The Information Commissioner’s Office (ICO) have been granted new powers which allow it to fine bosses for spam calls. As of this week, starting on the 17th December, company directors and senior officers could be held personally liable for nuisance calls, and be forced to pay up to £500,000 for any breaches.
The ICO has been advocating for director liability as it often struggles to recover cash from firms that chose to liquidate rather than pay up. Earlier this year it was revealed that the ICO only managed to claw back £9.7m of the £17.8m fines it has issued since 2010.
The majority of unpaid fines are for breaches of the Privacy and Electronic Communications Regulations (PECR). This is the law used to fine companies making bulk nuisance marketing texts and calls. Typical violations include failing to get the right permissions from people they call, or to check if numbers are opted-out via the Telephone Preference Service.
The UK government initially promised to give the data protection regulator new powers two years ago and launched a consultation on the proposed amendments to the PECR earlier this year. The new powers were subsequently granted this month.
At present, the ICO can only issue fines to companies that make spam marketing calls. However, in under a month it will be able to hand out additional penalties to the directors themselves.
Commenting on the change, Jon Baines, a data protection advisor at Mischon de Reya said: “When fines have been served on corporate bodies, directors have escaped liability, even where it has been clear that they knew about, or instigated, the sending or making of the illegal marketing.
“It is also very common for companies served with fines to fold, only for their directors to reappear at the helm of new, similar companies (a phenomenon sometimes known as ‘phoenixing’).”
The ICO will be able to issue fines to directors and senior officers if it has served a penalty on the company itself. Also, the breach must have occurred with the consent or participation of the director, or be attributable to any neglect on their part.
It is likely that the ICO will make quick use of the powers given that it has been pushing for them for so long. As such, any directors who knowingly or negligently allow their businesses to send unlawful electronic marketing should now be worried.
Is your firm compliant with the new rules? Do these measures go far enough?