Who: The Information Commissioner’s Office (“ICO”), Point One Marketing Ltd (previously Conservo Digital Ltd) (“POM”) and Home Energy & Lifestyle Management (“HELM”)
Where: UK
When: 10 August 2015
Law stated as at: 7 October 2015
What happened:
In two more recent cases, ICO has been continuing its crackdown on nuisance callers.
In the first, a Bournemouth-based company that offered a nuisance call blocking service was itself fined £50,000 by the ICO for making “bullying and aggressive” nuisance calls.
POM – ironically trading as ‘Stop the Calls’ – marketed a call blocking device for phones as well as a service removing people’s details from a cold-call database. The only trouble was that it was making nuisance calls itself.
Between 1 February 2014 and 31 March 2015, the ICO received 169 complaints about POM. All of these complaints were made by individual subscribers who were registered with the Telephone Preference Service (“TPS”) – the official UK “do not call” service, which is free to use.
Moreover, between 1 February 2014 and 28 February 2015, the TPS received an additional 562 complaints about POM. The TPS referred all of those complaints to POM and also notified the ICO.
Under Regulation 21 of the Privacy & Electronic Communications (EC Directive) Regulations 2003 (“PCRs”). a company may not make unsolicited calls for direct marketing purposes to an individual who has registered their telephone number with the TPS, unless that individual has given their consent to that company to receive such calls.
Record penalty for automated calls using pre-recorded messages
In the second case, the ICO imposed a record penalty of £200,000 on Home Energy & Lifestyle Management.
This was in respect of the non-compliant use of automated calling services for the purpose of making recorded direct marketing calls contrary to Regulation 19 of the PCRs. This provides that such calls cannot be made without the prior consent of the recipient. No such consent was obtained in this case.
HELM is an official provider of the Government’s “Green Deal” a Government-backed energy saving initiative.
Between 2 October and 12 December 2014, the ICO received 242 complaints about HELM via its online reporting tool. HELM admitted to the ICO that it had made in excess of 6 million automated calls during the “free solar panels” campaign although the calls were only connected to approximately 59,500 subscribers and at least 1,750,000 were made to invalid numbers.
It appeared that HELM was unaware of the requirements of the PCRs for prior consent for automated calls using pre-recorded messages.
Case aggravated by misleading use of “free”
The HELM case was aggravated by the claim that the panels being offered were “free” when this was not necessarily the case.
In correspondence with the ICO on the POM case, the company admitted to problems with the quality of opt-in data it was using and yet persisted in using the same unreliable third party data supplier until the ICO intervened.
The ICO found that POM had not undertaken any due diligence checks on the data they were purchasing to ensure that the individuals it was systematically calling had ‘opted in’ to receive direct marketing calls. The ICO was further concerned that POM was clearly failing to operate a proper internal Do Not Call (“DNC”) list to suppress further marketing to consumers that had requested not to be called again.
As a result of this, the ICO was satisfied that POM had failed to take reasonable steps to prevent contraventions of the PCRs. The ICO did not, however, consider POM’s contraventions of the PCRs to be deliberate, in spite of the damning reports received from complainants.
Reasonable steps in these circumstances would have included carrying out due diligence checks, screening the data against the TPS register/its own suppression list and providing the Company’s telesales staff with written procedures and training regarding the requirements of the PCRs and how to comply with them. POM failed to take those steps.
In the HARM case, the ICO also took into account that contrary to Regulation 24 of the PCRs, the identity of the person sending the automated calls was not provided, nor an address or telephone number of a person on which he could be reached free of charge.
Why this matters:
While POM’s activities arguably occupy the more serious end of the spectrum in terms of PCR contraventions, the ICO’s conclusions emphasise the importance for companies engaged in direct marketing of carrying out due diligence. This is particularly true in cases where data is purchased-in from third party suppliers.
Being able to evidence that reasonable steps have been taken to prevent breaches of the PCRs will usually serve as a defence to any monetary penalties, even where de facto contraventions have taken place.
In this case, the ICO has stated that reasonable steps would have included:
- carrying out due diligence checks;
- screening data against the TPS register and internal DNC suppression lists; and
- providing telesales staff with written procedures and training regarding the requirements of PECR and how to comply with them.
POM failed to take any of these steps.
In sum, a failure to take reasonable steps to comply with the PCRs can therefore prove very costly, and the ICO is taking an increasingly tough stance on nuisance communications.