Monthly Archives: February 2018

Privacy v Freedom of Expression: ‘Can’t Pay? We’ll take it away’

Yesterday an interesting privacy judgment was handed down in the English High Court by Mr Justice Arnold.  The Claimants, Shakir Ali and Shahinda Aslam, brought proceedings against Channel 5 Broadcast Limited (“Channel 5”) for breaching their privacy in using footage of their eviction in the defendants’ television programme, ‘Can’t Pay?  We’ll take it away’.

‘Can’t Pay?  We’ll take it away’ is an observational documentary series broadcast by Channel 5 which follows the work of High Court Enforcement Agents.  The programme often features the evictions of tenants from residential premises by High Court Enforcement Agents and these agents pursuing debtors for the recovery of monies owed to their clients.  At Paragraph 58 of his judgment, Mr Justice Arnold states that the production company “wanted to show how the process which courts provided for the enforcement of debts and the reclaiming of property from debtors and tenants actually operated within ordinary peoples’ lives. He particularly wanted to show how landlords and creditors could expedite enforcement by moving the process from the County Court to the High Court, and the effect of this.”

The Claimants argued that they had a reasonable expectation of privacy and that this had been breached.  Meanwhile, the Defendants argued that the Claimants did not have a reasonable expectation of privacy.  Alternatively Channel 5 argued that if the Claimants did have a reasonable expectation of privacy, that was defeated by the Defendants’ rights to freedom of expression when the two were balanced against one another.  Channel 5 was responsible for selecting which enforcement actions that were filmed for the programme would actually appear in the television series.

On the day of the eviction, the Claimants were visited by two High Court Enforcement Agents; one of whom was in training and the other, Mr Paul Bohill, had more than 30 years’ experience as a High Court Enforcement Agent.  Only the first claimant was in the property when the Agents, together with a television film crew, arrived at the property to effect the eviction.  Certain information was supposed to be provided to those being filmed but the evidence proved that Mr Bohill actively prevented that information being given to the Claimants, even when the first claimant enquired about why it was being filmed.  Mr Justice Arnold covers the events of the eviction of the claimants, in detail, in paragraphs 70 – 115 of his judgment.

On 17th June 2015 the first claimant contacted the production company objecting to footage of his eviction being used in the television series.  He was told that they [the production company] needed to get their facts straight with regards to his benefits, but that his objections would be passed onto Channel 5 who made decisions about broadcast.

At paragraph 169 of his judgment, Mr Justice Arnold states that in his “judgment the principal factors relied upon by the Claimants do lead to the conclusion that they had a reasonable expectation of privacy in respect of the information in question. The Programme was largely filmed in their home; it showed them being evicted without prior warning; it showed them in a state of shock and distress; it showed them being taunted by Omar Ahmed; and it was foreseeable that the broadcasting of the Program me would have an adverse effect on their children. I do not accept that the open justice principle means that the Claimants’ Article 8 rights were not engaged. Open justice means that Channel 5 was entitled to report the facts that the courts had made the Order for Possession and issued the Writ of Possession and in consequence the Claimants had been lawfully evicted; but what happened in their home on 2 April 2015 was not part of the proceedings. Nor do I consider that the broadcasting of the information was an inevitable consequence of the Claimants’ failure to comply with the Order for Possession. Nor do I accept that Mr Ali’s Article 8 rights were  significantly weakened by his political activity.  Mrs Aslam had not engaged in political activity at all. I accept that the Claimants, and their children, had already suffered damage to their privacy as a result of the Ahmeds’ postings on social media, but I do not accept that this meant that the broadcasting of Programme either could not or did not inflict further damage given the substantial scale and duration of the broadcasting.”

In respect of the argument advanced on behalf of Channel 5, that Mr Ali had consented to being filmed, Mr Justice Arnold states that the consent was not “true consent”, was “an agreement to participate under protest” and “was not fully informed agreement given that he was not told anything about the programme that was being filmed or who would broadcast it or about the body cameras.” (paragraph 177).  In any event, Mr Justice Arnold held that “to the limited extent that he did give consent on 2 April 2015, he unequivocally withdrew that consent prior to the first broadcast of the Programme.” (paragraph 178).

Having found that the Claimants did have a reasonable expectation of privacy, it became necessary for the court to balance that against Channel 5’s rights to freedom of expression.  There was no dispute that there was a genuinely held belief by the production company and channel 5 that the programme was in the public interest; however, there was a dispute between the parties as to whether that was enough or whether it had to be assessed objectively.  Mr Justice Arnold concluded that it was clear that the court had to assess it objectively.

Channel 5 argued that “the programme addressed a number of matters of real public interest and concern: increasing levels of personal debt, and in particular rent arrears of tenants in privately-rented accommodation; the dependence of tenants on benefits, and in particular housing benefit; the effect of enforcement of writs of possession by HCEAs; and the consequences for both landlords and tenants. He further submitted that it was justified for Channel 5 to illustrate these matters by showing what happened to real people in real situations, because that was the best way to engage the public and stimulate debate.”

At paragraph 195, Mr Justice Arnold concludes that “the Programme did contribute to a debate of general interest, but…the inclusion of the Claimants’ private information in the Programme went beyond what was justified for that purpose…The focus of the Programme was not upon the matters of public interest, but upon the drama of the conflict between Omar Ahmed [the landlord] and the Claimants. Moreover, that conflict had been encouraged by Mr Bohill…”

Mr Justice Arnold ultimately concluded that when balancing the rights of the Claimants to a private and family life against Channel 5’s rights to freedom of expression, the balance came down in favour of the Claimants’ Article 8 rights.  Each claimant was ultimately awarded £10,000 in damages.

This case raises a number of questions about similar style programmes regularly broadcast on television in the United Kingdom.  It is possible that Channel 5 might face claims from others featured in ‘Can’t Pay?  We’ll take it away’ arising out of the publicity that this judgment has received.  Of course, Channel 5 might well decide to appeal the decision; however, in the meantime broadcasters who broadcast similar style programmes and the production companies who make them ought to reflect upon the decision in the meantime and take it into account when making decisions about programming content of that nature.  It is clear that individuals in these situations do have a reasonable expectation of privacy.  There will be circumstances where the broadcasters’ freedom of expression will defeat the privacy rights of the individuals; however, there will need to be a genuine attempt to cover matters of public interest.  If it is simply for the prupose of entertainment, then broadcasters could find themselves being sued for breach of privacy if they do not have informed consent from the individuals featured (or do not take steps to protect the identities of those featured).

Alistair Sloan

If you would like advice or assistance in respect of a privacy/data protection issue or any other information law matter then contact Alistair Sloan on 0345 450 0123 or send him an E-mail.

New Data Protection Fees

The draft Data Protection (Charges and Information) Regulations 2018 have now been laid before Parliament by the UK Government; it is intended that they will enter into force on 25th May 2018.  The Regulations will introduce the new charging regime that is to replace “notification fees”, once the requirement upon data controllers to notify the Information Commissioner of their processing of personal data.

As expected, the fees will move from the current two-tier structure to a three-tier structure; however, the fee amounts are different to what was proposed in the consultation last year.  The tiers are as follows:

Tier 1
Data controllers who fall into tier 1 will pay an annual fee of £40 to the Information Commissioner.  You fall into this fist tier if you have a turnover of less than or equal to £632,000 for your financial year, or you have no more than 10 members of staff.  Charities also fall into this category as do small occupational pension providers.

Tier 2
Data controllers who fall into tier 2 will pay an annual fee of £60 to the Information Commissioner.  You will fall into this tier if you do not fall into tier 1 and have a turnover less than or equal to £36m for your financial year, or have no more than 250 members of staff.

Tier 3
Data controllers who fall into tier 3 will pay an annual fee of £2,900 to the Information Commissioner.  All non-exempt data controllers who do not fall into the first two tiers will fall into tier three.  The Commissioner has indicated that they will assume that every data controller falls into tier 3 unless they prove the contrary.

These fees do represent a shift from the levels that were consulted on last year.  In particular the top-tier fee that was suggested in October was £1,000 but has now become £2,900.  Data controllers can save themselves a bit of money (a grand total of £5) by paying their annual fees by Direct Debit.

The fees structure that was consulted on had suggested that there would be a premium to be paid by any data controller that also carried out direct marketing activities by electronic means; however, that hasn’t been given effect to in the draft Regulations that have been laid before Parliament,

In terms of working out how many members of staff you have for the purposes of these regulations you can’t just count the number of employees you have.  A member of staff, for the purposes of the Regulations, is: (i) an employee; (ii) a worker, within the meaning of s.296 of the Trade Union and Labour Relations (Consolidation) Act 1992; (iii) an office holder; or (iv) a partner.  Part-time members of staff are counted as one member for these purposes.  To calculate the members of staff you need to work out how many members of staff you employed each month in your last financial year, add together the monthly totals and then divide it by the number of months in your last financial year.  Even members of staff who work outside of the United Kingdom (and, indeed, the European Union) need to be counted.

You do not need to work out how many members of staff you have if you are a charity or if you are a small occupational pension scheme.  Public authorities are required to ignore those reference to turnover and are required only to determine how many members of staff that they have.

If you are processing personal data solely for one of the following eight purposes, you do not need to pay a fee to the Information Commissioner:

  1. Staff Administration;
  2. Advertising, marketing or public relations,
  3. Accounts and records,
  4. Not-for-profit purposes
  5. Personal, family or household affairs
  6. Maintaining a public register
  7. Judicial functions
  8. Processing personal information without an automated system such as a computer

To be able to rely upon this exemption your processing must be solely for one or more of the above noted purposes.  If your processing is for one of those activities in addition to another activity then you will need to pay the fee at the appropriate tier.

In order to ensure that data controllers are paying the correct level of fee, the draft Regulations have provision within them for data controllers to supply various pieces of information to the Information Commissioner; this information fits around establishing which, if any, of the three tiers the controller falls into.

There are a couple of final things to note.  The first is that if you pay a notification fee prior to 25th May 2018 then you will not be required to pay the new fees until that notification has expired.  Therefore, if you are due to notify the ICO under the Data Protection Act 1998 on or before 24th May 2018 you will not be required to pay the new fees until next year.  The final thing to note is that these Regulations are only in draft form; they are still subject to parliamentary approval and could be amended.  However, this blog post reflects the position as contained within the draft Regulations.  Large organisations should, however, be planning to pay significantly more to the Information Commissioner than the £500 they have been paying until now.

Alistair Sloan

If you would like advice or assistance with a privacy or data protection matter, including the GDPR, or any other information law matter then contact Alistair Sloan on 0345 450 0123 or send him an E-mail.

Data Protection/Privacy Enforcement: January 2018

It has been a busy start to the year for the Information Commissioner’s Office (ICO).  The start of 2018 also saw the highest ever sentences imposed on those in breach of Data Protection and Privacy laws in the United Kingdom.  It is time to have a closer look at the Data Protection and Privacy Enforcement action published by the ICO during January 2018 as part of our regular monthly review.  You can read our review of the privacy and data protection enfrocement from December 2017 here.

Key Points

  • If you have access to personal data as part of your employment, ensure that you only access it where there is a genuine professional need for you to do so; even if the reason you are looking for information could be considered harmless.
  • As far as the Information Commissioner is concerned, ‘ignorance is not bliss’; Data Controllers must have adequate and up to date procedures, technology and policies in place to ensure that they are not in breach of any data protection laws or regulations.
  • Organisations can’t generally send advertising or marketing emails unless the recipient has informed the sender that they consent to such emails being sent by, or at the instigation of, that sender.  Any consent must be freely given, explicit and informed but also involve a positive indication signifying the individual’s agreement. In order for consent to be informed by an individual, the individual must know exactly what it is they are consenting to (for more information see Alistair Sloan’s blog post PECR:  The forgotten relative).
  • Failure to notify the Information Commissioner of any personal data breach in accordance with the Notification Regulations will not be tolerated.  If it has come to your attention that there has been a breach, you must come clean and put your hands up. A much wider requirement to notify the ICO of personal data breaches becomes applicable with the GDPR later this year, for more on that see our blog post on Personal Data Breaches under the GDPR.
  • It goes without saying, meticulous attention to detail must be taken when you are sending any correspondence containing personal data, you must ensure that it is sent to the correct person.

Enforcement action published by the ICO in January 2018

The Carphone Warehouse Ltd
The Carphone Warehouse Ltd was served with a Monetary Penalty Notice in the sum of £400,000 after serious failures and inadequate software placed customer and employee data at risk.

Newday Limited
Newday Ltd were served a Monetary Penalty Notice in the sum of £230,000 after approximately 48,096,988 emails were sent to individuals who had not consented to receive marketing, contrary to regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.  The Commissioner decided that the consent relied on by Newday Limited was not sufficiently informed and therefore it did not amount to valid consent.

TFLI Ltd
TFLI Ltd received a Monetary Penalty Notice of £80,000.  This penalty was also in relation to contravention of regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.  TFLI Limited sent approximately 1,218,436 unsolicited marketing texts promoting a loan website.

Barrington Claims Ltd
Barrington Claims Ltd were issued a Monetary Penalty Notice in the sum £250,000 after they failed to ensure automated marketing calls were made only to individuals who had consented to receive them. The Commissioner decided to issue a Monetary Penalty under section 55A of the Data Protection Act 1998, in relation to contravention of regulations 19 and 24 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.  The company were unable to provide evidence that it had the consent of individuals to whom it had instigated the calls.

Goody Market UK Ltd
Goody Market UK Ltd were issued a Monetary Penalty Notice in the sum of £40,000 after they failed to ensure that text messages containing marketing material were only sent to individuals who had consented to receive them.  They were also served an Enforcement Notice. The texts were sent on the basis of data sourced from a third party, and purchased on behalf of Goody Market UK Ltd by a data broker.  Goody Market UK Ltd were unable to provide the Commissioner with any evidence that the recipients consented to the marketing messages, having relied on verbal assurance from the data broker.  The Commissioner found that Goody Market UK Ltd had contravened Regulation 22 of PECR.

West Midlands Police
West Midlands Police have signed an Undertaking to comply with the Data Protection Act after the Information Commissioner was informed that a data breach had occurred in relation a Criminal Behaviour Order.  The order was imposed on two individuals, but in a leaflet distributed to publicise the order, the names of the witnesses were revealed.

Miss-sold Products UK Ltd
Miss-sold Products UK Ltd were served a Monetary Penalty Notice in the sum of £350,000 after they failed to ensure that marketing calls were only made to individuals who had consented to receive marketing. The penalty was in relation to contravention of Regulation 19 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

SSE Energy Supply Ltd
SSE Energy Supply Ltd was issued a Monetary Penalty Notice of £1,000 after they sent an email to an individual in error.   The penalty was issued because of contravention of Regulation 5A of the Privacy and Electronic Communications (EC Directive) Regulations 2003.  This Regulation requires that a provider of a public electronic communications service must notify the Information Commissioner of a personal data breach without undue delay.  SSE Energy Supply Ltd sent an email to the wrong email address, disclosing the name of a customer and their account number.  After they became aware of the breach, SSE Energy Supply Limited did not follow its policies and procedures that were in place and as a consequence there was a delay in reporting the personal data breach to the Information Commissioner.

Prosecutions
There were a number of successful prosecutions reported by the ICO during January 2018:

  1. An investigation by the ICO, which began in 2013, resulted in record fines for Woodgate and Clark Ltd, the company director and private investigators who were involved in the illegal trade of personal information.  A claim had been made on an insurance policy in relation to a fire at business premises which the claimant owned.  Private investigators unlawfully obtained confidential financial information and disclosed it to Woodgate and Clark Ltd, which then disclosed it to an insurer client.  The defendants were all prosecuted under s55 of the Data Protection Act 1998.  Woodgate and Clark Ltd were fined £50,000 in addition to being ordered to pay £20,000 in costs.  The company director was fined £75,000 and was ordered to pay £20,000 in costs; while both private investigators were fined £10,000 and ordered to pay £2,500 in costs.
  2. A director of an accident claims company invented a car crash so that he could trace and get in touch with the owner of a private number plate he wanted to buy.  He was prosecuted at Bristol Magistrates’ Court for a breach of S55 of the Data Protection Act 1998 for the offence of unlawfully obtaining personal data.  He was convicted and received a fine of £335.00.  The defendant was also ordered to pay prosecution costs of £364.08 and a victim surcharge of £33.00.
  3. An individual was charged with two offences of unlawfully disclosing personal data.  The defendant had come into possession of a USB stick and published sensitive police information from it on Twitter.  He was sentenced to a 12 month conditional discharg,e in part because he had been placed on a stringent bail conditions including wearing an electronic tag before the hearing.  He had to pay £150 in cost and £15 victim charge.

Vicki Macleod Folan

If you require advice and assistance in connection with any of the issues above, or any other Information Law matter, please do contact Alistair Sloan on 0345 450 0123 or by completing the form on the contact page of this blog.  Alternatively, you can send him an E-mail directly.

It’s just legitimite interests, isn’t it?

The General Data Protection Regulation (GDPR) becomes applicable in the United Kingdom on 25th May 2018.  Preparations are well underway in business, government and the regulator for the new privacy and data protection landscape.  People are trying to find their way through the GDPR and the Data Protection Bill to understand exactly what it is that they’re required to do in order to comply with the new framework, but there are a lot of misunderstandings about certain requirements of the GDPR.  I have already dealt with one of those, the issue as to whether or not consent is required under the GDPR on this blog.  Another area where there appears to a lot of misunderstanding is with the legitimate interests ground for processing, especially in the area of direct marketing.

Article 6(1)(f) of the GDPR provides that it is lawful to process the personal data of a data subject where the “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”  This is the legitimate interests ground for processing; but as can be seen from a proper reading of the condition, it is not the silver bullet condition that some people seem to think that it is.

There are essentially three elements to the condition:  (1) necessity; (2) legitimate interests of the controller or a third party; (3) the interests or fundamental rights of the data subject.  Therefore before being able to rely upon legitimate interests as the processing condition, it is essential that controllers go through a three stage process.  The first stage is to identify what the interests are.  In determining whether the interest identified by the data controller is a legitimate interest, it is necessary for them to consider whether a data subject can reasonably expect, at the time and in the context of the collection of the personal data, that processing for this purpose may take place.  If a data subject could not reasonably expect that the processing envisaged by the data controller may take place, at the time and in the context of collection of the personal data, it will not be a legitimate interest.

The second stage is to consider necessity; the processing must be necessary for the legitimate interest(s) being pursued.  If the processing is not necessary then a data controller cannot rely upon the ‘legitimate interests’ condition for processing the personal data in question.  The ICO currently puts it this way “[i]f you can reasonably achieve the same result in another less intrusive way, legitimate interests will not apply.”  It is therefore essential to consider whether there are other ways to fulfil the legitimate interest(s) identified.  The test does not require it to be “strictly necessary” or “absolutely necessary”, but it is still a high test

The final element that needs to be considered before a decision to rely upon legitimate interests can be taken, is whether the legitimate interests are overridden by the fundamental rights and freedoms of the data subject.  This can be a very difficult assessment to make and can, on occasions, be on a knife-edge.  It is fundamentally about proportionality and in a lot of cases the data subject’s fundamental rights and freedoms will override the legitimate interests with the result that another condition needs to be found to enable processing take place.

At the very outset I did mention that there is a lot of misunderstanding about legitimate interests in the field of direct marketing.  It is true that the GDPR does state, in Recital 47, that “[t]he processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”, but it’s not as simple as that.  Firstly it is important to note that the Recital states that it “may be” a legitimate interest; that is not the same thing as saying that it “will be” or “is” a legitimate interest.  It only opens the door to marketing being a legitimate interest; it does not remove the need to consider whether it is, in any given context, a legitimate interest.

Secondly, it is important not to consider the GDPR in isolation.  I have already written about the forgotten relative of the GDPR:  The Privacy and Electronic Communications (EC Directive) Regulations 2003.  These are extremely relevant when conducting direct marketing by electronic means (such a by telephone, E-mail or text message).  Processing personal data for the purposes of marketing might well be lawful because it can be shown that it is a legitimate interest for the controller or a third party, but how that marketing is then delivered must comply with the other relevant laws and codes which regulate marketing activity.

The legitimate interests condition is a flexible one, but data controllers should not assume that if no other condition applies, or is appropriate, that they can simply say “it’s legitimate interests” and be done with it.  Where a controller does rely upon legitimate interests, the accountability principle will kick in and the supervisory authority may well ask for it to be justified.  Therefore, where it is proposed to rely upon legitimate interests a record should be kept demonstrating how each of three elements to the legitimate interests condition is met.

Alistair Sloan

If you would like advice or assistance with a privacy or data protection matter, or any other information law matter then contact Alistair Sloan on 0345 450 0123 or send him an E-mail.

 

Data Protection, Brexit and the Charter of Fundamental Rights

On the face of it the Irish Supreme Court’s decision in Minister for Justice v O’Conner [2018] IESC 3 has no place on a blog focused on information law matters as they apply in Scotland and the wider United Kingdom.  The case involves a European Arrest Warrant (EAW) issued by the United Kingdom and the surrender of the individual to the United Kingdom under that EAW.  The Irish Supreme Court has granted leave to Mr. O’Connor to appeal to it; this is so that a reference can to be made to the Court of Justice of the European Union.  The context of that reference is the giving of notice by the United Kingdom under Article 50 of the Treaty on the European Union and that as a consequence the United Kingdom will leave the European Union.

It is not obvious what this has to do with information law at all; however, it might well have an impact upon the flow of personal data between the United Kingdom and the European Union.

The UK Government has identified a number of ‘red lines’ in its negotiations with the European Union; one of those red lines is that the Charter of Fundamental Rights of the European Union will cease to apply to the United Kingdom when it leaves the European Union.  All of the public statements which have been made by Ministers is suggestive that the Charter will not be incorporated into UK domestic law and it will not agree to a treaty with the European Union which continues its application.  Whether or not that is the case at the end of the day remains to be seen; however, it is creating uncertainty.

My initial thoughts on this case are that it could be significant beyond the question of extradition under the EAW scheme.  From a reading of the judgment of the Irish Supreme Court, it is clear that there are fundamental issues of European Union Law to be addressed in this reference.

It is a consequence of the operation of Article 50 that at the end of the two year period provided for therein that the treaties cease to apply to the leaving State (subject to an agreement to extend the Article 50 period or any agreement between the EU and the leaving state which continues the application of EU law).  At its most basic, it means that European Union Law ceases to apply to the leaving state.  This is a very real problem and is the reason for the European Union (Withdrawal) Bill, which has its aim to ensure that the domestic statute book works and certainty is given as to what the law in the United Kingdom is.

So, what precisely does this have to do with information law?  Articles 44-50 of the General Data Protection Regulation deal with transfers to third countries; a third country being a country which is outside of the Union.  Upon Brexit the United Kingdom will be outside of the Union and the flow of personal data from controllers and processors inside of the Union to controllers and processors in the United Kingdom will need to be in compliance with Articles 44-50 of the GDPR.

What most people in the data protection world are hoping for is that the United Kingdom will get a favourable adequacy decision from the European Commission; which will enable the free flow of personal data between the Union and the United Kingdom on much the same basis as it is presently while the United Kingdom remains part of the European Union.  However, many are sceptical as to whether the United Kingdom will be successful in gaining such a decision; it may not be enough simply to show that the GDPR still forms part of UK domestic law, but that is a topic for another blog post.

What appears to be the underlying issue in the reference being made by the Irish Supreme Court, is whether a person can be surrendered to the United Kingdom under a EAW while there is uncertainty about what the arrangements will be after Brexit in terms of that citizen’s rights under European Union Law.  The Charter of Fundamental Rights of the European Union features a number of times in the judgment and seems to be one of the areas of EU law that is at issue (and Article 8 of the Charter guarantees rights to the protection of personal data).

It seems to me that if the opinion issued by the Court of Justice of the European Union in respect of the reference made is in any way supportive of Mr. O’Connor’s position, it could raise questions not only about personal data transferred between the Union and the UK post-Brexit; but also about personal data which is transferred pre-Brexit and which will continue to be processed in the United Kingdom post-Brexit.

This reference to the Court of Justice of the European Union is certainly one that data protection professionals ought to be keeping an eye on; it has the potential to cause severe headaches for controllers and processors who rely on personal data coming in from the other 27 members of the European Union.

Alistair Sloan

If you would like advice or assistance with a privacy or data protection matter, or any other information law concern then contact Alistair Sloan on 0345 450 0123 or send him an E-mail.