Significant fine for parenting club Bounty following ‘unprecedented’ data breach

12 Apr 2019

Bounty Pregnancy Club has been hit with near-maximum £400,000 fine by the Information Commissioners Office (ICO) for not being “open or transparent” with people about the fact their personal data may have been passed on other organisations.

The breach related to illegally selling personal details of more than 14 million parents to credit reference and marketing agencies.

Bounty shared approximately 34.4 million records between June 2017 and April 2018 and the personal information shared included personal information about mothers-to-be and that of young children.

It could have been worse had the offence taken place after 25 May 2018 when the EU’s stricter General Data Protection Regulation came into force. However because the offences occurred before GDPR came into force, the breach was dealt with under the Data Protection Act 1998, which has a maximum fine of £500,000. The GDPR and the DPA2018 gave the ICO new strengthened powers. Since 25 May 2018, the ICO has the power to impose monetary penalty of £17million (20m Euro) or 4% of global turnover.

This serves as a warning that data protection is still a live issue and the ICO will fine companies for “unprecedented” breaches like this. It should serve as a timely reminder to companies to check their privacy policies to make sure they share as much information as possible as to who, if any, information may be shared with.  The ICO investigation reports that Bounty’s privacy notices on its website had a “reasonably clear description of the organisations they might share information with”, but that none of the four largest recipients were listed.

Please contact us if you need advice on your privacy policy or anything to do with GDPR.

Further reading

CMA fines pharmaceutical company more than £100m

Drug pricing policies under scrutiny as CMA comes down hard on inflated prices and supernormal profits
Read more Read

5 data protection changes to be aware of

Commercial law specialist Liz Gillingham provides a summary of recent developments in data protection law
Read more Read

Destination: office?

Blog, News & PR
Emily Wood considers the results of our recent survey and the implications for the future of the post-pandemic workplace
Read more Read

Commercial lease renewals and pandemic clauses

Will commercial reality trump the law when leases are up for renewal? Property expert James Picknell takes a look
Read more Read
  • Brighton Office

    1 Jubilee Street


    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street


    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road



    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax


    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane


    EC4A 3BF

  • Get in touch