Significant fine for parenting club Bounty following ‘unprecedented’ data breach

12 Apr 2019

Bounty Pregnancy Club has been hit with near-maximum £400,000 fine by the Information Commissioners Office (ICO) for not being “open or transparent” with people about the fact their personal data may have been passed on other organisations.

The breach related to illegally selling personal details of more than 14 million parents to credit reference and marketing agencies.

Bounty shared approximately 34.4 million records between June 2017 and April 2018 and the personal information shared included personal information about mothers-to-be and that of young children.

It could have been worse had the offence taken place after 25 May 2018 when the EU’s stricter General Data Protection Regulation came into force. However because the offences occurred before GDPR came into force, the breach was dealt with under the Data Protection Act 1998, which has a maximum fine of £500,000. The GDPR and the DPA2018 gave the ICO new strengthened powers. Since 25 May 2018, the ICO has the power to impose monetary penalty of £17million (20m Euro) or 4% of global turnover.

This serves as a warning that data protection is still a live issue and the ICO will fine companies for “unprecedented” breaches like this. It should serve as a timely reminder to companies to check their privacy policies to make sure they share as much information as possible as to who, if any, information may be shared with.  The ICO investigation reports that Bounty’s privacy notices on its website had a “reasonably clear description of the organisations they might share information with”, but that none of the four largest recipients were listed.

Please contact us if you need advice on your privacy policy or anything to do with GDPR.

Further reading

CMA fines pharmaceutical company more than £100m

Blog
02/08/2021
Drug pricing policies under scrutiny as CMA comes down hard on inflated prices and supernormal profits
Read more Read

5 data protection changes to be aware of

Blog
02/08/2021
Commercial law specialist Liz Gillingham provides a summary of recent developments in data protection law
Read more Read

Destination: office?

Blog, News & PR
29/07/2021
Emily Wood considers the results of our recent survey and the implications for the future of the post-pandemic workplace
Read more Read

Commercial lease renewals and pandemic clauses

Blog
28/07/2021
Will commercial reality trump the law when leases are up for renewal? Property expert James Picknell takes a look
Read more Read
  • Brighton Office

    1 Jubilee Street

    Brighton

    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street

    Crawley

    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road

    Guildford

    Surrey

    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax

    Horsham

    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane

    London

    EC4A 3BF

  • Get in touch