The Information Commissioners Office (ICO) has announced that it has fined Liverpool based firm, Holmes Financial Solutions, £300k for failing to make adequate checks that they had permission to contact individuals.

The firm made 8.7 million nuisance calls to individuals and paid “no heed” to telephone marketing laws or the impact their calls were having on the recipients.

In fact, it was established that the DXI dialling system that Holmes Financial Services operated, actually made 26.5 million automated direct marketing calls in a period of just 9 months!

The Privacy & Electronic Communications Regulations are clear, marketing calls of this nature should only be made to people who have previously given the caller express consent to be contacted.

Holmes Financial Solutions failed to make “rigorous checks” to ensure that the purchased data was obtained lawfully and with the appropriate consent, instead relying on verbal assurances that consent had been given.

What impact does this have on the legal sector?

Firms who rely upon the expertise of a Claims Management Company (CMC) to market on their behalf will be well versed with the assurances that the data is “clean” and “everyone on the list has opted into being contacted”.

CMC’s have an obligation to provide evidence to support their assurances that people contacted from data lists have expressly consented to be marketed. The ICO is clear about what their idea of due diligence looks like and it appears markedly different to that verbal assurance that proof of consent can be provided if required!

In the Monetary Penalty Notice dated 29th January 2018 the ICO stated, “Due Diligence might, for example, include checking the following:

  • How and when was consent obtained?
  • Who obtained it and in what context?
  • What method was used – eg was it opt-in or opt-out?
  • Was the information provided clear and intelligible? How was it provided – eg behind a link, in a footnote, in a pop-up box, in a clear statement next to the opt-in box?
  • Did it specifically mention texts, emails or automated calls?
  • Did it list organisations by name, by description, or was the consent for disclosure to any third party?
  • Is the seller a member of a professional body or accredited in some way?“


If a CMC is unable to demonstrate that their level of due diligence extends this far, it may be time to question whether there could be implications for law firms who are instructing them.

Whilst there is no mention of any further party being involved in the investigation further down the food chain, in the Holmes matter, if an instructed CMC is found to be operating outside of the regulations it seems entirely plausible that it will have an impact on clients obtained as a result of any marketing initiative that they have performed for a firm.

To read the ICO’s considerations and findings in relation to the Holmes Financial Solutions matter,