ICO fines pensions company £40,000 for spamming citizens with 2m emails

ICO fines pensions company £40,000 for spamming citizens with 2m emails

ICO fines pensions company £40,000 for spamming citizens with 2m emails

In a reminder to organisations that contacting customers without obtaining their consent or spamming them with promotional offers could attract regulatory fines, the Information Commissioner’s Office has fined a Kent pensions company £40,000 for sending nearly two million direct marketing emails without consent.

These emails were sent by Grove Pensions Solutions Ltd between 31 October 2016 and 31 October 2017 using third party email providers to advertise its services. Since the promotional emails were targeted at customers who did not consent to receive such emails, the ICO fined the company under the Privacy and Electronic Communications Regulations (PECR) that authorises it to impose a monetary penalty of up to £500,000.

Pensions company received incorrect data protection advise

According to the ICO, the fine has been imposed even though Grove Pensions Solutions Ltd did, in fact, seek advise from a data protection consultancy as well as independent legal advice about the use of hosted marketing for promotional activities. However, the the advice proved to be inaccurate and resulted in the company breaching data protection laws.

“We acknowledge that Grove Pension Solutions Ltd took steps to check that their marketing activity was within the law, but received misleading advice. However, ultimately, they are responsible for ensuring they comply with the law and they were in breach of it. The ICO is here to provide businesses with guidance about electronic marketing and data protection, free of charge. The company could have contacted us and avoided this fine,” Andy White, Director of Investigations and Intelligence at the ICO.

“The law says that organisations cannot generally send marketing emails unless the recipient has given them their consent to receive them. This applies equally to organisations using third parties to send direct marketing on their behalf,” ICO added.

Organisations must contact the ICO or NCSC for data protection advise

This should serve as a lesson for organisations that are seeking advise from unofficial and third-party data consultancy firms and activists rather than from official forums such as the ICO, Cyber Aware or the National Cyber Security Centre.

Earlier this month, the National Cyber Security Centre launched a redesigned website to make cyber security as simple to understand for lay businesses as possible, ensuring that businesses don’t get confused by the prevailing cyber security jargon and can access relevant information quickly using the new sections on the website.

The redesigned NCSC website features various sections catering to the specific needs of businesses of all sizes, features multi-page articles for complex topics and an alert banner on the homepage with important advice and guidance during live cyber security incidents.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]