UK Fines Security Firms For Illegal Direct Marketing

By: Charles Rollet, Published on Jan 16, 2019

Two UK security firms have paid over $200,000 in fines for illegally making hundreds of thousands of calls to people registered on a government no-call list.

Some of the calls included dubious claims of local crime waves or “free” equipment with hefty installation prices, according to complaints reviewed by IPVM.

In this note, we examine:

  • Who Was Fined & Why
  • Complaints Reveal Spammy, Misleading Calls
  • Total Fines Paid
  • Why They Thought They'd Get Away with It
  • Response from Government + Firms
  • US Comparison
  • Shady Sales Tactics in Home Security
  • GDPR Context

Because the illegal activity took place before GDPR implementation, the new regulation played no role in this case. However, the fines are a reminder of the legal risks of direct marketing and the possibility of even stricter government enforcement/fines for violations occurring after the GDPR.

Case Background

According to the ICO, the UK government data regulator:

  • A.C.T. Response of Middlesbrough made 496,455 illegal direct marketing calls between January 2017 and February 2018

The calls were made to phone numbers registered with to Telephone Preference Service (TPS), a government registry which bans unsolicited marketing calls.

Neither firm screened the numbers they called up against the TPS registry before making the calls, a practice that is illegal in the UK.

Constant Spammy, Misleading Calls

The calls sparked a flood of complaints to the ICO. Some complaints mentioned that callers from SHS, in particular, made doubtful claims about crime waves and hefty install fees.

ACT Response Complaint:

image

SHS Complaints:

Total Fines Paid

ICO deemed these calls and the companies’ ignoring of hundreds of complaints a clear violation of the Privacy and Electronic Communications Regulations or PECR of 2003.

In October 2018, A.C.T. Response was fined £140,000 (~$180,000) and SHS was fined £80,000 (~$102,000).

By accepting the verdict and paying early, the firms ultimately paid a reduced fine of £112,000 ($143,000) and £64,000 ($82,000) respectively, the ICO confirmed to IPVM.

Both firms ceased all direct marketing calls once the ICO began its investigation, said the ICO.

Why They Thought They'd Get Away With It

A.C.T. Response used a variety of tactics to evade detection, the ICO stated, such as getting its sister company to actually make the calls and telling its cold callers how to deal with people on the TPS list.

According to the ICO, SHS did not use such "deliberate" evasion tactics, although it did find the firm "negligent" for ignoring publicly-available ICO guidance on direct marketing.

Response from ICO

The ICO released a statement about the two cases, warning other companies against such practices:

These fines should set alarm bells ringing and deter marketing companies across all sectors that are contacting people without their consent. It is a company’s responsibility to make sure that it has valid consent to make these calls. The TPS is there for a reason – to protect people’s privacy and ensure that marketing companies obey the law. Marketing companies failing to take the basic step of checking TPS can expect robust enforcement.

Response from Security Firms

IPVM contacted both firms about these fines asking specifically why they decided to rely so heavily on direct marketing, but received no response.

UK Direct Marketing Context

Getting fined for violating the TPS registry is not uncommon in the UK. Just 3 weeks after these fines, the ICO fined two other (non-security) firms for making over 1 million illegal calls to TPS subscribers. However, IPVM couldn't find such fines being applied to other UK security firms recently.

US Comparison

Direct marketing is also regulated by the government in the US, which has a similar list to TPS called the National Do Not Call Registry. Violators of the registry can technically be fined over $40,000 per call by the FTC.

Last spring, the FTC filed charges against Alliance Security Inc., a home security firm, for making "more than a million" unauthorized calls to people on the registry. The case is ongoing but has been temporarily halted due to the government shutdown.

Shady Sales Tactics Not New to Home Security 

In the UK, local authorities in Hampshire County have warned residents against cold calls from unspecified home alarm firms who could be gathering data or selling unnecessary systems. The BBC has also investigated one UK security firm whose salespeople made a number of false claims, including that they had police security clearance.

In the US, the FTC has warned that "Some Home Security Systems May Be Scams", stating that: 

They may use scare tactics. For example, they may talk about a rash of supposed burglaries in your neighborhood.

Direct Marketing and GDPR

Since the security firms’ direct marketing calls took place before GDPR implementation on May 25, 2018, this case was not tried with the new law in force.

However, the case is a good reminder that the GDPR Article 21 establishes a clear right for data subjects to object to direct marketing, stating:

Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

That means direct marketing violations taking place after May 25, if done on a particularly egregious scale, could reach the significantly higher monetary penalties levied by the GDPR – a maximum of 4% of annual revenue or 20 million euros ($23 million). That’s something any integrator considering direct marketing should take note of.

Comments (2) : Members only. Login. or Join.

Related Reports

Austria’s First GDPR Fine Is For Video Surveillance on Jan 29, 2019
Should EU businesses be concerned if police see a business' surveillance cameras filming public areas? This is what happened with Austria’s first...
Verified Response Discontinued in Silicon Valley San Jose on Feb 28, 2019
Almost all security alarms are false. This has driven some municipalities to require verified response before dispatching police. However, now San...
US City Sued For Hiding Surveillance Camera Map on Mar 08, 2019
UPDATE: The judgment is now in and updated information is at the bottom of the post. Should maps of public surveillance camera locations be kept...
NJ Law Requires Apprenticeship For Public Works Integrators on May 24, 2019
Few integrators do a formal apprenticeship program. However, now a NJ law is requiring any integrator on public works projects (such as state...
Verkada Wins $783,000 Memphis Deal on Apr 29, 2019
The US city, most famous in video surveillance for standardizing on Hikvision, has issued an RFQ for 962 Verkada cameras due Wednesday, May 1,...
San Francisco Face Recognition Ban And Surveillance Regulation Details Examined on May 14, 2019
San Francisco passed the legislation 8-1 today. While the face recognition 'ban' has already received significant attention over the past few...
Amazon Ring Public Subsidy Program Aims To Dominate Residential Security on May 20, 2019
Amazon dominates market after market. Quitely, but increasingly, they are doing so in residential security, through a combination of significant...
Kidnapping Victim Rescued With Video From Ring Doorbell Camera on May 24, 2019
A kidnapping victim was rescued within 24 hours, with the police crediting video from a Ring Doorbell camera as key to solving the case. A girl was...
Congressman Visits Hikvision USA, Admits Unaware of "Company's Background" Before Backtracking on May 31, 2019
A newly-elected US congressman visited Hikvision USA's office in April, posing for a photo with Hikvision's staff: A sitting US congress...
First Video Surveillance GDPR Fine In France on Jul 08, 2019
The French government has imposed a sizeable fine on a small business for violating the GDPR after it constantly filmed employees without informing...

Most Recent Industry Reports

Masks Cause Major Facial Recognition Problems on Feb 24, 2020
Coronavirus is spurring an increase in the use of medical masks, which new IPVM test results show cause major problems for facial recognition...
Every VMS Will Become a VSaaS on Feb 21, 2020
VMS is ending. Soon every VMS will be a VSaaS. Competitive dynamics will be redrawn. What does this mean? VMS Historically...
Video Surveillance 101 Course - Last Chance on Feb 20, 2020
This is the last chance to join IPVM's first Video Surveillance 101 course, designed to help those new to the industry to quickly understand the...
Vulnerability Directory For Access Credentials on Feb 20, 2020
Knowing which access credentials are insecure can be difficult to see, especially because most look and feel the same. Even insecure 125 kHz...
AI/Smart Camera Tutorial on Feb 20, 2020
Cameras with video analytics, sometimes called 'Smart' camera or 'AI' cameras, etc. are one of the most promising growth areas of video...
China Manufacturer Suffers Coronavirus Scare on Feb 20, 2020
Uniview suffered a significant health scare last week after one of its employees reported a fever and initially tested positive for coronavirus....
Cheap Camera Problems at Night on Feb 19, 2020
Cheap cameras generally have problems at night, despite the common perception that integrated IR makes cameras mostly the same, according to new...
Milestone Launches Multiple Cloud Solutions on Feb 18, 2020
Milestone is going to the cloud, becoming one of the last prominent VMSes to do so. Milestone is clearly late but how competitive do these new...
Video Surveillance Architecture 101 on Feb 18, 2020
Video surveillance can be designed and deployed in a number of ways. This 101 examines the most common options and architectures used in...
UK Stands Behind Hikvision But Controversy Continues on Feb 18, 2020
Hikvision is exhibiting at a UK government conference for law enforcement, provoking controversy from the press, politicians, and activists due to...