Huge fine for careless data sharing and mishandling
Making the headlines for data mishandling this week is Bounty UK, a pregnancy club who has been given a £400,000 fine for illegally sharing the personal information of more than 14 million people.
Being called an “unprecedented” case by the Information Commissioner’s Office (ICO) who issued the fine, they discovered that Bounty had compiled personal data without telling users that it was being shared with 39 other organisations.
How did Bounty UK break the 1998 Data Protection Act?
The Bounty pregnancy and parenting club offers free samples to its users, as well as vouchers and guides to prospective and new parents. These are sent to customers via packs given out in hospitals or sent directly to people who use its apps.
While many customers knew Bounty as a pregnancy club, not many knew that it was also a data broker that was supplying their information to third parties.
By doing this, Bounty was not being “open and transparent” with people about what was being done with their personal data, therefore breaching the 1998 Data Protection Act.
What data was carelessly shared?
Bounty shared 34.3 million records from June 2017 to April 2018 with 39 different organisations, including large marketing agencies Acxiom, Equifax and Indicia.
What made this case particularly troublesome is that data shared was that of particularly vulnerable people, including new mothers and very young children.
What has Bounty done since to protect users?
Bounty has since changed its data-handling policies and now keeps fewer records for less time. The company has also ended relationships with all data brokers, as well as trained its staff to handle data in a way that complies with the latest legislation.
Are you worried about your data handling?
Our data protection, GDPR and compliance audits identify risks before they become a problem.
Using simple green, amber and red traffic light flagging system, we swiftly advise our customers which areas of their organisation are safe, which require attention, and which may get them into trouble.
If you could benefit from talking to data protection specialists like ourselves, then talk to us today on 01673 885533 or email us at [email protected] today.