Can Managers be fined for TPS Breaches? Possibly!
It’s safe to presume regardless of your job title that you tend to accept and obey the instructions of your superiors (managers, directors) right? What if following those instructions could make you personally liable for the company’s actions?
We’ve all been in the scenario where we question what we’re being asked to do. Questioning if something should or should not be done, even when we wrestle with our conscious we tend to accept any repercussions will fall on ’them’ and not you. WRONG. Changes in PECR (Dec 2018) now give the ICO the power to issue fines to employees deemed to be in a job position of authority (managers for example) not just Directors.
Companies are still breaching PECR by calling people registered on the TPS. It’s a relatively easy thing to avoid by simply screening your data every 28 days against the TPS, CTPS or FPS before making calls.
Some companies simply don’t care, some think that because people registered on the TPS receive so few marketing calls that “they’ll be ok with the odd sales call“ and be modestly receptive to it and so much so that it would be worth the risk.
Sometimes directors will justify this with an explanation like “we hardly get any complaints“, “we’ve dialled over 500,000 numbers and not had a single complaint“ or “the conversions are good which shows these people do in fact want what we’re selling, so it’s worth it“.
However, it is not that simple and it really isn’t worth it!
When people make complaints, they rarely make them directly to the company who called them as they don’t think that will work. Consumers see so much press about people complaining directly to the companies calling them and asking them to stop calling, but they don’t.
Instead they take matters into their own hands and as an act of revenge and frustration they report them straight to the regulators.
December 2018 PECR Amendment
The problem this creates for businesses is that they don’t know that people are complaining and therefore they can’t react and make changes. What ends up happening is that the ICO will pop their heads up 12-24 months after the fact (once they’ve collected enough complaints) and subsequently throw the book at you.
What happens normally when the ICO conduct an investigation?
Normally, when the ICO conduct an investigation they will write to the company explaining the regulations, the ICO’s powers and then go on to request further information.
This process will take place under the instructions of the directors and stay here.
On the face of it, it could be mistaken for a simple enquiry.
The key is in the reference number. If it says something like “ENF0123456“ then it’s the enforcement team that is making the enquiry and they usually intend to get a result. So it is serious.
The business and the ICO will then exchange letters over a period months, sometimes extending beyond a year or even two. This something’s places businesses under a false sense of urgency. The ICO is often so slow that it’s easily misinterpreted that their enquiry is not ’major’ on the basis that if it were they’d be jumping up and down about it more. Don’t be fooled.
The ICO have been known to take over a year to respond, with notice of a fine!
Eventually the ICO will write to the business with their decision. If they intend to issue a fine they will say so, how much and the fact that the business has 28 days to file an appeal.
Remember: The ICO can levy fines of up to £500,000 and whilst you’d have to seriously breach PECR to find yourself with a fine of that size, how does £50,000 sound? £20,000? It’s simply not a joke anymore!
What might happen now, with managers I mean?
Now that the ICO has these additional powers the process will remain fundamentally the same, but it won’t be the same.
YouTube has hundreds of thousands of videos on police overstepping their authority. Ordinary people are fighting back with mobile phone cameras and in many cases their footage has been their saving grace. The point being that people in authority don’t always act fairly, reasonably and within that authority and the average person has very few ways of fighting back.
So managers can expect that the risk of being threatened with a personal fine by the ICO is significant. If the ICO feels that the business is not co-operating in the way it wishes then it may very well just decide that you “the Manager“ are a softer target and you may very well find yourself in a David and Goliath situation with the ICO threatening to pursue you personally as a senior person responsible within the business.
If they do, they will be ruthless.
Make no mistake, the ICO have both the means and the resources to turn your life upside down and they won’t care about the fact that you’re not the director, nor the owner, nor the person who ultimately benefitted (probably) from breaching the regulations.
TPS Services Vince Costa-Barnett said:
“It’s difficult to fully comprehend what it’s like to have someone like the ICO threaten you.
Here’s only one thing to say for sure, if they ever do you’ll wish you’d done things differently, but it will be too late by then
I imagine the ICO will not rush to “go for gold“ just yet, but they will. It’s just a matter of time or if the right opportunity arises sooner.
Just don’t be that opportunity. Screen your data and its one less thing to worry about.“