#Privacy: The ICO are owed £7m in unpaid fines

The Information Commissioner’s Office (ICO) are struggling to collect monetary penalties from organisations it has fined since 2015. 

According to a Freedom of Information (FOI) request submitted by The SMS Works, 152 fines have been issued since 2015, equating to £16.6 million – however, 30% are still unpaid which amounts to over £7 million. 

The fines have been imposed for either data breaches, spam and nuisance calls. 

Fines handed to charities and public organisations have all been paid, however the main culprits for non-payment are in the claims management industry. The industry has received a total of £3.2 million in fines, yet only £490,000 has been collected, and an overwhelming 84% remains unpaid. 

The financial services industry have paid over 70% of fines, whilst both marketing and telecoms have only paid 40%. 

By category, the ICO has successfully collected just 23% of nuisance call fines, 64% of email spam fines and 74% for SMS spam, whilst 85% of data breach fines have been paid. 

The largest unpaid fines are from companies that are no longer in trading, and have claimed bankruptcy to avoid payment. Fortunately, laws may change in the future that will leave those accountable pay the fine. 

“We actively exercise our rights as a creditor to appoint professional insolvency practitioners, and work closely with the Insolvency Service in these cases, to not only seek to recover the money owed to the taxpayer but also to support action to disqualify the worst offenders from running companies in the future,” said an ICO spokesperson

“Some nuisance call director liquidate their firms to avoid paying fines from the ICO. In December 2018, the law changed to make directors themselves responsible for nuisance marketing. This should have a real deterrent effect on those who deliberately set out to disrupt people with troublesome calls, texts and emails.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/