UK Fines Security Firms For Illegal Direct Marketing

By: Charles Rollet, Published on Jan 16, 2019

Two UK security firms have paid over $200,000 in fines for illegally making hundreds of thousands of calls to people registered on a government no-call list.

Some of the calls included dubious claims of local crime waves or “free” equipment with hefty installation prices, according to complaints reviewed by IPVM.

In this note, we examine:

  • Who Was Fined & Why
  • Complaints Reveal Spammy, Misleading Calls
  • Total Fines Paid
  • Why They Thought They'd Get Away with It
  • Response from Government + Firms
  • US Comparison
  • Shady Sales Tactics in Home Security
  • GDPR Context

Because the illegal activity took place before GDPR implementation, the new regulation played no role in this case. However, the fines are a reminder of the legal risks of direct marketing and the possibility of even stricter government enforcement/fines for violations occurring after the GDPR.

Case Background

According to the ICO, the UK government data regulator:

  • A.C.T. Response of Middlesbrough made 496,455 illegal direct marketing calls between January 2017 and February 2018

The calls were made to phone numbers registered with to Telephone Preference Service (TPS), a government registry which bans unsolicited marketing calls.

Neither firm screened the numbers they called up against the TPS registry before making the calls, a practice that is illegal in the UK.

Constant Spammy, Misleading Calls

The calls sparked a flood of complaints to the ICO. Some complaints mentioned that callers from SHS, in particular, made doubtful claims about crime waves and hefty install fees.

ACT Response Complaint:

image

SHS Complaints:

Total Fines Paid

ICO deemed these calls and the companies’ ignoring of hundreds of complaints a clear violation of the Privacy and Electronic Communications Regulations or PECR of 2003.

In October 2018, A.C.T. Response was fined £140,000 (~$180,000) and SHS was fined £80,000 (~$102,000).

By accepting the verdict and paying early, the firms ultimately paid a reduced fine of £112,000 ($143,000) and £64,000 ($82,000) respectively, the ICO confirmed to IPVM.

Both firms ceased all direct marketing calls once the ICO began its investigation, said the ICO.

Why They Thought They'd Get Away With It

A.C.T. Response used a variety of tactics to evade detection, the ICO stated, such as getting its sister company to actually make the calls and telling its cold callers how to deal with people on the TPS list.

According to the ICO, SHS did not use such "deliberate" evasion tactics, although it did find the firm "negligent" for ignoring publicly-available ICO guidance on direct marketing.

Response from ICO

The ICO released a statement about the two cases, warning other companies against such practices:

These fines should set alarm bells ringing and deter marketing companies across all sectors that are contacting people without their consent. It is a company’s responsibility to make sure that it has valid consent to make these calls. The TPS is there for a reason – to protect people’s privacy and ensure that marketing companies obey the law. Marketing companies failing to take the basic step of checking TPS can expect robust enforcement.

Response from Security Firms

IPVM contacted both firms about these fines asking specifically why they decided to rely so heavily on direct marketing, but received no response.

UK Direct Marketing Context

Getting fined for violating the TPS registry is not uncommon in the UK. Just 3 weeks after these fines, the ICO fined two other (non-security) firms for making over 1 million illegal calls to TPS subscribers. However, IPVM couldn't find such fines being applied to other UK security firms recently.

US Comparison

Direct marketing is also regulated by the government in the US, which has a similar list to TPS called the National Do Not Call Registry. Violators of the registry can technically be fined over $40,000 per call by the FTC.

Last spring, the FTC filed charges against Alliance Security Inc., a home security firm, for making "more than a million" unauthorized calls to people on the registry. The case is ongoing but has been temporarily halted due to the government shutdown.

Shady Sales Tactics Not New to Home Security 

In the UK, local authorities in Hampshire County have warned residents against cold calls from unspecified home alarm firms who could be gathering data or selling unnecessary systems. The BBC has also investigated one UK security firm whose salespeople made a number of false claims, including that they had police security clearance.

In the US, the FTC has warned that "Some Home Security Systems May Be Scams", stating that: 

They may use scare tactics. For example, they may talk about a rash of supposed burglaries in your neighborhood.

Direct Marketing and GDPR

Since the security firms’ direct marketing calls took place before GDPR implementation on May 25, 2018, this case was not tried with the new law in force.

However, the case is a good reminder that the GDPR Article 21 establishes a clear right for data subjects to object to direct marketing, stating:

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

That means direct marketing violations taking place after May 25, if done on a particularly egregious scale, could reach the significantly higher monetary penalties levied by the GDPR – a maximum of 4% of annual revenue or 20 million euros ($23 million). That’s something any integrator considering direct marketing should take note of.

Comments (2) : PRO Members only. Login. or Join.

Related Reports

Ireland National Children's Hospital Chooses Hikvision End-to-End With Facial Recognition on Dec 05, 2019
The world's most expensive hospital project ever, the New Children's Hospital in Ireland, has chosen an all-Hikvision surveillance system including...
Ultinous European Analytics Startup Company Profile on Dec 04, 2019
European analytics-startup Ultinous pitches customers to "Have your own video analysis service!" We spoke to Ultinous to better understand their...
Arcules CEO Retracts False GDPR Claim + Dahua and Milestone Claims Examined on Dec 03, 2019
Arcules CEO has retracted a false claim about his organization being a "fully compliant GDPR company" after IPVM reporting (Arcules CEO Threatens...
Freebie Face-Off: Rise of ~$30 Giveaways Examined on Dec 02, 2019
The freebies are growing. Verkada started this (see The Fastest Growing Video Surveillance Sales Organization Ever - Verkada) and now has given...
Arcules CEO Threatens Over "Security Breach" on Nov 25, 2019
An Arcules employee called out a recent 'security breach', however, Arcules CEO disputed this as 'inaccurate' and threatened to sue IPVM. Inside...
France Declares School Facial Recognition Illegal Due to GDPR on Oct 31, 2019
France is the latest European country to effectively prohibit facial recognition as a school access control solution, even with the consent of...
Milestone XProtect 2019 R3 Tested on Oct 30, 2019
Milestone has had problems over the last few years releasing significant new software. Now, in XProtect 2019 R3, Milestone is touting "one search...
Struggling Arcules Changes Chief Revenue Officer on Oct 29, 2019
Canon / Milestone spinout Arcules has struggled, now changing their Chief Revenue Officer, just a year after he came on board. The issue is not...
Hikvision ColorVu is Smart Marketing on Oct 03, 2019
Hikvision ColorVu (see IPVM test results) is smart marketing, a lesson to be learned by competitors and a rising trend. Inside this note, we...
Milestone Has Problems on Oct 01, 2019
Milestone has problems. While the company previously excelled in the shift to IP cameras, as IP has matured and competitive differentiation has...

Most Recent Industry Reports

Video Surveillance 101 Course Opened on Dec 12, 2019
IPVM is adding a Video Surveillance 101 course, designed to help those new to the industry to quickly understand the most important terms,...
Verkada Notification Outage on Dec 12, 2019
Verkada is suffering an event notification outage and analytic search failures. Inside, we examine what the issues are, what Verkada told IPVM...
Hikvision DS 2nd Gen Intercom Tested on Dec 12, 2019
With its newest IP intercom, Hikvision proclaims users can 'get full control over an entrance' regardless of where it is installed, home or office...
Honeywell 30 Series Cameras Tested Vs Dahua and Hikvision on Dec 11, 2019
Honeywell has infamously OEMed Dahua and Hikvision for years, but now they have introduced an NDAA-compliant line, the 30 Series, claiming "lower...
"Good Market, Bad Business Models" - Residential Security on Dec 11, 2019
Industry banker John Mack, at his company's annual event, took aim squarely at the problems in the residential security...
IP Camera Browser Support: Who's Broken / Who Works on Dec 10, 2019
For many years, IP cameras depended on ActiveX control, whose security flaws have been known for more than a decade. The good news is that this is...
Acquisitions - Winners and Losers on Dec 10, 2019
Most major manufacturers have been acquired over the last decade. But which have been good deals or not? In this report, we analyze the...
IP Camera Installability Shootout 2019 - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Uniview, Vivotek on Dec 09, 2019
What are the best and worst cameras to install? Which manufacturers make it the hardest or easiest to install their cameras? We tested 35 total...
Viisights Raises $10 Million, Behavior Analytics Company Profile on Dec 09, 2019
Viisights, an Israeli AI analytics startup marketing "Behavioral Understanding Systems", announced $10 million Series A funding. We spoke to...
Disruptor Wyze Releases Undisruptive Smartlock on Dec 06, 2019
While Wyze has disrupted the consumer IP camera market with ~$20 cameras, its entrance into smart locks is entirely undisruptive. We have...