By Bonnie Drury and Ezra Steinhardt
On 28 November 2012, following an 18-month investigation, the UK Information Commissioner’s Office (ICO) announced that it had fined the joint owners of Tetrus Telecoms (Tetrus) a total of £440,000 under the Privacy and Electronic Communications Regulations (PECR). The fine penalized Tetrus for sending millions of unsolicited text messages promoting opportunities to claim compensation for personal injury and mis-sold payment protection insurance (PPI).
In breach of the PECR, Tetrus (according to the ICO) failed to obtain consent from the recipients of the text messages and failed to identify itself as the sender. The ICO explained in its press release that Tetrus used any replies to its messages to generate business by selling respondent contact information to third party legal services providers.
In addition to the fines for breaching the PECR, Tetrus’ joint owners, Christopher Niebel and Gary McNeish, may also face prosecution for failing to register Tetrus with the ICO as a data controller (as required by the Data Protection Act 1998, given that Tetrus was collecting and processing personal data).
This is the first time that the ICO has used its power (which entered into force in January 2012) to issue a fine for a serious breach of the PECR. In a statement, the Information Commissioner, Christopher Graham, said: “The public have told us that they are distressed and annoyed by the constant bombardment of illegal texts and calls and we are currently cracking down on the companies responsible, using the full force of the law”.