Case Studies

Data fine for trader

by Mark Rowe

Companies selling marketing lists are breaking the law if people haven’t been told how their information will be used, according to the data protection watchdog, the Information Commissioner’s Office (ICO). It has fined a Birmingham company £20,000 for unlawfully trading personal information.

The ICO found The Data Supply Company had sold more than 580,000 records containing people’s details. This resulted in 21,000 spam texts being sent by the firm who bought the information.

Steve Eckersley, ICO Head of Enforcement, said: “The unlawful trade in personal data leads directly to the sending of spam texts and the making of nuisance calls. The people whose details were traded by this company would have been unaware of who they would be passed on to. That’s unacceptable. Whether your company is collecting, using, buying or selling people’s personal information, it must be clear and open with them about what it plans to do with their details. Fail to do so and your firm is breaking the law and risking a hefty fine.”

The Data Supply Company Ltd was a data broker which bought people’s details from various sources before selling them on to other companies for marketing. One place the firm acquired personal information from was other firms’ websites, where many of the privacy notices were too general and unspecific to comply with the law. For example, one read: “We may share your information with carefully selected third parties where they are offering products or services that we believe will be of interest to you.”

The company has told the ICO it is no longer trading in personal data. The regulator has previously fined the firm which sent the spam text messages using contact details it bought from The Data Supply Company.

Related News

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing