£120,000 ICO fine allegedly based on inaccurate information

The fined company was accused of working with a third-party to distribute more than four million unsolicited text messages

ICO logo

A Payment Protection Insurance (PPI) compensation company based in Manchester has been fined 120,000 by the ICO for sending more than four million unsolicited direct marketing text messages, but the company claimes the watchdog's report was based on inaccuracies.

The ICO's enforcement notice claims Hall and Hanley used a third-party company to send 4,883,167 text messages between 1 January 2018 and 26 June 2018.

The total amount of messages actually received was 3,560,211 and these were enough to spark well-over a thousand complaints issued to the data protection watchdog.

One complaint read: "I have not given this company any of my personal information. I have never had any contact with this company. Receiving text messages like this is very concerning as I don't know what other information they have on me, or where they got this information".

The text message recipients' data that was used by the third-party direct marketing distributor was taken from four websites: getyaoffers.co.uk, petesdeals.co.uk, prizereactor.co.uk, and myloanoffers.co.uk.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The ICO then reviewed the privacy policies of these websites to determine whether Hall and Hanley was listed as a third-party recipient of the sites' user details - this is where the disagreement lies.

The ICO claims that out of the four companies, Hall and Hanley was named as a third party in just two of the privacy policies and in those, subscribers had no option to select which third-party received their details.

"It does not appear that potential subscribers were provided with an option to select which of the many listed third parties they may wish to receive marketing about, or the method by which they would wish to receive any marketing," read the ICO enforcement notice. "It also appears to be the case that consent to third-party marketing was a necessary condition of subscribing to the services offered by these sites."

Since issuing the report, Hall and Hanley has told IT Pro that the aforementioned information in the enforcement notice is incorrect and that the company was in fact, listed in all four policies but later removed because of changes made to the websites' policies following GDPR's implementation.

"We have provided the ICO evidence of this, and also a letter personally written from the owners of the other 2 websites proving this," said Peter Carpenter, compliance at Hall and Hanley. "They have completely ignored our representations and facts on these matters."

Advertisement - Article continues below

Carpenter added: "We are appealing this and are confident this will be overturned." 

After contacting the ICO about the claims made by Hall and Hanley, questioning the alleged inaccuracies in the enforcement notice, IT Pro was issued with a response that glossed over the question and re-iterated the sections of the enforcement notice that have been questioned by the PPI compensation company.

We have since pressed the ICO for a more succinct response in relation to the claims made by Hall and Hanley, but declined to comment further.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/backup/33385/arcserve-udp-9240dr-review-beef-up-your-backups
backup

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/operating-systems/microsoft-windows/354297/this-exploit-could-give-users-free-windows-7-updates
Microsoft Windows

This exploit could give users free Windows 7 updates beyond 2020

9 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019