ICO given new powers to impose fines for marketing breaches (TLT LLP)

ICO given new powers to impose fines for marketing breaches

The Information Commissioner’s Office (ICO) has been granted new powers as a result of an amendment to the UK’s Privacy and Electronic Communications Regulations (PECR). The new powers, which came into effect on 25 May 2011, include:

Extended financial penalties: the ICO can impose a penalty of up to £500,000 for the most serious breaches of the PECR. This covers nuisance marketing emails, texts and phone calls.
Increased investigatory powers: the ICO can require telecoms companies and Internet Service Providers (ISPs) to provide information needed to investigate breaches of the PECR.
Compulsory notification when breaches occur: telecoms companies and ISPs must notify the ICO, and their customers, when a personal data breach occurs. A fixed penalty of £1,000 per offence will apply where personal data breaches are not notified.
Increased audit powers: the ICO can audit telecoms companies and ISPs for compliance with personal data breach notification requirements.
New rules for websites using cookies: the ICO will be responsible for ensuring compliance with new cookie consent requirements. (see Related publications).

The ICO will be issuing guidance on their new enforcement powers but the date for release is yet to be confirmed.

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at June 2011. Specific advice should be sought for specific cases; we cannot be held responsible for any action (or decision not to take action) made in reliance upon the content of this publication.

© TLT LLP 2011. TLT LLP is a limited liability partnership registered in England and Wales number OC 308658.

Tags: data protection, fines, ico, information commissioner