âCustodial sentences should be the penalty for the worst and repeat offendersâ

DMA calls for custodial sentences to be introduced for the worst breaches of data protection law

Today the DMA, the UK trade association for the one-to-one marketing industry, is calling for custodial sentences to be made available to punish those that repeatedly breach data protection laws by making illegal nuisance calls.

The Information Commissioner’s Office (ICO) recently announced that from spring 2017 it would be able to hold rogue directors personally responsible for breaches under the Privacy and Electronic Communications Regulations (PECR). Creating a powerful deterrent to those considering flagrantly breaking the rules to turn a profit by making the directors of these rogue companies liable for fines up to £500,000 each.

According to figures from Which? earlier this year, the ICO has collected just four out of 22 fines in full that it issued over the past 12 months, with many companies going into liquidation to avoid paying. While the new measure for personal director responsibility is a step in the right direction, the DMA is calling for Government to go one step further and bring in custodial sentences for the worst breaches of data protection law, to ensure that those responsible for nuisance calls and spam texts are held to account.

Chris Combemale, CEO at the DMA Group, says, “It should come as no surprise that individuals willing to skirt the law when it suits them are also ready to do the same to avoid paying their debts. That’s why the powers of the ICO have recently been extended to also allow it to fine the directors that set up multiple companies to avoid justice. We wholeheartedly support the extension of fines to the individuals that are behind the rogue businesses, but for the worst and repeat offenders we believe the penalties should extend to custodial sentences as well. The Justice Secretary has the powers, which were introduced in the wake of the phone hacking scandal, but it's now time they were used.”

Unfortunately, the new rules invoked by the Government for personal director responsibility relates only to breaches under PECR and not the Data Protection Act 1998 (DPA). The root of the problem is bad data, with illegal nuisance calls and spam texts being a symptom of rogue companies breaking the law by using this bad data.

That’s why the DMA is asking for custodial sentences for the worst breaches of data protection law to get to the root of the problem, echoing calls from the ICO, which also supports the introduction of custodial sentences. The Justice Secretary has power under the Criminal Justice and Immigration Act 2008 to introduce a new statutory instrument, but it requires a positive vote in both Houses of Parliament to allow custodial sentences for breaches of Section 55 of the DPA.

Giving evidence to the Digital Economy Bill Committee, Information Commissioner Elizabeth Denham, said: “Yes, I would support extending liability and accountability to directors. Our office has issued fines that totalled about £4 million in the last year, but the problem is that we have been able to collect only a small proportion of those fines because companies go out of business and, as in a game of whack-a-mole, appear somewhere else. It is important for us to be able to hold directors to account for serious contraventions.”

Combemale concludes: “The introduction of custodial sentences is the next step in the campaign against nuisance calls and spam texts. The individuals profiting from these rogue businesses may well think twice about breaking data protection law if there is a real threat that they may go to prison for it.”