Director of nuisance-calls company ordered to cough up £114k after ignoring £40k fine from UK data watchdog

Cost of enforcing IT Protect Ltd's initial penalty more than treble its value... no money yet collected

A director of a company fined £40,000 by the Information Commissioner's Office has himself been ordered to pay out more than £100,000 as part of a long-running collection saga.

When the ICO handed IT Protect Ltd a "monetary penalty notice" back in 2017 for making nuisance sales phone calls, it appears few were expecting the chain of events set off by the fine.

Insolvency and Companies Court Judge Sally Barber ordered Warren Pye to repay a total of £114,508, revealing in a detailed judgment handed down on 25 September how Bognor Regis-based IT Protect Ltd simply ignored its 2017 fine and continued funnelling cash to its director, his partner, and his brother even after the ICO secured a winding-up order against the firm.

IT Protect was set up in 2013 by Pye, described by the judge as "a bricklayer who left school at 16", after his brother Steven Montague "had a good idea for a new business". Montague's plan was to buy lists of phone numbers and, ironically, ring them to sell call-blocking devices. He asked Pye to be the new company's registered director because of his own "bad credit history".

People receiving those calls complained – with many telling the ICO they were registered with the Telephone Preference Service, which is supposed to filter out unsolicited calls. After 157 complaints were registered against IT Protect between April 2015 and May 2016, with 69 of those being ignored when regulators forwarded them to IT Protect, the ICO stepped in and issued its £40,000 fine in January 2017.

IT Protect appealed against the fine, issued under the EU-derived Privacy and Electronic Communications Regulations, and lost. By March 2017 it had ceased trading, though cash continued to flow into its bank account until November. At the end of that month the ICO served a winding-up petition against IT Protect, which was successful. The company then entered liquidation.

"At the date of winding up, the Company had nil known assets and its only creditor was the ICO, owed £40,000," said Judge Barber, noting that when the winding-up was completed in February 2018 "all [other] creditors of the Company (including employees) had been paid except the ICO".

Clawing back the cash

In an email shown to the court, IT Protect directors – Pye, Montague, and his sister Dawn – told the liquidators: "The ICO penalty was not paid due to having to pay other creditors including hmrc and as far as we where [sic] concerned this was completely unjust! As all information was sent to them."

Meanwhile, £22,240 was withdrawn in cash from IT Protect's bank account between February and December 2017. Pye was "sole signatory of the Company's bank account", as the judge found. A further £41,668.50 was paid out to various other people and companies, including £3,700 on "bakery/catering equipment" (Dawn Montague worked in "catering"), and £8,682 in "extra salary payments" after IT Protect ceased trading.

As all this money was flowing out, the ICO's liquidators were racking up bills. A progress report filed with Companies House in May this year revealed accounting firm Mazars LLP had run up costs of £40,050.50 while Chiron Recovery Ltd ran up "time costs" of £45,742.75.

The total cost of the liquidation between FY2018/19 and FY2019/20 was given as £137,980.95. IT Protect's £40,000 fine has therefore cost more than three times its value to enforce – and so far not a penny has been recovered towards the fine.

In the winding-up report, dated May and covering the period to March 2020, Mazars' Adam Harris wrote that "the outcome for creditors is currently uncertain and so I am unable to estimate the likely return". The ICO is an unsecured creditor of IT Protect Ltd.

Doing the right thing – at what cost?

An ICO spokeswoman told The Register: "It is important that we rigorously pursue payment of our monetary penalty notices to ensure we protect the public from individuals and companies who repeatedly break the rules. In taking this action we are ensuring that non-compliant directors are disrupted and obstructed from further non-compliance with the legislation."

The data regulator declined to answer our questions about who would be paying the bills for the liquidation, though it did point us to its Regulatory Action Policy (PDF), which says:

...where a company seeks to avoid a financial penalty through complex liability structures or by dissolution, we will pursue matters via winding-up orders or by referral to the Insolvency Service. We have achieved success in obtaining disqualification of directors and winding-up orders to disrupt those who repeatedly break the rules, and we will expand our work in this area.

Warren Pye has been disqualified from acting as a company director until 2025. Dawn Montague was found by the High Court not to have acted as a de facto director of IT Protect, in the same case where Pye was ordered to pay £114,000. Steven Montague, Judge Barber said, "suffered from alcoholism and mental health problems" and was in "too fragile a state to give evidence" to the court.

While the ICO's actions are correct – people who set out to break the law shouldn't go unpunished or be able to evade the consequences of their actions – the high cost of pursuing IT Protect may raise eyebrows among fans of strong enforcement. ®

Similar topics

Other stories you might like

  • US won’t prosecute ‘good faith’ security researchers under CFAA
    Well, that clears things up? Maybe not.

    The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

    Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

    Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

    Continue reading
  • Intel plans immersion lab to chill its power-hungry chips
    AI chips are sucking down 600W+ and the solution could be to drown them.

    Intel this week unveiled a $700 million sustainability initiative to try innovative liquid and immersion cooling technologies to the datacenter.

    The project will see Intel construct a 200,000-square-foot "mega lab" approximately 20 miles west of Portland at its Hillsboro campus, where the chipmaker will qualify, test, and demo its expansive — and power hungry — datacenter portfolio using a variety of cooling tech.

    Alongside the lab, the x86 giant unveiled an open reference design for immersion cooling systems for its chips that is being developed by Intel Taiwan. The chip giant is hoping to bring other Taiwanese manufacturers into the fold and it'll then be rolled out globally.

    Continue reading
  • US recovers a record $15m from the 3ve ad-fraud crew
    Swiss banks cough up around half of the proceeds of crime

    The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

    "This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

    The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

    Continue reading

Biting the hand that feeds IT © 1998–2022