ICO Collects Just 26% of Value of Fines Since 2020

The UK’s data protection and privacy regulator is getting worse at collecting the fines it hands out to penalize erring companies, according to new data from TheSMSWorks.

The SMS API provider has been tracking the progress of the Information Commissioner’s Office (ICO) in such matters since 2018.

Unfortunately, it revealed that just a quarter (26%) of the monetary value of fines it issued from January 2020 to September 2021 had been paid, down from 32% during the last report period (January 2019-August 2020).

That means, out of the 47 individual fines during the current period, amounting to £7m, just 19 had been successfully collected, at a value of only £1.8m.

This excludes the sizeable GDPR penalties for British Airways (£20m) and Marriott International (£18.4m). These companies have reportedly agreed to pay their fines in annual installments.

The news comes despite legislation that effectively makes company directors responsible for paying fines. In the past, many would declare bankruptcy to avoid the fine.

According to TheSMSWorks, many directors simply refuse to pay or initiate a slow and unwieldy appeals process. It claimed that Eldon Insurance, fined £60,000 for email spam in February 2019, still has an unresolved appeal being processed.

Another company, MyIML Ltd, has reportedly not yet fully paid its £80,000 nuisance call fine six years after it was issued.

Over £1m in unpaid fines are said to be currently under appeal.

Henry Cazalet, director of TheSMSWorks, said awareness of the issue often falls under the radar.

“People reasonably assume that if an organization has been fined then it will be paid and the taxpayer will benefit,” he told Infosecurity.

“I think The ICO’s reputation could take a bit of a hit, particularly as it has over 500 members of staff now.”

Cazalet said he had some sympathy with the regulator, which must balance the twin goals of discouraging shady practices and collecting fines effectively.

“However, I believe that the fining policy is just too aggressive,” he concluded. “It makes a great headline to state that you’re fining a rogue organization for a huge sum, but if you can’t collect it, then it’s ultimately just posturing.”

Fines for SMS spam are the most likely to remain unpaid, with 82% of penalties yet to be collected, the report noted.

What’s Hot on Infosecurity Magazine?