Information Commissioner's Office

Enforcements Actioned

 

ICO is responsible for taking action to ensure organisations meet their information rights obligations. See the latest actions ICO has enforced.

Kim Doyle and William Shaw

14 January 2021

A motor industry employee has been prosecuted for passing the personal information of service users to an accident claims management firm without authorisation.

Kim Doyle, of Village Lane, Higher Whitley, pleaded guilty to charges of conspiracy to secure unauthorised access to computer data, and to selling unlawfully obtained personal data. She was sentenced at Manchester Crown Court on 8 January 2021 to eight months’ imprisonment, suspended for two years.

Doyle unlawfully compiled lists of road traffic accident data including partial names, mobile phone numbers and registration numbers despite having no permission from her employers. Doyle then unlawfully transferred the data she obtained to William Shaw, the director of an accident claims management firm.

William Shaw, of Flixton Road, Urmston, was also sentenced to eight months’ imprisonment, suspended for two years after pleading guilty to conspiracy to secure unauthorised access to computer data.

Doyle and Shaw were also each ordered to carry out 100 hours’ unpaid work and contribute £1,000 costs.

A Confiscation Order, under the Proceeds of Crimes Act, to recover benefit obtained as a result of the offending had been given by the Court in which Doyle must pay a benefit figure of £25,000 and Shaw must pay a benefit figure of £15,000. Both Doyle and Shaw will face three months’ imprisonment if the benefit figures are not paid within three months.

Pownall Marketing Limited

16 December 2020

The Information Commissioner’s Office (ICO) Financial Recovery Unit (FRU) is starting proceedings to retrieve £250,000 from defunct company Pownall Marketing Limited (PML). The company was recently fined by the ICO for making over 350,000 nuisance calls.

Between 1 January 2019 and 28 May 2019 Pownall Marketing Limited used a public electronic communications service for the purpose of making 365,369 unsolicited calls for direct marketing purposes to subscribers in relation to claims management services, resulting in 63 complaints.

Pension House Exchange Limited

09 December 2020

The Information Commissioner’s Office (ICO) has fined Pension House Exchange Limited has been fined £45,000 for making 39,722 connected unsolicited calls for the purposes of direct marketing in relation to occupational pension schemes or personal pension schemes contrary to regulation 21B of PECR.

OSL Financial Consultancy Limited

04 December 2020

The Information Commissioner’s Office (ICO) has fined OSL Financial Consultancy Limited (OSL) £50,000 for illegally sending 174,342 nuisance marketing texts.

The Barnetby based mortgage and loans broker, trading as MortgageKey, came to the attention of the ICO as part of its probe into companies seeking to take advantage of the Covid-19 pandemic with nuisance marketing. Between March and June 2020, the ICO identified a number of complaints about OSL that had been sent to the 7726 spam text reporting service.

Ticketmaster UK Limited

13 November 2020

The ICO has fined Ticketmaster UK Limited £1.25 million for failing to protect customers’ payment details.

Marriott International Inc

30th October 2020

The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure.
Marriott estimates that 339 million guest records worldwide were affected following a cyber-attack in 2014 on Starwood Hotels and Resorts Worldwide Inc. The attack, from an unknown source, remained undetected until September 2018, by which time the company had been acquired by Marriott.

Reliance Advisory Limited

29th October 2020

The Information Commissioner’s Office (ICO) has fined Reliance Advisory Limited (RAL) £250,000 for breaking electronic marketing law. The ICO found that over a six month period from the start of 2019, the Bury-based company RAL made 15.1 million calls in relation to claims management services such as mis-sold PPI. All of the calls, of which 1.1 million connected, were made to people who had not consented to receive them.

Experian Limited

27th October 2020

The Information Commissioner’s Office (ICO) orders Experian Limited to make fundamental changes to how it handles people’s personal data within its direct marketing services.

British Airways

16th October 2020

The Information Commissioner’s Office (ICO) has fined British Airways (BA) £20m for failing to protect the personal and financial details of more than 400,000 of its customers.

Digital Growth Experts Limited

24th September 2020

The Information Commissioner’s Office (ICO) has fined Digital Growth Experts Limited (DGEL) £60,000 for sending thousands of nuisance marketing texts at the height of the pandemic.

CPS Advisory Limited

10th September 2020

Swansea company CPS Advisory Ltd was fined £130,000 for making more than 100,000 unauthorised direct marketing calls to people about their pensions.

Decision Technologies Limited

2nd July 2020

Price comparison and technology company fined £90,000 for a contravention of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Black Lion Marketing Ltd

27th March 2020

Black Lion Marketing Ltd fined £171,000 for making unsolicited direct marketing calls.

Cathay Pacific

4th March 2020

Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data. Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed.

CRDNN Limited

2nd March 2020

CRDNN Limited fined with the maximum £500,000 fine for making more than 193 million automated nuisance calls.

DSG Retail Ltd

9th January 2020

The Information Commissioner’s Office (ICO) has fined DSG Retail Limited (DSG) £500,000 after a ‘point of sale’ computer system was compromised as a result of a cyber-attack, affecting at least 14 million people.

Doorstep Dispensaree Ltd

20th December 2019

The Information Commissioner’s Office (ICO) has fined a London-based pharmacy £275,000 for failing to ensure the security of special category data. Doorstep Dispensaree Ltd, which supplies medicines to customers and care homes, left approximately 500,000 documents in unlocked containers at the back of its premises in Edgware. The documents included names, addresses, dates of birth, NHS numbers, medical information and prescriptions belonging to an unknown number of people.

Superior Style Home Improvements Ltd

17th September 2019

Superior Style Home Improvements Ltd issued with enforcement notice after making unsolicited marketing calls to individuals registered with the TPS to try and generate UPVC installation leads.

Hudson Bay Finance Ltd

12th August 2019

Hudson Bay Finance Ltd issued with an enforcement notice for failing to respond to a subject access request.

Making it Easy Ltd

2nd August 2019

Making it Easy Ltd has been fined £160,000 by the Information Commissioner’s Office (ICO) for making spam calls to people registered with the Telephone Preference Service (TPS). The ICO has also issued an enforcement notice to Making it Easy Ltd ordering it to stop its illegal marketing activity.

Life at Parliament View Limited

19th July 2019

Life at Parliament View Ltd fined £80,000 for leaving 18,610 customers’ personal data exposed for almost two years.

British Airways – Latest News

8th July 2019

British Airways could face a fine of £183 million as a result of a data breach that was disclosed by the airline on 6th September 2018.

Metropolitan Police Service

25th June 2019

Enforcement notices served under the 1998 and 2018 Data Protection Acts for sustained failures to comply with individuals’ rights in respect of subject access requests.

Her Majesty’s Revenue and Customs

10th May 2019

Her Majesty’s Revenue and Customs (HMRC) issued with an enforcement notice for failing to get adequate consent to collect callers’ personal data.

True Visions Productions

10th April 2019

ICO fines television company £120,000 for unfair and unlawful filming in maternity clinic.

Shamim Sadiq

05th April 2019

A former GP practice manager has been fined for sending personal data to her own email account without authorisation, following an investigation by the Information Commissioner’s Office (ICO).

London Borough of Newham

04th April 2019

The Information Commissioner’s Office (ICO) has fined the London Borough of Newham £145,000 for disclosing the personal information of more than 200 people who featured on a police intelligence database.  

Grove Pension Solutions Limited

26th March 2019

A Kent pensions company which relied on ‘misleading’ professional advice has been fined £40,000 by the Information Commissioner’s Office for being responsible for sending nearly two million direct marketing emails without consent.

Vote Leave Limited

19th March 2019

The Information Commissioner’s Office (ICO) has fined Vote Leave Limited £40,000 for sending out thousands of unsolicited text messages in the run-up to the 2016 EU referendum.

Jayana Morgan-Davis

15th March 2019

A former administration assistant at a used car dealership has been prosecuted for unlawfully obtaining the personal data of customers and other employees.   

Faye Caughey

15th March 2019

A former administrator at Heart of England NHS Foundation Trust (HEFT) has been prosecuted for accessing medical records without authorisation. 

For more information and the latest news from ICO visit www.ico.org.uk

Contact Us

CONTACT US TO FIND OUT MORE AT 
[email protected].COM OR 
COMPLETE THE FORM.