On 8 July 2026, the ICO fined Thermotech Wall and Loft Surveys Ltd £240,000 and Jacksons Marketing Ltd £130,000 after both companies made hundreds of thousands of unlawful live marketing calls to numbers registered with the Telephone Preference Service. The linked director Thomas Vickrage, from Bournemouth, was a director of TWLS and suspected of directing JML’s activities. Both firms also received enforcement notices ordering them to stop marketing calls without consent.
This is a PECR enforcement case, not a data breach fine. The ICO’s focus is on bought-in call lists, TPS screening, scripted sales tactics, and the evidence that operators knew the numbers were protected. Compliance and marketing leads should read it as a supplier-oversight warning, especially if outbound dialling is outsourced.
What Thermotech Wall and Loft Surveys did
Over six months, TWLS made 575,000 calls to TPS-registered numbers about loft insulation, home surveys and government grants. The TWLS monetary penalty notice, dated 28 May 2026, records that the company used Avatar “robo-call” software through overseas call centres. Callers sounded British, but the lines were scripted recordings played by agents abroad. Recipients were often told the caller was from a “community protection project”.
Complaints described daily repeat calls that continued after explicit requests to stop. One pensioner wrote: “I am a vulnerable pensioner… please stop.” Another said: “Calls scare me.” A disabled older woman reported that insulation sales calls on her landline frightened her enough to avoid answering her own phone.
The ICO’s investigation uncovered WhatsApp messages between Vickrage and an overseas call centre. In one exchange, an agent asked whether to use TPS data until complaints arrived and then close the company. Vickrage replied: “Yeah but new company no complaints.” Another message read: “Haha it’s a good way to keep the money rolling for everyone.” That is direct evidence of deliberate TPS disregard and phoenix-company planning, not a one-off screening mistake.
What Jacksons Marketing did
Over 11 months, JML made more than 230,000 calls to TPS-registered numbers on the same home-improvement themes. The JML monetary penalty notice, dated 12 March 2026, says callers falsely suggested existing loft insulation could be hazardous and that the government had passed on recipients’ details for a grant scheme. Neither claim was true.
Complaints described fear-mongering about “dangerous fibreglass insulation” and pressure to book a surveyor to measure heat loss. One recipient said the caller claimed a government grant was available but could not point to any real scheme. Information Commissioner John Edwards called these tactics “deeply manipulative” in the ICO news release.
The PECR rules that were broken
Regulation 21 PECR says you must not make unsolicited live direct marketing calls to a subscriber who has told you they do not want calls, or whose number is on the TPS. The ICO’s live marketing calls guidance treats TPS-listed numbers as off-limits unless the subscriber has given you specific permission to call. Screening is not optional. It must happen before dialling, and you need records that prove it.
Automated marketing calls face tighter rules again. Consent must be freely given, specific and informed, and given directly to the caller. The pattern in recent home-improvement cases is the same: weak list provenance, aggressive scripts, and dialling that carries on after objections. Our write-up on the Home Improvement Marketing Ltd penalty covers the automated-call side. The Energy Prices Direct fine from May 2026 shows the same failure on live calls to TPS numbers.
What managers should do now
Start with list provenance. For every outbound campaign, your team should document where each number came from, when it was screened against TPS, and what lawful basis supports the call. If a supplier cannot show that chain, stop using the list. The TWLS WhatsApp messages show what happens when screening is treated as a cost to dodge rather than a legal requirement.
- Block Avatar and robo-call campaigns to TPS numbers unless you hold specific subscriber consent for your business.
- Audit overseas call-centre contracts for TPS screening clauses, breach triggers and termination rights.
- Review scripts for false government-grant claims and health-scare language. Both are enforcement red flags.
- Log and honour objections on the same day. Repeat calls after a stop request were a major factor in both penalties.
Marketing teams that run phone campaigns need PECR training that covers TPS rules, supplier oversight and script review, not just GDPR privacy basics. The PECR for Marketers course walks UK teams through the live-call, email and cookie rules in one place.
