On 26 November 2012, the Information Commissioner’s Office (“ICO”) imposed monetary penalties totalling £440,000 on the owners of Tetrus Telecoms for sending unlawful marketing text messages. This is the first time the ICO has issued monetary penalties for breach of the Privacy and Electronic Communications Regulations 2003 (“PECR”).
The organisation is believed to have sent up to 840,000 spam texts a day from 16,000 unregistered SIM cards, including messages inviting recipients to apply for compensation in relation to personal injury and financial products. The leads were then sold to other companies generating thousands of pounds per day.
The ICO found the owners had breached PECR, as:
In addition, the texts caused distress and damage to the recipients, including a likelihood of being concerned and/or misled.
The ICO itself did not have an easy time tracking down those responsible; one issue being that the domain name for the organisation’s website (which, interestingly, claimed that customer data files complied with the Data Protection Act with “the chance to opt-in/opt-out”) was registered to an address in the Seychelles.
If you are a business which sends marketing communications by phone, text, email or fax, you should ensure you are familiar with the requirements of PECR, including the circumstances in which you need to obtain consents, provide opt-outs, identify yourself and provide contact details. In addition, if you obtain leads from a third party, you will need undertake sufficient checks to satisfy yourself that the data provided to you has been obtained lawfully, to avoid unwittingly breaching data protection and privacy requirements.
Olivia Whitcroft, principal of OBEP, 30 November 2012
This article provides general information on the subject matter and is not intended to be relied upon as legal advice. If you would like to discuss this topic, please contact Olivia Whitcroft using the contact details set out here: Contact Details