner – Regulatory Innovation and Technology recently commented on Adtech’s investigation.
ICO supports innovative data sharing projects to protect vulnerable people21/01/2021 12:33:00
The ICO Sandbox has selected three innovative data sharing services aimed at helping those who are vulnerable to online gambling harms, supporting ex-service men and women get the care they need, and a platform to help fight against cyber-criminals.
ICO and National Privacy Commission, Philippines, sign Memorandum of Understanding14/01/2021 12:25:00
UK Information Commissioner, Elizabeth Denham, and her counterpart in the Philippines, Commissioner and Chairman Raymund Enriquez Liboro (NPC), yesterday signed a Memorandum of Understanding (MOU).
Motor industry employee sentenced in ICO Computer Misuse Act prosecution08/01/2021 16:15:00
A motor industry employee has been sentenced to eight months' imprisonment, suspended for two years, in a prosecution brought by the Information Commissioner’s Office (ICO).
ICO statement in response to UK Government’s announcement on the extended period for personal data flows, that will allow time to complete the adequacy process29/12/2020 09:15:00
The Government has announced that the Treaty agreed with the EU will allow personal data to flow freely from the EU (and EEA) to the UK, until adequacy decisions have been adopted, for no more than six months.
Update to the joint statement on global privacy expectations of video teleconferencing companies24/12/2020 13:20:00
On 21 July 2020 the Information Commissioner’s Office (ICO) and five other data protection and privacy regulators from around the world jointly signed an open letter to companies providing video teleconferencing services.