InfoLaw Update January 2013 (Part 2)
In this issue of InfoLaw Caroline Readhead focuses on ways in which the ICO is cracking down on the illegal marketing industry.
The Information Commissioner’s Office (ICO) last month served monetary penalties totalling £440,000 on two owners of a marketing organisation, Tetrus Telecoms, which has plagued the public with millions of unlawful spam texts over the past three years.
This is the first time that the ICO has used its power to issue a monetary penalty for a serious breach of the Privacy and Electronic Communications Regulations (PECR) since these powers were approved in January 2012.
The ICO is also currently considering issuing penalties to three other companies believed to be acting in breach of the regulations as the office continues its crackdown on the illegal marketing industry.
Marketing Texts: What does the law say?
The PECR cover the way organisations send direct marketing by electronic means, including by text message (SMS).
Organisations cannot send you marketing text messages you didn’t agree to receive, unless:
• the sender has obtained your details through a sale or negotiations for a sale;
• the messages are about similar products or services offered by the sender; and
• you were given an opportunity to refuse the texts when your details were collected and, if you did not refuse, you were given a simple way to opt out in all the text messages you received.
The Regulations do not cover marketing text messages sent to business numbers.
The monetary penalty was imposed after an 18-month investigation into the activities of Tetrus Telecoms. The ICO became aware of Tetrus Telecoms after receiving intelligence in May 2011 that the company was sending huge volumes of unsolicited text messages from offices in Stockport and Birmingham, without the consent of the recipient and without identifying the sender – both of which are legal requirements under the PECR. Any replies were then used to generate leads that were sold to other companies at a considerable profit.
The ICO’s investigation included raids at the company’s Stockport premises, in August 2011, and the home of one of the owners of the company, in February this year. The evidence obtained showed Tetrus was using unregistered pay as you go sim cards to send out as many as 840,000 illegal text messages a day with an income of £7,000 - £8,000 a day.
Examples of the text messages sent out by Tetrus Telecoms include:
• CLAIM TODAY you may be entitled to £3500 for the accident you had. To claim free, reply CLAIM to this message. To opt out text STOP. Thank you
• URGENT! If you took out a Bank Loan prior to 2007 then you are almost certainly entitled to £2300 in compensation. To claim reply 'YES'
• You have still not claimed the compensation you are due for the accident you had. To claim then pls reply CLAIM. To opt out text STOP
The company was set up in December 2009, and is believed to have been operational since this time. Tetrus Telecoms’ owners made hundreds of thousands of pounds profit during the course of three years and the ICO has connected Tetrus to over 400 complaints to its office about spam texts. Tetrus Telecoms’ owners (two individuals) have been ordered to pay a penalty of £300,000 and £140,000 respectively.
The Information Commissioner commented: “The two individuals we have served penalties on today made a substantial profit from the sale of personal information. They knew they were breaking the law and the trail of evidence uncovered by my office highlights the scale of their operations.
“We will continue to work with the relevant authorities as well as the network providers to ensure companies like this are punished. We’re also working with the Ministry of Justice to target claims management companies who purchase this information breaching the industry regulations, the Data Protection Act, as well as electronic marketing regulations.
“Our message to the public is that if you don’t know who sent you a text message then do not respond, otherwise your details may be used to generate profits for these unscrupulous individuals. Together we can put an end to this unlawful industry that continues to plague our daily lives.”
Tetrus’ owners are also facing prosecution from the ICO for failing to notify that Tetrus Telecoms was processing personal information. Notification, as readers will be aware, is a legal requirement for organisations under the Data Protection Act, and a failure to notify is punishable by a penalty of up to £5,000 in the Magistrates Court, and a potentially unlimited fine in the Crown Court.
The ICO is currently considering issuing penalties to three other companies for breaching the PECR. These companies have not, as yet, been identified, as this could jeopardize investigations and evidence gathering.
The ICO has issued a warning to companies which have bought data from Tetrus in the past to carefully check that the proper customer consents have been obtained and that, by using that data, they are acting within the law. The ICO is working with the Ministry of Justice to consider whether further enforcement action should be taken against any of these associated companies, including the cancellation of their authorisation to operate.
What is the ICO doing about spam texts?
The ICO reports that, through its intelligence and complaints data, it has established that receiving unsolicited text messages, or spam texts, is one of the biggest concerns to consumers. The majority of texts sent are currently linked to the claims management industry. The ICO feels that this is one of the most challenging issues to investigate.
Between July and September 2012, the ICO analysed data collected from consumers and compiled a list of the type of texts that are causing the most concern, based on the number of complaints received. These are texts relating to:
• accident claims;
• PPI claims; and
• pension reviews.
This analysis has shown that the use of unregistered SIM cards is one of the main methods for the sending of mass SMS messages. The ICO plans to meet with members of the mobile phone industry to discuss strategies for identifying rogue SMS marketers.
About the author
Published: Friday 4th January 2013
Categorised: Information Law