The UK Government has just announced plans to introduce laws from Spring 2017 to hold directors of organisations personally liable for breach of electronic direct marketing laws contained within the Privacy and Electronic Communications Regulations (PECR). The Information Commissioner’s Office (ICO) commented that the new law will stop directors “leaving by the back door as the regulator comes through the front door”.
At the moment, only organisations are subject to ICO fines, and some organisations have avoided paying fines by going into liquidation while subject to ICO enforcement action. It has been reported that since April 2015, the ICO has issued twenty-seven fines amounting to £2.7m but only six have been paid in full.
The UK Government intends to address this by amending PECR to allow the ICO to fine directors up to £500,000 for breach if their organisations are found to be in breach of PECR. If organisations have more than one director, then each director may be liable to pay an individual fine. The fines imposed on directors will be in addition to fines issued against the organisations.
The ICO will take an evidence-based approach when setting the level of fines and determining whether fines will apply to organisations, their directors or both.
What does PECR say?
An organisation cannot send unsolicited electronic direct marketing communications (i.e. e-mail, text, fax or automated calls) to an individual, unless that individual has agreed to receive them or there is a pre-existing customer relationship between the organisation and the individual. The organisation must also provide the individual with an opportunity to opt out of receiving future electronic communications and maintain suppression lists so that opted out individuals do not continue to receive communications.
Unsolicited direct marketing calls may be made to an individual, unless the individual has either notified the organisation that s/he does not wish to receive calls or the individual’s telephone number is listed on the TPS or Telephone Preference Service (although a TPS registered individual may agree to receive calls from specific organisations). The TPS is a statutory “do not call” register maintained by OFCOM. An organisation intending to make direct marketing calls can purchase a list of TPS numbers from OFCOM