The government has delivered an early Christmas present to insurers by virtue of the Privacy and Electronic Communications (Amendment) Regulations 2018, which came into force today (17th December).
The rules give the Information Commissioner’s Office (ICO) new powers to fine company directors up to £500,000 for breaches of the Privacy and Electronic Communications Regulations (PECR).
This development gives the ICO real teeth when tackling abuses of the restrictions on cold-calling by claims management companies (CMCs), which came into effect in September. Previously it was possible for the controlling minds of a CMC under attack from the ICO to close it down, only for the same individuals to resurface behind a new company.
The new rules will give the ICO scope to fine the company, its directors, or both. This will allow the ICO to hold individual directors to account where the company fails to pay the fine or is placed into liquidation; and where the individual is no longer in a senior position.
The rules provide that where a monetary penalty notice has been served on a CMC, the ICO may also serve a monetary penalty notice on an officer of the body if the ICO is satisfied that the contravention in respect of which the monetary penalty notice was served on the body—
(a) took place with the consent or connivance of the officer, or
(b) was attributable to any neglect on the part of the officer.
‘Officer’ is defined as “a director, manager, secretary or other similar officer of the body or any person purporting to act in such capacity”.
Not only has it become much more difficult for CMCs to make unsolicited telephone calls or to send unsolicited text messages to potential claimants, but those behind such activities will find it much harder to wind up one company with a view to evading any form of personal liability. The challenge to the ICO will be uncovering the most aggressive CMC operators who use others to front their activities in the hope that they can continue to trade undetected.