Help Direct UK Ltd, a Swansea-based lead generation company has been fined £200,000 by the ICO for sending out thousands of unsolicited marketing text messages.
A marketing campaign run by the company in April 2015 prompted 6,758 complaints in just one month. People complained about a variety of messages offering services including the reclaim of PPI payments, bank refunds and loans. A typical text read: “Its been signed off, we have 3886.41 in your name for the accident you had, for us to put in your bank Now just fill out www.accidentinjuryclaim.so”
One complainant to the ICO explained they had never had an accident and was worried someone may be fraudulently using their identity. Another was concerned they may have unknowingly caused an accident.
An ICO investigation discovered that Help Direct UK was using unregistered SIM cards to send the messages, a common practice by companies looking to avoid the mobile networks’ spam detectors.
Anne Jones, Assistant Commissioner for Wales said:
“This was a marketing campaign on a massive scale from a company who has already been warned by us to stop sending these marketing messages.
“Help Direct has deliberately broken the law by continuing to send these messages, which is why the company has received the first monetary penalty under our new powers.
“The company has also shown a blatant disregard for the rules by ignoring enforcement action we issued earlier this year. They are now facing the consequences of that decision.
“Help Direct’s actions are unacceptable and we will act to stop companies behaving in this way. We have the power to prosecute anyone ignoring our enforcement notices and, as well as the fine, Help Direct can expect even more action from us.”
The ICO issued an enforcement notice seven months ago ordering Help Direct to stop sending marketing texts after a previous investigation showed it had sent 187,960 messages in 2014, many offering pension reviews. Mobile phones and devices used by the company in the past were linked to the current investigation. Breaching an enforcement notice is a criminal offence and the ICO is now considering further action.
A change in the law makes it easier for the ICO to issue fines to companies that break the law. Previously, the ICO has had to prove that a company caused ‘substantial damage or substantial distress’ to individuals by making nuisance calls or sending spam text messages. But from April 2015, the ICO just has to prove that the company was committing a serious breach of the Privacy and Electronic Communication Regulations (PECR); either the breach was deliberate or the company knew or ought to have known that there was a risk that the contravention would occur; and the company failed to take reasonable steps to prevent it. This is the first fine under these new rules.
Spam texts can be reported to the ICO or to a network operator by sending them, free of charge, to ‘7726’. The networks are also working to block the worst offenders.
The ICO has published detailed guidance for companies carrying out marketing – explaining their legal requirements under the Data Protection Act and the Privacy and Electronic Communications Regulations. The guidance covers the circumstances in which organisations are able to carry out marketing over the phone, by text, by email, by post or by fax.