Personal liability for data protection fines!
From spring 2017, company directors may find themselves personally liable for fines if their companies make nuisance calls or send spam texts in breach of data protection and privacy legislation.
At the moment, the Information Commissioner’s Office (the ICO) can only fine companies, not individuals within the company, for non-compliance with data protection legislation. There have been circumstances where, to avoid the fines, the non-compliant company has gone bust and a new company has later reappeared with the same directors. The change in law will close this loophole. Responsibility for compliance with data protection and privacy laws will stay with the directors of the non-compliant company regardless of whether the company continues to exist or not.
As it stands, the ICO can issue fines of up to £500,000. The ICO has shown that it isn’t shy in exercising its powers. In September alone, the ICO issued a number of fines ranging from £30,000 to £130,000 for nuisance calls and spam texts, which are not insignificant amounts. The level of fine depends on the number of unwanted communications that were sent, how frequently they were sent and the extent to which the company ignored warnings by the ICO for non-compliance. The last couple of months have also seen a fine of £400,000 issued against TalkTalk for TalkTalk’s failure to comply with data protection legislation. To find out more, read our update on this.
Data protection, privacy and how information is handled is becoming more prominent in terms of public policy. 2018 sees the biggest change to data protection law in a generation, not least with fines increasing to a maximum of 4% of worldwide turnover. Until then, we expect to see an increase in the fining activities of the ICO under existing legislation. There is no better time than now to ensure that your company’s direct marketing practices are compliant with existing data protection and privacy laws, especially given that responsibility for any fines will lie, going forward, with the board as well as the company.
If you want to discuss direct marketing and privacy law in more detail, please give Matthew Holman a call.