Nine years on from the introduction of anti-spamming laws, the UK’s data protection watchdog has finally pushed the boat out and hit PPI claim marketers with huge fines. And they haven’t finished with “Tetrus Telecoms” and their principals Niebel and McNeish yet. Stephen Groom reports.
Topic: Mobile marketing
Who: Information Commissioner's Office, Christopher Niebel and Gary McNeish trading as Tetrus Telecoms
When: November 2012
Law stated as at: 5 December 2012
Following an 18 month investigation including raids on premises in Stockport and Manchester, the Information Commissioner's Office imposed monetary penalties totalling £440,000 on two owners of a marketing business called Tetrus Telecoms ("TT").
ICO first received reports in May 2011 that TT was sending huge volumes of unsolicited text messages without consent and without identifying the sender. Both of these are legal requirements under respectively para 22 (2) and para 23 (a) of the Privacy and Electronic Communications (EC Directive) Regulations 2003 ("PECRs").
Any replies to the mobile spam were then used to generate leads that were sold to other companies at a considerable profit. The spam sought to generate interest in pursuing claims for Payment Protection Insurance mis-selling.
The evidence showed that TT was using unregistered pay-as-you-go sim cards to send out as many as 840,000 illegal texts a day, generating a daily income of £7000-8000. Messages included:
"URGENT! If you took out a Bank Loan prior to 2007 then you are almost certainly entitled to £2300 in compensation. To claim reply "YES."
The business was set up in 2009 and since then it is estimated that McNeish and Niebel have made hundreds of thousands of pounds profit.
Niebel has been ordered to pay a penalty of £300,000, while McNeish has been fined £140,000.
Both also face prosecution for failing to notify ICO that TT was processing personal information.
ICO points out also that any company that has bought leads from TT should check whether proper customer consents have been obtained.
Why this matters:
The fines were imposed under ss 55A to 55E of the Data Protection Act 1998 ("DPA") which empower ICO to issue monetary penalty notices up to £500,000 for serious breaches of the DPA. This power has been extended to cover breaches of the PECRs.
The imposition by ICO of such a penalty, indeed any monetary penalty, for spam has been a long time coming. Nine years to be precise. All those involved in mass, untargeted marketing email or text campaigns should take note.