£120,000 ICO fine allegedly based on inaccurate information

The fined company was accused of working with a third-party to distribute more than four million unsolicited text messages

ICO logo

A Payment Protection Insurance (PPI) compensation company based in Manchester has been fined 120,000 by the ICO for sending more than four million unsolicited direct marketing text messages, but the company claimes the watchdog's report was based on inaccuracies.

The ICO's enforcement notice claims Hall and Hanley used a third-party company to send 4,883,167 text messages between 1 January 2018 and 26 June 2018.

The total amount of messages actually received was 3,560,211 and these were enough to spark well-over a thousand complaints issued to the data protection watchdog.

One complaint read: "I have not given this company any of my personal information. I have never had any contact with this company. Receiving text messages like this is very concerning as I don't know what other information they have on me, or where they got this information".

The text message recipients' data that was used by the third-party direct marketing distributor was taken from four websites: getyaoffers.co.uk, petesdeals.co.uk, prizereactor.co.uk, and myloanoffers.co.uk.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The ICO then reviewed the privacy policies of these websites to determine whether Hall and Hanley was listed as a third-party recipient of the sites' user details - this is where the disagreement lies.

The ICO claims that out of the four companies, Hall and Hanley was named as a third party in just two of the privacy policies and in those, subscribers had no option to select which third-party received their details.

"It does not appear that potential subscribers were provided with an option to select which of the many listed third parties they may wish to receive marketing about, or the method by which they would wish to receive any marketing," read the ICO enforcement notice. "It also appears to be the case that consent to third-party marketing was a necessary condition of subscribing to the services offered by these sites."

Since issuing the report, Hall and Hanley has told IT Pro that the aforementioned information in the enforcement notice is incorrect and that the company was in fact, listed in all four policies but later removed because of changes made to the websites' policies following GDPR's implementation.

"We have provided the ICO evidence of this, and also a letter personally written from the owners of the other 2 websites proving this," said Peter Carpenter, compliance at Hall and Hanley. "They have completely ignored our representations and facts on these matters."

Advertisement - Article continues below

Carpenter added: "We are appealing this and are confident this will be overturned." 

After contacting the ICO about the claims made by Hall and Hanley, questioning the alleged inaccuracies in the enforcement notice, IT Pro was issued with a response that glossed over the question and re-iterated the sections of the enforcement notice that have been questioned by the PPI compensation company.

We have since pressed the ICO for a more succinct response in relation to the claims made by Hall and Hanley, but declined to comment further.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/data-insights/data-management/354423/eu-us-data-transfer-tools-used-by-facebook-ruled-legal
data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020