Company Fined Over Unsolicited Direct Marketing Campaign
Almost everyone has been targeted by an unsolicited direct marketing campaign, but the authorities are getting on top of the problem and fines of up to £500,000 can be imposed on those who breach data protection rules. In one case, a company that sent almost 400,000 text messages was hit hard in the pocket.
The texts, which offered assistance with debt relief, had generated 158 complaints from the public in just over two months. Following an investigation, the Information Commissioner found serious breaches of the Data Protection Act 1998 and imposed a financial penalty of £50,000. Although the contraventions had not been deliberate, the company knew or ought to have known that there was a risk that they would occur and had taken insufficient steps to obviate that risk.
In challenging the decision before the First-tier Tribunal (FTT), the company argued that it had purchased data on those who received the texts from a third party, who had warranted that they had given valid consent to the receipt of direct marketing communications. Details of those targeted had been gleaned from websites that offered debt relief services.
The FTT, however, found that steps taken by the company to ensure that recipients had been properly informed of their privacy rights and had given informed consent to direct marketing were woefully inadequate. Given the small size of the company and its modest profits, the monetary penalty was, however, reduced to £20,000.