Unsolicited text messages and emails are a modern scourge. However, one case in which a company was fined £70,000 in respect of 2.2 million direct marketing texts sent in little more than six months showed that complaints from the public will not go unheard.
The company specialised in generating ‘leads’ and ‘matching’ those in need of credit to lenders. However, the Information Commissioner’s Office (ICO) had received more than 90 complaints from members of the public and an investigation revealed the scale of the company’s breaches of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
The company explained that the messages had been sent on its behalf by an agent and that it had obtained name and phone number details from a third party supplier. However, in imposing the financial penalty under the Data Protection Act 1998, the ICO’s head of enforcement noted that direct marketing texts can generally only be sent to people who specifically consent to receiving them.
The company’s breaches had not been deliberate but were nevertheless serious in that it ought to have realised that there was a real risk of the law being broken. When obtaining contact lists it was not good enough simply to rely on a provider’s assurances and the company was under a duty to employ due diligence in ensuring that consent from recipients had been validly obtained.