Amber UPVC Fabrications fined £50,000 by ICO for cold calling
Article added: 27/05/2015
The ICO makes its point very clear...
The ICO said that due to the nature of the business of Amber Windows and the fact that it relied heavily on telemarketing, and the fact that the issue of unsolicited calls was widely publicised by the press as being a problem, it is reasonable to suppose that they should have been aware of their responsibilities in this area and aware that there was a high risk of contravention.
The ICO also said that it was a necessary step for a business involved in direct marketing to ensure that it had access to a monthly update of the TPS list which is updated as consumers apply to be registered. Furthermore, the business should hold a ‘suppression list’ of those consumers who had informed it directly that they do not wish to receive direct marketing calls, commonly referred to as a Do Not Call (DNC) list, from them again.
Therefore, it is a necessary step for businesses involved in telesales to make arrangements to ensure that they do not make direct marketing calls to those consumers who have subscribed to TPS or who have asked the business not to contact them again.
Vince Costa-Barnett, Director of TPS Services said:
“This case is a little old now, but somehow it slipped through the net and missed our news blog. Ordinarily, having missed it at the time, we'd just pass it over. However, it's absolutely relevant to the changes that came into play on 6th April 2015 as regards:”
- Screening your data against the TPS
- Operating a Do Not Call (DNC) list
- Since the changes on 6th April 2015, Amber UPVC would not have had grounds to appeal now that the law has been changed as the ICO no longer has to prove 'substantial' distress or damages only annoyance, inconvenience or anxiety.
“Buckle up people...if you're not TPS Screening and running a Do Not Call (DNC) list then telemarketing just got a whole lot more serious for you and your business!”
Amber UPVC Fabrications sells UPVC windows to consumers, relying primarily on telemarketing in order to increase its sales and brand awareness. Over a 2 year period, between May 2011 and April 2013, the company made over four million telephone calls, of which the majority were marketing calls.
Having received complaints from a number of consumers, the ICO launched an investigation and found that a large number of calls made were in contravention of the Privacy and Electronic Communications Regulations 2003 (PECR).
The PECR contains a number of restrictions on direct marketing. One requirement is that individuals who have registered with the Telephone Preference Service (TPS), the UK's official do-not-call registry, are not to be contacted for the purposes of live unsolicited marketing by telephone unless they have notified the caller that they do not object to such calls being made.
Telemarketers are legally required to check the TPS to ensure that they do not call individuals appearing on the register.
An important point about the Amber UPVC case is that Amber were warned on at least two occasions by the ICO about calling people registered on the TPS, but failed to put in place proper TPS Screening procedures and continued to breach the regulations because of it.
Amber UPVC Monetary Penalty Notice as issued by the ICO
(Key areas highlighted for easy reading)
Download the Notice
The ICO moves to clamp down on cold callers breaching TPS
The ICO has the power to issue monetary penalty notices of up to £500,000 against those who contravene the PECR and/or the Data Protection Act 1998.
Historically, this required the ICO to prove that either substantial damage or substantial distress was deliberately caused to the recipient (or that the breaching party must have known that there was a risk of a contravention likely to cause substantial damage or distress but failed to take preventative steps such as TPS screening its calling data).
In the case of Amber UPVC, the ICO found that a number of calls made by Amber were in contravention of the PECR, citing 524 unsolicited calls in particular. As such, a monetary penalty notice was issued against Amber for £50,000. Amber appealed this decision on the basis that the breach was not serious, it was not of a kind likely to cause substantial distress and that the size of the penalty was disproportionate, particularly given that Amber had subsequently made improvements to its systems.
Vince Costa-Barnett, Director of TPS Services said:
“It's important to remember that from 6th April 2015, the test of substantial damage or distress will no longer apply and the ICO will be able to levy fines for simply causing annoyance, inconvenience or anxiety.”
The ICO denied Amber UPVC's appeal.
The ICO did not accept Amber's arguments that live sales calls were less (or not more) intrusive than SMS; live calls demand immediate intention and, in cases where the recipient is registered with the TPS, an unsolicited marketing call would defeat the recipient's expectation that the incoming call would not be this type of communication.
The ICO decided that when hundreds of people who are on the TPS receive unsolicited marketing calls, there is a very significant risk that such calls could cause substantial distress. Amber could not provide sufficient explanation for the flaws in its practices, such as the failure to screen it's data against the TPS or the lack of training and materials given to sales staff regarding the requirements of the PECR / TPS.
Stupidly, even after the fine was issued by the ICO, Amber continued to contravene the TPS and, at the time of the hearing, Amber had still not implemented formal procedures for how the telesales representatives were supposed to deal with those people who informed them that they were registered with the TPS.
As such, the ICO did not consider the penalty to be disproportionate and therefore upheld the full £50,000 amount.
Why this matters:
This decision emphasises the importance of compliance with the PECR, and particularly the requirement for telemarketers to screen their databases against the TPS. Additionally, such organisations should maintain their own Do Not Call (DNC) lists if individuals inform them that they do not wish to be contacted.
The ICO has made it clear that it will clamp down on businesses which breach these rules.