The Information Commissioner’s Office (ICO) has taken enforcement action against Our Vault Limited in Chorley, Lancashire, and Horizon Windows Limited in Swansea.
Both firms were making unsolicited nuisance phone calls to people who had registered with the Telephone Preference Service (TPS) and had not consented to being contacted by the companies. This represents a violation of Regulation 21 of the Privacy and Electronic Communications Regulation (PECR), punishable by a fine of up to £500,000.
We continue to target the companies and individuals responsible and hold them to account, but we can’t crack down on these organisations without the public’s help.
– Steve Eckersley, Head of Enforcement, Information Commissioner’s Office
Our Vault Limited had made 55,534 unsolicited marketing calls, and Horizon Windows made 104. Enforcement Notices were issued to both, and Our Vault Limited was fined £70,000.
“Both of these firms have shown disrespect for the law and people’s privacy,” said ICO Head of Enforcement Steve Eckersley. “Our Vault Ltd made more than 55,500 direct marketing calls to people who had made clear that they did not want to receive them. This is unacceptable and it is against the law. In one instance, a gentleman was contacted 19 times, despite letting them know he wasn’t interested.”
A total of 179 complaints were made to the ICO and TPS about Our Vault Ltd before the ICO first contacted the company about its compliance with PECR in February 2016. Between April 2016 and April 2017 a further 77 complaints were submitted.
It was also found that once phone numbers had been added to the company’s database they were not screened against the TPS register, and that the company had never held or requested a TPS license.
Eckersley added: “We continue to target the companies and individuals responsible and hold them to account, but we can’t crack down on these organisations without the public’s help. I’d urge anyone who has been targeted by nuisance calls, emails or texts, to report them to the ICO.”
Although the recent GDPR ‘deadline’ drew a lot of media attention and led many companies to rush to become compliant, PECR remains relatively overlooked.
While there is some overlap between GDPR and PECR, companies considering themselves safe in the knowledge that they are GDPR-compliant should not forget to ensure they’re also compliant with PECR.