14 Feb 2019 | Articles, GDPR

Company Director receives a 4-year ban following PECR breach

Howard Freeman

Howard Freeman

Howard Freeman – 14th February 2019

The ICO (Information Commissioner’s Office) has banned a businessman from starting or managing a business for four years following his breach of the PECR (Privacy and Electronic Communications Regulations).

The director at Lad Media, Keith Hancock was said to have  “played a central role”in sending spam messages to thousands of people with SMS (text messages) containing marketing materials, many of whom had previously withdrawn their consent to receive such messages.

The ICO said that the lead generation and data brokerage business sent nearly 400,000 messages in total. More than a hundred people complained, citing distress and harassment to the industry text message reporting service.

Violations of the PECR

The PECR covers several areas, including electronic marketing, cookies and the security of public electronic communication services. It also prohibits organisations from sending electronic communications without first gaining recipients’ consent.

The amendment to the PECR in December of 2018 granted the ICO the power to fine businesses up to £500,000, directly to directors. Sadly, however, the amendment came along after the investigation into Lad Media had started, so it couldn’t be applied.

Nonetheless, the punishment has proven costly. Not only was Hancock banned from senior management roles. Lad Media also received a fine of £20,000, which it refused to pay, ultimately leading to a winding-up order.

Commenting on the incident, David Brooks, Chief Investigator for the Insolvency Service, said: “There is clear guidance on the internet about what communications you can send to people when it comes to marketing. So, there is no excuse for not knowing what your responsibilities are.

“Keith Hancock clearly failed to ensure Lad Media carried out sufficient checks on who was being sent direct marketing, even if it was done by a third party. Thanks to the joint work with the ICO, we have secured a ban appropriate for the seriousness of the offence.”

Does your business meet the requirements of the PECR?

This incident is a clear reminder that organisations must pay attention to the PECR. Admittedly it has been somewhat ignored in the past 12 months as the GDPR (General Data Protection Regulation) has taken the focus away from PECR. Many businesses worry about violating the GDPR. However, violations of privacy laws can be just as damaging to your business.

Those looking to assess their compliance status should conduct a PECR audit, a service we can provide. Please get in touch for further information. You can call us on 03333 22 1011.

The team can help you address the key areas of PECR compliance and we can provide you with recommendations for improvement. We can confirm key areas where you already comply with PECR standards. Don’t get caught out with a PECR breach, call us today.


Can we help?