Back to all resources

Beware new penalties for email and phone spammers

Businesses that send unsolicited emails or make unwanted phone calls to consumers could face fines of up to £500,000 under new rules. Read our top tips to make sure your business doesn’t fall foul of the law.

Like this resource?

Become a member for access to more resources and benefits.

Learn more

Businesses that send unsolicited emails or make unwanted phone calls to consumers could face fines of up to £500,000 under new rules. Read our top tips to make sure your business doesn't fall foul of the law. On 25 May 2011, increased financial penalties came into force as part of amendments to the UK's Privacy and Electronic Communications Regulations (PECR). Under the new law, the Information Commissioner's Office (ICO) will be able to fine businesses up to £500,000 for sending unwanted marketing emails and texts, as well as making unwanted live and automated marketing phone calls. The £500,000 maximum is thought to be only for the ‘most serious incidents', but it sends out a warning to all businesses who use methods of communication that could leave them open to claims of spamming. As part of its increased investigatory powers, the ICO will be able to access information from telecommunications companies and internet service providers (ISPs) to help with investigations into breaches of the regulations. Telecoms companies and ISPs will also be legally required to notify the ICO when data breaches occur. These new powers are part of the same raft of laws that will see the ICO become responsible for enforcing new rules on websites using ‘cookies' to track information about visitors. Although, unlike that part of the law, which will give businesses a 12 month period of grace, these changes are effective immediately. What is spam? Spam is most often used to describe the sending of unsolicited bulk emails, but it can also apply to unsolicited and automated phone calls, and text messages. While we're not suggesting that readers partake in this particularly nasty form of communication, you should be aware that the term ‘spam' can apply to any sales email, text or call that is perceived as being unwanted or unsolicited. So, if you send marketing emails, buy in marketing lists or use cold calling to promote your business, you need to be aware of your responsibilities under both the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act. How to stay on the right side of the law Ensure you have the consent of everyone you contact. Consent may be given directly, for example, if an individual enters their email address or phone number on your website, or indirectly, for example, you got their contact details in the course of a sale and the marketing material you are sending relates to your similar products and services. When you send sales emails or texts, you must provide the recipient with a way to opt out each time you contact them. If a person or organisation asks to be taken off your marketing lists, you must comply with their request. There are no exceptions to this rule, and if you fail to comply, they can apply to the courts for an order against you under section 11 of the Data Protection Act. Consent can be collected by a third party on your behalf, provided it is made clear that it is proposing to pass the details being submitted to businesses to another organisation. If you buy data through a third party company, seek written assurances that the information on the list was collected in an appropriate way with the consent of the individual contacts. Under the PECR, you should not phone anyone who has registered their number with the Telephone Preference Service or the Corporate Preference Service. When sending emails to corporate contacts (i.e. info@ or sales@ rather than individual contacts (i.e. peter.smith@, the rules are more relaxed. You are not obliged to get their consent before contacting them, however you still need to provide them with a way to opt out of the emails. Note: If you're sending emails internationally, make sure your emails and your practices meet the requirements of the recipient's country. If you do breach the regulations, it is good practice to deal swiftly and openly with any complaints that arise. Apologise to the recipient and assure them they will not receive communications from you. Take swift action to ensure that they aren't contacted again and, if the contact came from a bought-in list take steps to check the list is up to date. And, if in doubt, always seek legal advice!