The Information Commissioner’s Office (ICO) issued a fine of £400,000 for careless data handling of 14 million people’s data (34.4 million records) with 39 organisations between June 2017 to April 2018.
The ICO investigation found that the company gathered information through its website and mobile apps, merchandise packs and they have previously been criticised for sending sales reps to target new mothers in their hospital beds shortly after childbirth. The information that was shared included personal information such as the birth date and gender of children and as stated by the regulator, “likely to have caused distress to many people, since they did not know that their personal information was being shared multiple times with so many organisations, including information about their pregnancy status and their children.”
“The number of personal records and people affected in this case is unprecedented in the history of the ICO’s investigations into the data broking industry and organisations linked to this,” said Steve Eckersley, ICO director of investigations.
Following the ICO’s findings, the company has said that they have reformed their data handling processes.
“In the past, we did not take a broad enough view of our responsibilities and as a result, our data-sharing processes, specifically with regards to transparency, were not robust enough”, said Bounty’s managing director, Jim Kelleher.