WIREDGOV

The Information Commissioner’s Office (ICO) has searched two addresses in Greater Manchester as part of an investigation into companies suspected of sending millions of unsolicited text messages.

ICO enforcement officers executed search warrants at offices in Stockport and a house in Sale.

The operation is part of an ICO investigation into companies believed to be responsible for sending over 11 million unsolicited text messages to UK mobile numbers between January 2017 and January 2018. As a result the ICO received 3,297 separate complaints.

The text messages mainly promoted financial management services such as pensions and loans and also claims management for issues such as PPI and flight cancellations. The recipients were unable to identify who the calls were from or opt out of them which is also against the law.

Computer equipment and documents were seized for analysis and the ICO’s enquiries into alleged breaches of the laws surrounding unsolicited telephone marketing continue.

Andy Curry, the ICO’s Enforcement Group Manager, said:

“Nuisance text messages like this are a real problem for people as seen in the number of complaints we have received in this case alone. Businesses and individuals who carry out this type of marketing, should be assured that we will carry out thorough investigations and take tough action against them where necessary. Along with existing evidence, we hope the evidence seized in the raids will enable us to stop this business’s activity and act as a deterrent to others.”

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
3. The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit. The ICO has the power to impose a monetary penalty on a data controller of up to £500,000.
4. The Privacy and Electronic Communications Regulations (PECR) sit alongside the Data Protection Act. They give people specific privacy rights in relation to electronic communications. There are specific rules on:
   • marketing calls, emails, texts and faxes;
   • keeping communications services secure; and customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
     
     We aim to help organisations comply with PECR and promote good practice by offering advice and guidance. We will take enforcement action against organisations that persistently ignore their obligations.                         
5. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
   • fairly and lawfully processed;
   • processed for limited purposes;
   • adequate, relevant and not excessive;
   • accurate and up to date;
   • not kept for longer than is necessary;
   • processed in line with your rights;
   • secure; and
   • not transferred to other countries without adequate protection.
6. Civil Monetary Penalties (CMPs) are subject to a right of appeal to the (First-tier Tribunal) General Regulatory Chamber against the imposition of the monetary penalty and/or the amount of the penalty specified in the monetary penalty notice.
7. Any monetary penalty is paid into the Treasury’s Consolidated Fund and is not kept by the Information Commissioner’s Office (ICO). 
8. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.
9. The European Union’s General Data Protection Regulation (GDPR) is a new law which will apply in the UK from 25 May 2018. The Government has confirmed the UK’s decision to leave the EU will not affect the commencement of the GDPR. The Government is introducing measures related to this and wider data protection reforms in a Data Protection Bill.