£120,000 ICO fine allegedly based on inaccurate information

The fined company was accused of working with a third-party to distribute more than four million unsolicited text messages

ICO logo

A Payment Protection Insurance (PPI) compensation company based in Manchester has been fined 120,000 by the ICO for sending more than four million unsolicited direct marketing text messages, but the company claimes the watchdog's report was based on inaccuracies.

The ICO's enforcement notice claims Hall and Hanley used a third-party company to send 4,883,167 text messages between 1 January 2018 and 26 June 2018.

The total amount of messages actually received was 3,560,211 and these were enough to spark well-over a thousand complaints issued to the data protection watchdog.

One complaint read: "I have not given this company any of my personal information. I have never had any contact with this company. Receiving text messages like this is very concerning as I don't know what other information they have on me, or where they got this information".

The text message recipients' data that was used by the third-party direct marketing distributor was taken from four websites: getyaoffers.co.uk, petesdeals.co.uk, prizereactor.co.uk, and myloanoffers.co.uk.

The ICO then reviewed the privacy policies of these websites to determine whether Hall and Hanley was listed as a third-party recipient of the sites' user details - this is where the disagreement lies.

The ICO claims that out of the four companies, Hall and Hanley was named as a third party in just two of the privacy policies and in those, subscribers had no option to select which third-party received their details.

"It does not appear that potential subscribers were provided with an option to select which of the many listed third parties they may wish to receive marketing about, or the method by which they would wish to receive any marketing," read the ICO enforcement notice. "It also appears to be the case that consent to third-party marketing was a necessary condition of subscribing to the services offered by these sites."

Since issuing the report, Hall and Hanley has told IT Pro that the aforementioned information in the enforcement notice is incorrect and that the company was in fact, listed in all four policies but later removed because of changes made to the websites' policies following GDPR's implementation.

"We have provided the ICO evidence of this, and also a letter personally written from the owners of the other 2 websites proving this," said Peter Carpenter, compliance at Hall and Hanley. "They have completely ignored our representations and facts on these matters."

Carpenter added: "We are appealing this and are confident this will be overturned." 

After contacting the ICO about the claims made by Hall and Hanley, questioning the alleged inaccuracies in the enforcement notice, IT Pro was issued with a response that glossed over the question and re-iterated the sections of the enforcement notice that have been questioned by the PPI compensation company.

We have since pressed the ICO for a more succinct response in relation to the claims made by Hall and Hanley, but declined to comment further.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Four tips for keeping your business secure during mass remote work
data protection

Four tips for keeping your business secure during mass remote work

19 Feb 2021
Cost of a data breach report 2020
Whitepaper

Cost of a data breach report 2020

2 Feb 2021
10 ways to protect your company from the next big data breach
data breaches

10 ways to protect your company from the next big data breach

28 Jan 2021
Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021

Most Popular

How to build a CMS with React and Google Sheets
content management system (CMS)

How to build a CMS with React and Google Sheets

24 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
Oxford University COVID lab falls victim to hackers
hacking

Oxford University COVID lab falls victim to hackers

26 Feb 2021