Fines for companies breaking anti-spam rules reach new highs

spam email

The Information Commissioners’ Office (ICO) has issued more fines and higher penalties than ever before.

Since August 2015, The ICO has handed out fines of over £8.7 million. 2017 saw an annual increase of 58 per cent in fines issued, a rise from £2.9 million to £4.9 million. A total of 104 organisations have been punished for breaches of data protection or anti-spam regulations.

The ICO has the power to issue fines of up to £400,000 to companies that flout the rules and the evidence suggests that they are increasingly likely to fine companies more heavily.

The Head of Enforcement at the ICO, Steve Eckersley stated: “Companies who pester the pubic must understand they won’t get away with it. The ICO will take action.”

Part of the reason why fines have increased is the improved complaints process on the ICO website. It’s now very straightforward for consumers to complain or raise any concerns. We’re becoming increasingly intolerant of companies that invade our inboxes and are now less likely to ignore unwanted spam.

Highest fines for nuisance phone calls

46 per cent (£4,017,000) of all monetary penalties issued since August 2015 were for spam phones calls.

Automated calling systems have been responsible for blighting the lives of countless consumers on a massive scale.

In May 2017, Keurboom Communications, a company behind a staggering 99.5 million nuisance calls was fined a record £400,000 by the ICO.


Steve Eckersley of the ICO said: “These calls have now stopped but our work has not. We’ll continue to track down companies that blight people’s lives with nuisance calls, texts and emails.”

Data breaches under the spotlight

Companies need to be aware of the risk of being fined for not looking after consumer data adequately. 34 per cent (£2,996,501) of all fines issued since August 2015 were for data breaches, with a total of 41 organisations facing a penalty.

The most notable data breach was by Talk Talk Telecom in October 2016.

They were fined £400,000 for security failings that allowed a cyber attacker to access the personal data of 155959 customers and the bank details of 15656.

Information Commissioner Elizabeth Denham commented:“TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.”

Financial services fined the most

The financial services sector was the worst for receiving ICO fines. The sector received 24 separate penalties since August 2015, accounting for 23 per cent of all fines issued.

Unexpectedly, the charity sector came second in the hall of shame for ICO fines. 11 monetary penalties were handed out, 10.5 per cent of all fines issued.

Punishments to charities were mainly for data breaches, where consumers had not been adequately informed what would happen to their personal data.

The practice of ‘data enriching’ where charities share data to improve their profiling were proven to be illegal unless the consumer understood and agreed to the process.

Average SMS spam fines exceeds £100,000

The average fine for SMS spamming was £108,000. By contrast the average rate for email spam was under half that, at a modest £40,000.

The difference might be accounted for by the level on intrusion that SMS creates compared to email. SMS spam is more intrusive that email spam and is therefore far more likely to generate complaints.

Thanks largely to the efforts of the ICO, SMS spam has reduced massively in recent years. It wasn’t long ago we were pestered by payday loan, PPI and accident claims texts.

A poor outlook for spammers

What this fines data, compiled by The SMS Works, makes very clear is that there is no hiding place for organisations that choose to ignore the rules.

With GDPR coming into effect in May 2018, it’s up to all of us to understand our responsibilities regarding consumer data and take the necessary steps to make sure we’re compliant.

Ignorance of the rules will be no defence.