The Information Commissioner’s Office (ICO) has announced that it has searched offices in Brighton and Birmingham as part of a year-long investigation into companies who are suspected of breaching the Privacy and Electronic Communications Regulations 2003 (PECR). The data protection watchdog says that the companies are suspected of making millions of illegal nuisance calls, including both live and automated calls.
The calls concerned two areas of claims management activity – road traffic accidents and personal injury claims – as well as insurance for household goods.
PECR says that companies should not make live marketing calls to any individual who has registered with the Telephone Preference Service, or who has informed the company in question that they do not wish to receive marketing calls. The same law says that automated calls can only be made to individuals who have explicitly consented in advance to receiving communications of this nature.
The ICO says it has received more than 600 complaints about the marketing practices of these companies, and that many of the complainants have alleged that they were unable to identify who the calls were from and were unable to opt out of receiving future marketing communications, which would also constitute breaches of PECR.
ICO enforcement officers seized computer equipment and documents for analysis from the offices and will now consider if enforcement action is appropriate.
Andy Curry, head of the anti-nuisance call team at the ICO, said:
“Today’s searches will fire a clear warning shot to business owners who operate outside the law by making nuisance marketing calls to people who have no wish to receive them.
“The evidence seized will help us identify any illegal business activities and assist us to take enforcement action, which may include action against the directors, on behalf of the victims who have turned to us for help.”
Mr Curry’s comments about possible action against the directors of these companies suggests that the ICO may be about to use its newly granted power to issue personal fines to individual company directors. Although it is yet to make use of this power, the data protection regulator can impose fines of up to £500,000 on any of the directors. This theoretically means that a company with two directors that breaks the rules could be hit with a £1.5 million penalty – £500,000 for the company itself and £500,000 each for the two directors.
The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article