Unsolicited marketing messages are a modern scourge that causes upset to millions. However, in a case that showed that the authorities are far from powerless to deal with such abuses, a claims management company that sent more than 2.2 million texts received fines totalling £130,000.
The company was responsible for a deluge of texts that offered assistance in making payment protection insurance (PPI) mis-selling claims. It received an £80,000 fine after the Information Commissioner found that it was responsible for serious breaches of the Data Protection Act 1998.
That was not the end of the matter and, following further proceedings under the Compensation (Claims Management Services) Regulations 2006, the Secretary of State for Justice imposed another £50,000 penalty on the basis that the company had failed to exercise due diligence in ensuring that referrals, leads and personal data had been obtained in accordance with the rules.
In challenging that penalty before the First-tier Tribunal (FTT), the company argued that it had effectively been punished twice for the same transgression. When setting the amount of the fine, the Secretary of State had failed to consider the combined effect of the penalties and their likely impact on the company’s business.
In dismissing the appeal, however, the FTT noted that the two penalties had been imposed under entirely separate regulatory regimes. The Information Commissioner had focused on the fact that millions of unsolicited texts had been sent, whereas the Secretary of State had highlighted the plainly misleading contents of some of them.
The company’s defaults were neither technical nor administrative and its lack of due diligence was illustrated by the fact that it had no idea how many of the texts contained misleading statements. The company had a turnover of over £1 million and would be able to cope with the burden of paying both penalties.