In September 2017 the Information Commissioner served a Monetary Penalty Notice on Easyleads Limited in the amount of £260,000 [pdf]; the company was also served with an Enforcement Notice by the Commissioner requiring the company to comply with the terms of the Privacy and Electronic Communications (EC Directive) Regulations 2003 [pdf]. It has since transpired that the company never paid the monetary penalty notice and the Information Commissioner petitioned the court to have the company wound-up. It is not unheard of for monetary penalty notices served by the Commissioner to go unpaid; however, where they do it is often because the company goes into liquidation. A copy of the order winding the company up following the petition by the Information Commissioner [pdf] can be found on the Companies House website.
What is interesting about this case though is an announcement by the Insolvency Service that the Secretary of State had accepted a disqualification undertaking from Shaun Harkin, the director of Easyleads Limited. The effect of the undertaking is to ban Mr. Harkin from “directly or indirectly becoming involved, without the permission of the court, in the promotion, formation or management of a company for six years”.
The announcement from the insolvency Service explains that the reason Mr Harkin is now banned from being a director of a company for 6 years is because he failed to ensure that the company complied with its statutory obligations, specifically that he failed to ensure that the company complied with the requirements of the Privacy and Electronic Communications (EC Directive) Regulations 2003 around undertaking direct marketing by telephone.
This is an important announcement from the Insolvency Service; it demonstrates that the effects of failing to comply with data protection and privacy law can be wide-ranging. There is the potential for directors running companies which fail to comply with data protection and privacy law facing being banned from being involved in the formation or management of companies for a not insignificant period of time. It remains to be seen whether this sort of action becomes much more frequent and it is not something that is directly in the control of the Information Commissioner herself, but if the Insolvency Service is starting to take seriously breaches of data protection and privacy law by companies and looking to disqualify directors (where it can within the parameters of the law) then this is clearly something that those involved in the formation and management of limited companies ought to bear in mind when considering data protection and privacy compliance.
If you require advice or assistance on a matter relating to data protection or privacy law then you can contact Alistair Sloan on 0141 229 0880 or send him an E-mail. You can also follow our twitter account dedicated to information law matters.