The Information Commissioner’s Office (ICO) has started to issue very high fines to a number of companies and individuals, not just for serious breaches of the Data Protection Act (DPA), but also for breaches of the Privacy and Electronic Communications Regulations (PECR).
Tetrus purchased telephone numbers of individuals from lists supplied by third parties. They then sent unsolicited text messages to the telephone numbers of the individuals on the lists. Once individuals responded to the spam text from Tetrus, their numbers were then sold on to a third party.
In breach of the PECR, Tetrus were found to be transmitting unsolicited marketing messages (including concealing the identity of the sender). The ICO found that Tetrus was in serious, deliberate and informed breach of the PECR due to the:
- volume of text messages it sent; and
- the number of complaints received.
Tetrus Telecoms was fined £440,000 in total for sending illegal spam text messages. In addition to being fined for the above civil offence, a criminal prosecution is being pursued against the two individuals involved for breaches of the DPA.
Why this Case is Important
If you send spam emails or text messages to non-customers or individuals who have not given their prior consent to receiving such messages you are in breach of the PECR. You could also be in breach of the DPA. Breaches of either law could result in the ICO imposing fines of up to £500,000 and if the new proposed EU Data Protection Directive is agreed, the amount of the possible fine will increase to 2% of turnover.
Image courtesy of epSos.de