The Information Commissioner’s Office (ICO) has announced a record equaling £400,000 fine to a company making nuisance calls which sought to sign people up to Payment Protection Insurance (PPI) and Road Traffic Accident (TRA) claims.
This fine, four fifths of the maximum allowed, followed over 1,000 complaints and an ICO investigation which revealed that almost 100 million calls had been made and that both the Privacy and Communications Regulations and the Data Protection Act had been breached.
The ICO found that these calls, often at unsocial hours, frequently repeated (sometimes on the same day) and some misleadingly giving the impression that the calls were urgent involving a recent accident or an ongoing claim, were a deliberate breach of regulations and that the company had set out to make automated calls on a massive scale.
PPI and TRA nuisance calls will be familiar to most of us and have become an everyday irritant for many so this fine is of some comfort, showing that the ICO take complaints made seriously and will investigate alleged breaches and issue fines where able.
While a strike back at nuisance callers, the ICOs Deputy Commissioner, Simon Entwistle, expressed frustration that while the ICO have been able to successfully investigate and levy the fine, as the company who made the calls is now being liquidated it is unlikely that the fine will be recovered. Given that this is a common frustration that the ICO comes across they are now pushing for greater accountability for breaches around privacy and data protection with the prospect of direct liability for directors of companies being raised.
Along with the ICO pushing for greater accountability, there are also greater responsibilities for those handling personal data and new powers for the ICO coming in through the General Data Protection Regulation (GDPR) which comes in to effect in less than a year. The GDPR greatly increases the level at which fines can be made (up to €20mil or 4% of worldwide turn over), expands the scope of who is responsible for data, and tightens up accountability, reporting and consent obligations.
With stories relating to nuisance marketing and data breaches regularly in the news, the countdown to GDPR, and the ICO now pushing for personal liability of directors, data protection is continuing to be a busy area and will continue to increase its impact on businesses.