A pregnancy club has been fined £400,000 for illegally sharing the personal information of more than 14 million people.
Bounty UK, which offers advice to new parents, unlawfully shared its members' data with marketing agencies, including the details of "potentially vulnerable" new mothers, according to the Information Commissioner's Office (ICO).
The shared data also included information about very young children, such as their birth date and sex, and Bounty's actions appeared "to have been motivated by financial gain", the regulator said.
Bounty collected information through its website and mobile apps, merchandise packs, and even directly from the hospital bedsides of new mothers.
The company was found to have breached the Data Protection Act 1998 by sharing around 34.4 million records with 39 agencies, including Acxiom, Equifax, Indicia and Sky, between June 2017 and April 2018.
Advertisement
Steve Eckersley, ICO director of investigations, said Bounty had not been "open or transparent" to millions of people about the fact their personal data may be passed on to those organisations.
He added that "such careless data sharing is likely to have caused distress to many people" as it included "information about their pregnancy status and their children".
More from Science & Tech
"The number of personal records and people affected in this case is unprecedented in the history of the ICO's investigations into data broking industry and organisations linked to this," Mr Eckersley said.
Our investigation found that Bounty collected personal information for it's membership cards directly from new mothers at hospital bedsides. But the company also operated as a data broker and supplied this data to third parties. pic.twitter.com/rj5fd3n1wA
— ICO (@ICOnews) Read More – Source
[contf] [contfnew]
Sky News
[contfnewc] [contfnewc]
