Information Commissioner's OfficeEnforcements Actioned
ICO is responsible for taking action to ensure organisations meet their information rights obligations. See the latest actions ICO has enforced.
Kim Doyle and William Shaw
14 January 2021
A motor industry employee has been prosecuted for passing the personal information of service users to an accident claims management firm without authorisation.
Kim Doyle, of Village Lane, Higher Whitley, pleaded guilty to charges of conspiracy to secure unauthorised access to computer data, and to selling unlawfully obtained personal data. She was sentenced at Manchester Crown Court on 8 January 2021 to eight months’ imprisonment, suspended for two years.
Doyle unlawfully compiled lists of road traffic accident data including partial names, mobile phone numbers and registration numbers despite having no permission from her employers. Doyle then unlawfully transferred the data she obtained to William Shaw, the director of an accident claims management firm.
William Shaw, of Flixton Road, Urmston, was also sentenced to eight months’ imprisonment, suspended for two years after pleading guilty to conspiracy to secure unauthorised access to computer data.
Doyle and Shaw were also each ordered to carry out 100 hours’ unpaid work and contribute £1,000 costs.
A Confiscation Order, under the Proceeds of Crimes Act, to recover benefit obtained as a result of the offending had been given by the Court in which Doyle must pay a benefit figure of £25,000 and Shaw must pay a benefit figure of £15,000. Both Doyle and Shaw will face three months’ imprisonment if the benefit figures are not paid within three months.
Pownall Marketing Limited
16 December 2020
The Information Commissioner’s Office (ICO) Financial Recovery Unit (FRU) is starting proceedings to retrieve £250,000 from defunct company Pownall Marketing Limited (PML). The company was recently fined by the ICO for making over 350,000 nuisance calls.
Between 1 January 2019 and 28 May 2019 Pownall Marketing Limited used a public electronic communications service for the purpose of making 365,369 unsolicited calls for direct marketing purposes to subscribers in relation to claims management services, resulting in 63 complaints.
Pension House Exchange Limited
09 December 2020
The Information Commissioner’s Office (ICO) has fined Pension House Exchange Limited has been fined £45,000 for making 39,722 connected unsolicited calls for the purposes of direct marketing in relation to occupational pension schemes or personal pension schemes contrary to regulation 21B of PECR.
OSL Financial Consultancy Limited
04 December 2020
The Information Commissioner’s Office (ICO) has fined OSL Financial Consultancy Limited (OSL) £50,000 for illegally sending 174,342 nuisance marketing texts.
The Barnetby based mortgage and loans broker, trading as MortgageKey, came to the attention of the ICO as part of its probe into companies seeking to take advantage of the Covid-19 pandemic with nuisance marketing. Between March and June 2020, the ICO identified a number of complaints about OSL that had been sent to the 7726 spam text reporting service.
Ticketmaster UK Limited
13 November 2020
The ICO has fined Ticketmaster UK Limited £1.25 million for failing to protect customers’ payment details.
Marriott International Inc
30th October 2020
The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure.
Marriott estimates that 339 million guest records worldwide were affected following a cyber-attack in 2014 on Starwood Hotels and Resorts Worldwide Inc. The attack, from an unknown source, remained undetected until September 2018, by which time the company had been acquired by Marriott.
Reliance Advisory Limited
29th October 2020
The Information Commissioner’s Office (ICO) has fined Reliance Advisory Limited (RAL) £250,000 for breaking electronic marketing law. The ICO found that over a six month period from the start of 2019, the Bury-based company RAL made 15.1 million calls in relation to claims management services such as mis-sold PPI. All of the calls, of which 1.1 million connected, were made to people who had not consented to receive them.
27th October 2020
The Information Commissioner’s Office (ICO) orders Experian Limited to make fundamental changes to how it handles people’s personal data within its direct marketing services.
16th October 2020
The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.
Digital Growth Experts Limited
24th September 2020
The Information Commissioner’s Office (ICO) has fined Digital Growth Experts Limited (DGEL) £60,000 for sending thousands of nuisance marketing texts at the height of the pandemic.
CPS Advisory Limited
10th September 2020
Swansea company CPS Advisory Ltd was fined £130,000 for making more than 100,000 unauthorised direct marketing calls to people about their pensions.
Decision Technologies Limited
2nd July 2020
Price comparison and technology company fined £90,000 for a contravention of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Black Lion Marketing Ltd
27th March 2020
Black Lion Marketing Ltd fined £171,000 for making unsolicited direct marketing calls.
4th March 2020
Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data. Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed.
2nd March 2020
CRDNN Limited fined with the maximum £500,000 fine for making more than 193 million automated nuisance calls.
DSG Retail Ltd
9th January 2020
The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.
Doorstep Dispensaree Ltd
20th December 2019
The Information Commissioner’s Office (ICO) has fined a London-based pharmacy £275,000 for failing to ensure the security of special category data. Doorstep Dispensaree Ltd, which supplies medicines to customers and care homes, left approximately 500,000 documents in unlocked containers at the back of its premises in Edgware. The documents included names, addresses, dates of birth, NHS numbers, medical information and prescriptions belonging to an unknown number of people.
Superior Style Home Improvements Ltd
17th September 2019
Superior Style Home Improvements Ltd issued with enforcement notice after making unsolicited marketing calls to individuals registered with the TPS to try and generate UPVC installation leads.
Hudson Bay Finance Ltd
12th August 2019
Hudson Bay Finance Ltd issued with an enforcement notice for failing to respond to a subject access request.
Making it Easy Ltd
2nd August 2019
Making it Easy Ltd has been fined £160,000 by the Information Commissioner’s Office (ICO) for making spam calls to people registered with the Telephone Preference Service (TPS). The ICO has also issued an enforcement notice to Making it Easy Ltd ordering it to stop its illegal marketing activity.
Life at Parliament View Limited
19th July 2019
Life at Parliament View Ltd fined £80,000 for leaving 18,610 customers’ personal data exposed for almost two years.
British Airways – Latest News
8th July 2019
British Airways could face a fine of £183 million as a result of a data breach that was disclosed by the airline on 6th September 2018.
Metropolitan Police Service
25th June 2019
Enforcement notices served under the 1998 and 2018 Data Protection Acts for sustained failures to comply with individuals’ rights in respect of subject access requests.
Her Majesty’s Revenue and Customs
10th May 2019
Her Majesty’s Revenue and Customs (HMRC) issued with an enforcement notice for failing to get adequate consent to collect callers’ personal data.
True Visions Productions
10th April 2019
ICO fines television company £120,000 for unfair and unlawful filming in maternity clinic.
05th April 2019
A former GP practice manager has been fined for sending personal data to her own email account without authorisation, following an investigation by the Information Commissioner’s Office (ICO).
London Borough of Newham
04th April 2019
The Information Commissioner’s Office (ICO) has fined the London Borough of Newham £145,000 for disclosing the personal information of more than 200 people who featured on a police intelligence database.
Grove Pension Solutions Limited
26th March 2019
A Kent pensions company which relied on ‘misleading’ professional advice has been fined £40,000 by the Information Commissioner’s Office for being responsible for sending nearly two million direct marketing emails without consent.
Vote Leave Limited
19th March 2019
The Information Commissioner’s Office (ICO) has fined Vote Leave Limited £40,000 for sending out thousands of unsolicited text messages in the run-up to the 2016 EU referendum.
15th March 2019
A former administration assistant at a used car dealership has been prosecuted for unlawfully obtaining the personal data of customers and other employees.
15th March 2019
A former administrator at Heart of England NHS Foundation Trust (HEFT) has been prosecuted for accessing medical records without authorisation.
For more information and the latest news from ICO visit www.ico.org.uk