On 17 December 2018, the Privacy and Electronic Communications (Amendment) Regulations 2018 (“New Regulations”) came into force which gave the Information Commissioner's Office (“ICO”) new powers to fine company directors up to £500,000 for the use of automated calling systems and unsolicited direct marketing.
The New Regulations amended the Privacy and Electronic Communications (EC Directive) Regulations 2003 (“PECR 2003”), under which individuals have specific privacy rights in relation to electronic communications.
In general, the New Regulations prohibit “direct marketing” (i.e. nuisance calls) from claims management services unless the caller is an authorised person or is the trustee or manager of an occupational scheme and either:
- the line called is that of an individual who has previously notified the caller that they consent to such calls being made by the caller on that line; or
- the recipient of the call has an existing client relationship with the caller and the relationship is such that the recipient might reasonably envisage receiving unsolicited calls for direct marketing in relation to occupational schemes and the recipient has been given a simple means of refusing the use of their details for direct marketing purposes.
The New Regulations give the ICO the power to fine the company, its directors, or both, where the breach occurs as a result of action, or inaction, by that officer. Previously, the ICO was only able to take action against the company for breach of unsolicited direct marketing rules.
The ICO is also now able to take action against former directors who are no longer in office (for example, due to resignation), as long as they were a director at the relevant time of the breach. These steps are viewed as making it harder for the individual who has breached the law to set up a new company and carry out similar activities.
These rules operate alongside the Insolvency Service’s existing director disqualification regime, which means that senior officials can also be disqualified from being a director if they are found to be in breach of the rules.
It is clear that breaches of PECR 2003 should now be a boardroom matter and therefore directors have to ensure that they take a robust approach in relation to compliance with the New Regulations in order to avoid being held personally liable.