Leave.EU and the Arron Banks insurance firm have been fined £120,000 for data breaches that happened during the EU referendum.
The information commissioner has officially launched an audit into Leave.EU which is owned by the campaign’s key financial backer, Arron Banks. His two organisations, Leave.EU and his insurance company, were fined for data protection violations during the EU referendum campaign.
What happened in the breach?
Leave.EU was fined £15,000 for using Eldon Insurance customers’ details unlawfully to send almost 300,000 political marketing messages, and then a further £45,000 for its part in sending an Eldon marketing campaign to political subscribers.
1 million emails were sent during the referendum campaign to subscribers. These emails contained a banner that was advertising 10% off insurance at the Eldon brand, GoSkippy. More seriously, it then sent almost 50,000 emails out after the referendum that were titled “Skippy Saves the Day” which offered readers a similar 10% discount. The ICO found that this campaign negligently disobeyed electronic marketing regulations in doing so.
What happens now?
Elizabeth Denham, the commissioner, adds: “It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes, and vice versa. It should never have happened. We have been told both organisations have made improvements and learned from these events. But the ICO will now audit the organisations to determine how they are using customers’ personal information.”
The full audit will look for evidence of whether the two companies followed data protection guidelines or not, exploring how they processed personal information, how they trained staff and what policies and procedures they had in place at the time. The results of this audit will be made public, and could mean more bad news for the companies and their reputation.
If you’re worried about your data protection legislation, we offer a wide range of data protection training, consulting and auditing services that can help you protect your company and your reputation from this kind of damage. Contact us on 01673 885533 for more information and we’ll be happy to help.
Sign up to our eBulletin for the latest developments in data protection, information governance and compliance.
Limited places left for our Level 2 Foundation Course in Data Protection in Liverpool (7th March 2019)
On our Level 2 course, you will learn about lawful bases for processing, the 6 Data Protection Principles in detail, GDPR notions and understand the reasons for good governance and the major potholes and pitfalls to watch out for.
Our trainers are experienced professionals, enthusiastic, passionate and on a mission to make Data Protection accessible, enjoyable and as fun to learn as physically possible.