On 28 November, the ICO served monetary penalties totalling £440,000 on two owners of a marketing company which has plagued the public with millions of unlawful spam texts over the past three years.
This is the first time that the ICO has used its power to issue a monetary penalty for a serious breach of the Privacy and Electronic Communications Regulations (PECR) since these powers were approved in January 2012.
The ICO states that it is also currently considering issuing penalties to three other companies believed to be acting in breach of the regulations as the office continues its crackdown on the illegal marketing industry.
Information Commissioner, Christopher Graham, said:
“The public have told us that they are distressed and annoyed by the constant bombardment of illegal texts and calls and we are currently cracking down on the companies responsible, using the full force of the law. In March we set up a survey on the ICO website so people can tell us about any unwanted texts and calls they have been receiving. So far we have received over 60,000 responses. We know the majority of these messages and calls have been made by companies who try to remain anonymous in the hope they can profit by selling personal information to claims management companies and other marketing organisations. We are using the information provided by the public to identify those responsible.”
The penalties come after an 18-month investigation into the activities of Tetrus Telecoms. The company is jointly owned by Christopher Niebel and Gary McNeish. The ICO became aware of Tetrus Telecoms after receiving information in May 2011 that the company was sending huge volumes of unsolicited text messages from offices in Stockport and Birmingham. The texts were sent without the consent of the recipient and without identifying the sender – both of which are legal requirements under the PECR. Any replies were then used to generate leads that were sold to other companies at a considerable profit.
The ICO’s investigation included raids at the company’s Stockport premises, in August 2011, and the Manchester home of Niebel, in February this year. The evidence obtained showed Tetrus was using unregistered pay as you go sim cards to send out as many as 840,000 illegal text messages a day, generating an income of £7,000 – £8,000 a day.
Examples of the text messages sent out by Tetrus Telecoms include:
· CLAIM TODAY you may be entitled to £3500 for the accident you had. To claim free, reply CLAIM to this message. To opt out text STOP. Thank you
· URGENT! If you took out a Bank Loan prior to 2007 then you are almost certainly entitled to £2300 in compensation. To claim reply ‘YES’
· You have still not claimed the compensation you are due for the accident you had. To claim then pls reply CLAIM. To opt out text STOP
The company was set up in December 2009, and is believed to have been operational since this time. The two men made hundreds of thousands of pounds profit during the course of three years.
Niebel has now been ordered to pay a penalty of £300,000, while McNeish, who appears to have taken less out of the business, has been fined £140,000.
The ICO has connected the company to over 400 complaints to its office about spam texts linked to Tetrus.
Christopher Graham said:
“The two individuals we have served penalties on today made a substantial profit from the sale of personal information. They knew they were breaking the law and the trail of evidence uncovered by my office highlights the scale of their operations. We will continue to work with the relevant authorities as well as the network providers to ensure companies like this are punished. We’re also working with the Ministry of Justice to target claims management companies who purchase this information breaching the industry regulations, the Data Protection Act, as well as electronic marketing regulations.
Our message to the public is that if you don’t know who sent you a text message then do not respond, otherwise your details may be used to generate profits for these unscrupulous individuals. Together we can put an end to this unlawful industry that continues to plague our daily lives.”
Further information about the ICO’s investigation into Tetrus Telecoms can be found in the monetary penalty notices available on the ICO’s monetary penalty notices page.
Niebel and McNeish are also facing prosecution from the ICO for failing to notify that Tetrus Telecoms was processing personal information. Notification is a legal requirement for organisations under the Data Protection Act 1998, failure to notify is an offence punishable by a penalty up to £5,000 in a magistrates’ court and a potentially unlimited fine in the Crown Court.
The ICO is keen that any company that has bought data from Tetrus or Niebel or McNeish in the past, now carefully checks that the proper customer consents have been obtained and that they are acting within the law –claims management companies have been customers. The ICO is working with the Ministry of Justice to consider whether further enforcement action should be taken against any of these associated companies, including the cancellation of their authorisation to operate.
The ICO is currently considering issuing penalties to three other companies for breaching the PECR but is not identifying these companies at this time, as this could jeopardise investigations and evidence gathering.