What Not to Do When the ICO Comes Calling

No one likes spam texts, even when they are done accidentally, or by someone who didn’t “know” they were sending them. In the past year, the ICO has identified and taken action against a variety of companies. Some of them were clearly deliberate violations of the regulations, but quite a few were not.
The most recent example (at the time of this writing), fell into the latter category. The company apparently thought they met the regulatory requirements. But the ICO felt differently. What happened next is the lesson of this blog.
Specifics of the case
Early in January 2016, the ICO began receiving complaints about PRS Media sending unsolicited text marketing messages. The complaints continued through May of that year, totaling 2,629 in five months.
It turned out the company runs a competition and prize draw website that it used to gather mobile numbers for marketing purposes. To enter a competition, a person must agree to their terms, which included statements about receiving marketing messages.
On the surface, that arrangement might sound reasonable. People signed up in order to enter the competition, so they shouldn’t complain about getting the messages, right? But that isn’t what the rules say about SMS marketing.
Based on the complaints, the ICO requested information from the company on their practices and proof that the people they messaged had provided consent. After further investigation, they found that 4.4 million text messages were sent by the company based on their website “consent” to terms and conditions.
Here's where it went wrong
PRS Media ignored the first two requests for information by the ICO. They simply didn’t do anything to address the concerns or complaints received.
Eventually, the ICO was compelled to take the formal route of sending an Information Notice that legally requires organisations to provide the information requested. This time, the company pointed the ICO to their privacy policy and terms and conditions listed on their website.
Later in August and September 2016, the ICO requested more information and never received a response.
As a result, this past March the company was fined £140,000 for sending 4.4 million spam texts.
It didn't have to be this way
Based on the description of how PRS operated it’s SMS marketing, they certainly were going to have some sort of penalty from the ICO. It’s no longer sufficient to have a check box where someone agrees to terms and conditions that they probably never read (does anyone?).
But the Commissioner has many options when it comes to the action it takes against companies. And it seems that many of the decisions (monetary ones especially) come down to how the company handled the problem.
For example, in the Monetary Penalty Notice issued to PRS Media Limited, it specifically states that the breach was not deliberate. In other words, the Commissioner didn’t believe the company was trying to scam or circumvent regulations on purpose. They weren’t following the regulations, but it wasn’t intentional (my interpretation of the notice), though they should have known better.
However, because of how the company responded, the penalty was greater than it might have otherwise been. Here are the “aggravating features” of the case identified in the notice:
“PRS Media Limited failed on two separate occasions to answer requests for information and it required the service of an Information Notice to compel a response.”
and
“The response received from PRS Media Limited to the Information Notice provided unsatisfactory answers to the questions asked and figures provided were at odds with the Commissioners own findings.”
The result of the company’s inaction in response to the ICO requests resulted in the seriously hefty fine.
If it happens to your company
Staying compliant with the regulations isn’t hard. Even though there are changes coming with the GDPR next year, the ICO publishes easy to follow guidance on how to make sure your company stays on track.
But if somehow you end up with spam complaints and a letter from the ICO asking for more information – do everything you can, as fast as you can, to comply with the request. There may be consequences for not doing something correctly, but things will be much worse if you try to hide, ignore or talk your way out of it.
Related Articles
How important is it to run an SMS opt in campaign?
The ONE Thing You Never Want To Do In SMS Marketing
"UK B2C data for SMS marketing" - That was the search result headline I found while researching online. Interesting I thought. It must be relating to SMS marketing statistics for B2C (business to consumer) sales. Since I was searching for some updated information and studies about SMS I decided to click and read.
Be Careful When Reading About Shortcodes and VMNs
When you start using SMS marketing, one of the first decisions you need to make is whether or not you’ll need to get replies. If you do, then you’ll need to decide between shortcodes and a virtual mobile number (VMN, also called longcode). If you don’t, then that’s alright too.
5 Key Points to Ensure Your SMS Marketing is GDPR Compliant
5 Common Questions About SMS Marketing Compliance
Electronic marketing is a tricky thing. There are rules and regulations you need to follow, and it can all seem pretty intimidating at first. To help you get started, I’ve gathered five of the most commonly asked questions about SMS marketing and the regulations and summed them up here.
What Your Customers Want From SMS Marketing
Mobile marketing offers an unprecedented access to your customers virtually any time, anywhere. This is particularly true for SMS marketing because it is “always on”. Customers don’t have to be surfing the web, or using an app to receive messages. Instead, they see the marketing messages right alongside ones from their friends and family.
ICO issues a huge fine for massive illegal SMS campaign
ICO, the Information Commissioner's Office, has recently imposed a huge fine on direct marketing company Help Direct UK for sending illegal SMS messages.
Small Businesses Can Succeed with SMS Marketing
Is SMS marketing a viable strategy for SMEs to grow their businesses? A recent article by a US SMS provider suggests not but we debunk that view. Read how and why Fastsms can help small businesses can succeed with SMS marketing without breaking the bank.
Why You Need a Blacklist and What It Can Teach You
One of the major metrics in SMS marketing is how many people opt in to receive your messages. But there’s a flip side to that metric: how many people opt out. In the ideal world, no one would ever leave your list and instead continue to make purchases or support your organisation for as long as you decide to message them.