Following an investigation by the ICO (Information Commissioner’s Office) and an unpaid fine for breaching the PECR (Privacy and Electronic Communications Regulations), a Manchester-based business has, on the ICO’s petition, been wound up and, following an investigation by the Insolvency Service, its director has been banned from forming or managing an organisation in the next four years.
Keith Hancock, the director of Lad Media, “played a central role” in spamming thousands of people with text messages containing marketing material, many of whom had withdrawn their consent to receive such messages.
The ICO reports that the lead generation and data brokerage business sent 393,000 messages in total. More than a hundred people complained, citing distress and harassment.
The PECR cover several areas, including electronic marketing, cookies and the security of public electronic communication services. It also prohibits organisations from sending electronic communications without first gaining recipients’ consent.
A recent amendment to the PECR gave supervisory authorities to issue fines of up to £500,000 directly to directors. However, that addition took effect after the investigation into Hancock and Lad Media began, meaning it couldn’t be applied.
Nonetheless, the punishment has proven costly. Not only was Hancock banned from senior management roles, but Lad Media received a fine of £20,000, which it refused to pay, ultimately leading to a winding-up order.
Commenting on the incident, David Brooks, Chief Investigator for the Insolvency Service, said: “There is clear guidance on the internet about what communications you can send to people when it comes to marketing so there is no excuse about not knowing what your responsibilities are.
“Keith Hancock clearly failed to ensure Lad Media carried out sufficient checks on who was being sent direct marketing, even if it was done by a third party, and thanks to the joint work with the ICO, we have secured a ban appropriate for the seriousness of the offence.”
Do you meet the requirements of the PECR?
This incident is a timely reminder that organisations must pay attention to the PECR. It has become neglected in the past year or so, with the GDPR (General Data Protection Regulation) dominating the data protection landscape. But violations of privacy laws can be just as damaging.
Those looking to assess their compliance status should conduct a PECR audit, a service provided by our sister company, GRCI Law.
Our team of privacy and security experts will help you address the nine key areas of PECR compliance. They begin by asking you in-depth questions to identify your organisation’s areas of risk, vulnerabilities and threat exposure.
With that information, we provide you with recommendations for improvement, and confirm key areas that are already in line with PECR standards. Where possible, information and guidance will be provided where supporting law is not in place.