back to article Can't pay Information Commissioner's fine? No problem! Just liquidate your firm

The UK's data protection watchdog has recovered only about half the value of fines doled out to dodgy data controllers, and those handed to spam marketing firms are the most likely to remain unpaid. According to figures released under the Freedom of Information Act, the Information Commissioner's Office has fined companies …

  1. Cereberus

    I'm confused

    But the highest fine given out under both is £400,000, which is a fifth off the £500,000 maximum the body can dish out, although this will increase to 4 per cent of global turnover or €20m under the General Data Protection Regulation (GDPR).

    Since when was £400,000 a fifth of £500,000?

    That might explain why so little of the money is recovered.

    1. Aladdin Sane
      FAIL

      Re: I'm confused

      A fifth off, not of.

      1. Cereberus

        Re: I'm confused

        Thanks Aladdin, I need to get new reading glasses.

        1. Tigra 07
          Facepalm

          Re: Cereberus

          I misread the same line...

    2. Anonymous Coward
      Anonymous Coward

      Re: I'm confused

      Forfar 4 - East Fife 5

      Easy mistake to make.

    3. DavCrav

      Re: I'm confused

      "Since when was £400,000 a fifth of £500,000?"

      Epic reading ffail.

    4. anothercynic Silver badge

      Re: I'm confused

      A "fifth off", a "discount of one fifth", a "discount of 20%"...

      Grammar and maths, eh?

  2. Aladdin Sane
    Holmes

    I'm shocked.

    Shocked I tell you.

    1. Danny 14
      Pirate

      Re: I'm shocked.

      indeed. ive never heard of any such practice before. I mean, im sure the directors would just close shop and open another would they?

    2. macjules

      Re: I'm shocked.

      Terrible news indeed.

      The money is paid into the Treasury's Consolidated Fund (it does not feather the ICO's nest).

      Yes it does. Unless the rules have changed, they get end of year bonuses based upon recovery and fines, in-line with HMRC guidelines.

  3. Wellyboot Silver badge
    Holmes

    Liquidate company to avoid paying

    The normal approach to avoiding large payements - move along.

    1. Aqua Marina

      Re: Liquidate company to avoid paying

      Where the ICO originally went wrong was the procedure it followed with companies attempting to liquidate voluntarily. There is a process where the ICO can force a stop to the voluntary liquidation, an administrator is brought in, and following an investigation of the administrator the director banned from starting another company within X years.

      Only recently has the ICO started to do this and is now getting better results.

      1. Anonymous Coward
        Anonymous Coward

        Re: Liquidate company to avoid paying

        "Where the ICO originally went wrong was the procedure it followed with companies attempting to liquidate voluntarily. There is a process where the ICO can force a stop to the voluntary liquidation, an administrator is brought in, and following an investigation of the administrator the director banned from starting another company within X years."

        I get the feeling it might be a reasonable idea to change the relevant legislation to prevent a company voluntarily entering administration if there is an outstanding court-ordered or regulator-imposed fine. I know you can prevent a company entering voluntary administration if you have a CCJ outstanding against them, but IIRC you have to squawk about it, rather than it being an automatic and mandatory check.

    2. Peter Gathercole Silver badge

      Re: Liquidate company to avoid paying

      In some cases, liquidating the company is the only option. If there is no chance that the finances of a company could pay fine, then the company is technically insolvent (i.e. not able to satisfy the creditors, which includes the body issuing the fine), and entering a CVA or starting insolvency proceedings is probably the correct thing to do.

      Where the problem is really, is when a company that is solvent and potentially able to pay the fine is voluntarily wound up. In cases like this, the fine should still be paid, because the ICO should be registered as creditors, and if the company is solvent, then all the creditors should be paid. My suspicion is that the directors will actually find some way of extracting money from the company before starting the insolvency proceedings, in a way that makes the company insolvent, but allows them to pocket the cash.

      There can only be a small window where a company knows that a fine is likely, and declares itself insolvent before the fine is issued, where they might get away with this, but as there is a relatively lengthy process to identify creditors, I'm not sure that this would really work.

      In cases where a potentially solvent company is voluntarily wound up as insolvent, the directors should already be liable, because actions deliberately driving a company insolvent must be at least negligence, if not corporate misconduct.

      I suspect that it is just too difficult to prosecute these cases.

      1. Anonymous Coward
        Anonymous Coward

        Re: Liquidate company to avoid paying

        In cases where a potentially solvent company is voluntarily wound up as insolvent, the directors should already be liable, because actions deliberately driving a company insolvent must be at least negligence, if not corporate misconduct.

        Most fly by night shysters make sure there's no assets or cash in the operating company because they know they may need to rush out of town at short notice. You can see this from the nominal capital in the company, and the fact that the balance sheet has no tangible assets.

        As a result it is usually the case that a dodgy outfit will become insolvent by virtue of the fine, but that's not because the money never existed, its because its being continuously syphoned out and hidden. That's why it is so important that directors and managers can be personally held accountable. Unfortunately the cretins of Westminster really don't see this as in any way important, compared to other trivia like doomed-to-failure age verification systems. The sooner we're rid of Mary Whitehouse as PM, the better.

      2. Alan Brown Silver badge

        Re: Liquidate company to avoid paying

        "My suspicion is that the directors will actually find some way of extracting money from the company before starting the insolvency proceedings, in a way that makes the company insolvent, but allows them to pocket the cash."

        Any payout like that within the previous N period (6 years?) can be clawed back by the administrator and paid out to creditors.

        The question is whether the ICO is a secured or unsecured creditor - and as they've said, making the directors personally liable for illegal behaviour would go a long way towards dissuading them from initiating the activity in the first place.

      3. Loud Speaker

        Re: Liquidate company to avoid paying

        I have been told by several accountants, on many occasions. that the law states that if a company breaks the law, then, by implication, the contract forming the limited company is broken, and therefore, liability is no longer limited: the shareholders have unlimited liability, although in proportion to their shareholding.

        If this is not the law, then it bloody well ought to be.

        IF, and ONLY IF it is in the memorandum of association (which I doubt ever happens) the shareholders can pass the liability for criminal action to the directors (as they have legal responsibility for directing what the company does), jointly and severally - meaning that if they can't get the money from some directors, they can still get it from the others - even if one director is forced to pay the whole fine/costs. And even if he resigns before the fine, if it happened on his watch, he is still liable.

        This should also be legally enforced.

        Remember, we the people consent to the creation of limited companies. We are entitled to have a say in how they behave as a condition of that consent. If your MP does not support YOUR rights over the rights of companies, then you should probably not be voting for him/her, regardless of party affiliation. Companies may be "persons" in law, but they have no votes. You might need to explain this to your MP in words of one syllable.

        I write this as the director on several companies. (I don't want to face competition from scum).

        1. Alan Brown Silver badge

          Re: Liquidate company to avoid paying

          "I have been told by several accountants, on many occasions. that the law states that if a company breaks the law, then, by implication, the contract forming the limited company is broken, and therefore, liability is no longer limited: the shareholders have unlimited liability, although in proportion to their shareholding."

          This - and whilst a limited liability company provides financial indemnification for _shareholders_, there is zero protection provided for directors or a board who take unlawful decisions - and that's by design, not accident.

          (The whole idea of limited liability companies was to encourage shareholder investment. Previously they would face massive debts if a company they invested in went under and limiting their liabilities in such an event resulted in an explosion of investments in more risky ventures.)

  4. adam payne

    According to figures released under the Freedom of Information Act, the Information Commissioner's Office has fined companies breaking data protection and marketing laws some £17.8m since 2010 – but just £9.7m has made its way into government coffers, a 54 per cent recovery rate.

    I'm actually surprised it's as much as that.

    Fined, liquidate business, walk away or more than likely setup another company with another name doing exactly the same thing.

    1. AndyS

      The comment currently directly above (from Aqua Marina) explains why this might be higher than expected - that the ICO can prevent voluntary liquidations and call in an administrator to do a proper bankruptcy. Which would result in a) fines being paid (if the company has enough value / assets), and b) banning directors from starting another company in the near future.

  5. Wolfclaw

    Wonder why the government has failed to apply new laws, too many dodogy CEO's also Tory party donaors ? Crawls back under conspiracy theory rock.

    1. Peter2 Silver badge

      If you read the comment above, it would appear that somebody pointed out to the ICO that they already have the power to prevent voluntary disolutions of companies and literially bankrupt them and also bar the director from ever holding any form of company office ever again.

      Since that is basically a more extreme set of options than they were asking for it wouldn't be unreasonable to assume that somebody thought it would be easier to explain how to use these existing powers to the ICO than putting a more relaxed set of laws through, which the nutty conspiracy theorists would then be shouting about.

      1. Alan Brown Silver badge

        "it would appear that somebody pointed out to the ICO that they already have the power to prevent voluntary disolutions of companies"

        Several somebodies.

        Over several years.

        Whilst the ICO stuck their fingers in their ears going "neener neener neener, it's tooo haaard!"

        And there are provisions in the companies act for holding company directors personally liable for illegal acts, but the problem is that the ICO can't be arsed taking it through the courts to get a precedent that sticks.

        1. Anonymous Coward
          Anonymous Coward

          "And there are provisions in the companies act for holding company directors personally liable for illegal acts, but the problem is that the ICO can't be arsed taking it through the courts to get a precedent that sticks."

          Don't know if it's laziness, or a lack of funding. Court cases are expensive (especially those that go near the High Court), and the ICO don't appear to have much money - they're having recruitment issues due to not being able to offer comparable salaries, and like most of the regulatory agencies (e.g. Trading Standards), they've had a funding squeeze of late.

  6. Christian Berger

    So where is the news here?

    Company messes up badly, company goes kaboom. That should be the norm. Unfortunately for many big companies that is not the case.

    1. Nick Ryan Silver badge

      Re: So where is the news here?

      It's not really news, it's pretty much a confirmation of facts... Dodgy companies don't care about ICO fines, they are just a risk factor to their business. When the ICO come visiting they'll drag things on as long as possible and the owners will then just close the company and start another purely to do the same thing again, just with a different company name. Until the company owners and directors are held personally accountable, this process will just repeat itself.

    2. Cuddles

      Re: So where is the news here?

      "Company messes up badly, company goes kaboom. That should be the norm."

      The problem is that there's no messing up or kaboom involved. These are fake companies set up solely to break the law, and when caught they simply cross out the name on the sign and write a new one on it instead. Sure, the law was probably written with the intent of working how you describe, and it does occasionally actually work out that way. But the majority of cases, especially the ones that fold instead of paying up, are simply criminals making use of the very well known and obvious loophole caused by the government's continued refusal to give the ICO power to actually go after them.

    3. Alan Brown Silver badge

      Re: So where is the news here?

      "Company messes up badly, company goes kaboom"

      If it ended there than that wouldn't be a story.

      The 3rd part of the saga is "company phoenxes"

  7. Anonymous Coward
    Anonymous Coward

    The requests – submitted by The Register and reader Robert Rijkhoff

    It is a FUCKING disgrace that ICO has to be ASKED to show their less than immaculate underwear. They SHOULD publish this information on the FRONT PAGE, under the "Message to our sponsors: how are we doing in figures".

    Yes, I know in reality, they blame the "legislation", and the show goes on.

  8. ZPO

    Simple solution

    Hand enforcement over to the BOFH and PFY. Problem solved.

  9. Anonymous Coward
    Anonymous Coward

    I was cold called by "A1 Green Team" recently - which is probably a phoenix job. The CLI was "international" supplemented by a UK number that was then "unobtainable".

    I obtained all the details the salesman gave me - and then pointed out the ICO could impose swingeing fines. His response was "no problem!". They believe they can get away with it.

    1. Lee D Silver badge

      Pretty much they can.

      CLI's are enforced. Faking them should be illegal. International carriers should be required to verify them at both ends or refuse the call.

      Even then, they can get 6-8 months of that going before anyone complains enough for the ICO to even notice they exist, then it can take another 6 months of "warning"/"investigation" to do anything.

      So long as you shut up shop once a year, dissolve the company and start another, you can pretty much do it in perpetuity and be paid more by doing so than you'll ever lose in actual fines taken from you before you dissolve.

      Which is why, after a certain point, it should be a criminal matter. It should also be a criminal matter if somebody is responsible for setting up so many companies which end up going bankrupt / getting dissolved, in my point of view. If you're that bad at business, you shouldn't be allowed to "start afresh" each time.

      1. Alan Brown Silver badge

        "Even then, they can get 6-8 months of that going before anyone complains enough for the ICO to even notice they exist,"

        Faking CLIs is something that gets OFCOM's attention. Make sure you complain to both.

      2. Alan Brown Silver badge

        " Faking them should be illegal."

        Faking them on marketing calls _is_ illegal.

        Terminating telcos get a cut of the call revenue so it's not in their financial interest to filter calls - the reason they've started doing so is that the routing information and originating number information (which is separate to the CLI but linked to it) is frequently being faked, meaning they don't get paid.

        It's the last three words of the preceeding paragraph which is what's goaded telcos into action over spammy calls (frequently routed via dodgy VOIP providers), rather than any regulatory prodding or sudden change of heart in the consumer interest.

        Those same outfits which make millions of marketing calls and liquidate as soon as Ofcom and the ICO track them down don't just stop at the obvious scam (what they're selling) and criminal wire fraud charges would be another way of taking them down - except the telcos can't be arsed filing complaints (They may not be getting paid, but they don't see any point in suing an entity that won't pay up)

  10. tyrfing

    Part of the low percentage though is that the fine can be reduced or eliminated through a successful appeal.

    I think that a reduced fine should count at the reduced level, not the original, since a successful appeal essentially means "We messed up before; here's the correct amount due".

    Counting the original fine in this case means the recovery rate will be lowballed.

  11. LeahroyNake

    Big business

    As an individual you can't get away with paying 80% of a speeding ticket.

    Why are the ICO fines any different.. oh it's more like a parking ticket for them.

  12. Anonymous Coward
    Anonymous Coward

    Before GDPR.......

    With the old Data Protection Act companies could be wound up and avoid paying the fine. However, with GDPR company officers are now personally liable. So if the company is wound up the named company officers can still be fined and sued. This was done to focus the mind of the company officers to ensure GDPR compliance. Now that the European Data Protection Board has come into being they are responsible for ensuring consistant application of GDPR across Europe and have the powers to enforce compliance.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like