Updated: Apr 13, 2020
The source of this article is the ICO Blog and was dated January 2017 before GDPR came in to affect and therefore these fines were representative of the time.
Organizations selling marketing records are breaking the law if individuals haven’t been told how their data will be utilized.
That is the notice from the Information Commissioner’s Office (ICO) as it fined a Birmingham organization £20,000 for unlawfully exchanging individual personal data.
An ICO examination found The Data Supply Company had sold in excess of 580,000 records containing individuals’ details. This brought about 21,000 spam texts being sent by the firm who purchased the data.
Steve Eckersley, ICO Head of Enforcement, stated:
“The unlawful trade in personal data leads directly to the sending of spam texts and the making of nuisance calls. The people whose details were traded by this company would have been unaware of who they would be passed on to. That’s unacceptable.
“Whether your company is collecting, using, buying or selling people’s personal information, it must be clear and open with them about what it plans to do with their details. Fail to do so and your firm is breaking the law and risking a hefty fine.”
The Data Supply Company Ltd was an information dealer which purchased individuals’ details from different sources before selling them on to different organizations for advertising.
One of the spots the firm procured individual data from was other firms’ sites, where huge numbers of the privacy notification were excessively broad and vague to agree to the law. For instance, one read: “We may share your information with carefully selected third parties where they are offering products or services that we believe will be of interest to you.”
The organization has told the ICO it is no longer exchanging personal information. The ICO fined the firm which sent the spam instant messages utilizing contact details it purchased from The Data Supply Company.