Abuse privacy at your own risk
Companies which flout the privacy regulations are increasingly paying the penalty, and the Information Commissioner's Office (ICO) is not pulling its punches. This month it has fined two firms who made unsolicited marketing calls to people registered with the Telephone Preference Service (TPS).
ACT Response Ltd (Middlesborough) made 580,000 such calls. The ICO has said that ACT was well aware of TPS, to the extent that its call script even included a section on how to handle people who complained about the call and said they were TPS registered. ACT was fined £140,000.
Secure Home Systems (West Midlands) which made 80,000 calls to TPS numbers, claimed it had bought a list in good faith. The ICO ruled that it should still have screened the list against TPS, and fined them £80,000.
One of the problems with ICO fines has been that they are often quite small in relation to the number of calls made, but with fines now reaching punitive levels, it is harder for firms to write them off as part of the cost of doing business. The other problem with ICO fines though is that it is far to easy to liquidate companies to avoid fines. Last year, ICO handed out £17.8m in fines, but was only able to collect £9.7m.
From December 17th, that changes. Whilst the news of this legislation may have been drowned out by Brexit, from that date, directors and senior officers of companies become personally liable for up to £500,000 each if the company fails to pay the fine or goes into liquidation to avoid the fine. This change to the statute book is long overdue.
The ICO also broke new ground in enforcement this month when one of its prosecutions resulted in a prison sentence. When working for the National Accident Repair Services, employee Mustafa Kasim had access to records containing customers name, phone number, vehicle, and accident information, which he then sold on to telephone scammers. Whilst this was a clear privacy violation, the Data Protection Act and GDPR only allows for fines to be levied. Creatively, the ICO decided to prosecute instead using the Computer Misuse Act. Kasim pleaded guilty and has been sentenced to six months in prison, and the criminal conviction also allows the ICO to use confiscations under the Proceeds Of Crime Act to claw back money he made from selling the data.
30th November 2018
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.