More than 40 per cent of ICO fines havent been paid

The ICO is owed £7.05m in unpaid fines
The Information Commissioner Elizabeth Denham (Information Commissioners Office)

The Information Commissioner’s Office (ICO) is still owed 42 per cent of the total fine amount it’s handed out for data breaches, spam, and nuisance calling since 2015, showing the difficulty the governmental office has had in enforcing the punishments levelled at companies.

152 fines have been issued since 2015, with 47 – or 30 per cent – remaining unpaid, according to data obtained by The SMS Works via a freedom of information request. The total amount fined in that period was £16.6m, of which £7.05m remains uncollected – that’s 42 per cent.

All the fines levelled at charities and public organisations have been paid, as you’d expect. However, private firms haven’t been anywhere near as accepting of fines.

The claims management industry – the worst of the bunch – has received a total of £3.2m in fines with a staggering 84 per cent remaining unpaid, only £490,000 having been collected. The home improvements sector payments are under 30 per cent, while both marketing and telecoms sit under 40 per cent. The financial services industry is the best within the private sector, paying over 70 per cent of fines.

Looking at payments based on reason behind the fine, just 23 per cent of nuisance call fines are successfully collected by the ICO. Email and SMS spam have payment rates of 64 per cent and 74 per cent respectively, while fines for data breaches are paid 85 per cent of the time.

The three largest unpaid fines are two of £350,000 and one of £400,00 from companies that are all no longer trading. This is a problem the ICO has faced in collecting fines, but a law change could pave the way for it securing all the money it’s owed.

“Some nuisance call directors liquidate their firms to avoid paying fines from the ICO,” an ICO spokesperson said in a statement. “In December 2018, the law changed to make directors themselves responsible for nuisance marketing. This should have a real deterrent effect on those who deliberately set out to disrupt people with troublesome calls, texts and emails.”

The three unpaid fines, of course, do not include the big fines currently facing British Airways and Marriott Hotels. The paid have been charged with paying £183m and £99m respectively for failing to protect customer data, although both are currently appealing their fines and thus don’t yet officially owe the money to the ICO.

Unlike most, if not all, of the £7.05m owed to the ICO, the fines levelled at British Airways and Marriott were handed out under the General Data Protection Regulation (GDPR). As is now well-documented, the regulation enables to the ICO – and other data regulators across the European Union – to fine organisations up to €20m or four per cent of their global turnover.