Direct marketing companies that take a relaxed approach to data handling have only themselves to blame if they fall foul of the law. A home improvements company on the receiving end of numerous nuisance call complaints found that out when it was hit with a £150,000 penalty to reflect its failures in due diligence.
During an intensive, eight-month marketing campaign, more than a million calls were attempted from the company’s call centre, almost 700,000 of which were connected. Of those, more than 370,000 were made to recipients who had registered with the Telephone Preference Service (TPS). Such registration is intended to prevent unsolicited marketing calls being made without consent. The penalty was imposed by the Information Commissioner after 91 complaints were received, all of them from TPS subscribers.
Rejecting the company’s challenge to the penalty, the First-tier Tribunal (FTT) noted that it had bought in data, in the form of telephone numbers, from outside suppliers. Exhibiting a relaxed attitude, the company took no steps to screen those numbers against the TPS register. It relied instead on assurances from data suppliers that the numbers had been pre-screened, or that required consents had been obtained, and that they were ready for marketing use. The only due diligence that the company conducted was to check the numbers against its own call suppression list.
Even after the Information Commissioner notified the company of complaints and warned it that regulatory action was being contemplated, there was no change in its practice nor was there any attempt to better understand or comply with its legal obligations under the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
Although it was not suggested that the contraventions of the PECR were deliberate, the company’s reliance on its data suppliers’ assurances was not enough. Neither ignorance of the law nor the youth and relative inexperience of its directors provided an excuse. Given the absence of mitigation, the FTT concluded that the penalty was reasonable and proportionate, also serving to dissuade others from similar breaches.
Houseguard UK Limited v The Information Commissioner. Case Number: EA/2021/0067/FP