Are We Heading Towards Personal Liability for Data Protection Breaches?
18 October 2016
A couple of weeks ago I heard Stephen Eckersley, the ICO’s Head of Enforcement being put on the spot on Radio 4 about the number of the fines imposed by the ICO that have gone unpaid. This isn’t a problem with what might be considered the more reputable businesses that pay up when fined but it is a problem with those that deliberately sail close to the wind, particularly when making marketing calls or sending texts.
The ICO’s fines have been substantial – up to £350,000 in some cases involving calls and texts – but arguably they are ineffective if they don’t get paid. The problem is that fines are imposed against businesses and businesses can duck and dive to avoid paying up. The ICO isn’t well set up to chase those who default on their fines and, in any case, businesses can ultimately be closed down without settling their debts. It’s then not unknown for those behind a business that has been fined and then wound up to re-emerge in the guise of a new business adopting much the same unlawful marketing practices that led to the original fine.