Connect with us

Tech

Pregnancy club fined for illegally sharing data of millions of mums

A pregnancy club has been fined £400,000 for illegally sharing the personal information of more than 14 million people.

Bounty UK, which offers advice to new parents, unlawfully shared its members' data with marketing agencies, including the details of "potentially vulnerable" new mothers, according to the Information Commissioner's Office (ICO).

The shared data also included information about very young children, such as their birth date and sex, and Bounty's actions appeared "to have been motivated by financial gain", the regulator said.

Bounty collected information through its website and mobile apps, merchandise packs, and even directly from the hospital bedsides of new mothers.

Image: Bounty UK offers advice to new parents

The company was found to have breached the Data Protection Act 1998 by sharing around 34.4 million records with 39 agencies, including Acxiom, Equifax, Indicia and Sky, between June 2017 and April 2018.

Advertisement

Steve Eckersley, ICO director of investigations, said Bounty had not been "open or transparent" to millions of people about the fact their personal data may be passed on to those organisations.

He added that "such careless data sharing is likely to have caused distress to many people" as it included "information about their pregnancy status and their children".

More from Science & Tech

  • Public to vote for name of minor planet in our solar system

  • Uber reveals massive losses ahead of market debut

  • Thomas White: University dropout behind notorious dark web site Silk Road 2.0 jailed

  • Halifax accused of copying rival banks Monzo and Starling with rebrand

  • NASA study uses twins to find out long-term effects of space travel

  • Israeli spacecraft Beresheet crash-lands on the moon

"The number of personal records and people affected in this case is unprecedented in the history of the ICO's investigations into data broking industry and organisations linked to this," Mr Eckersley said.

Our investigation found that Bounty collected personal information for it's membership cards directly from new mothers at hospital bedsides. But the company also operated as a data broker and supplied this data to third parties. pic.twitter.com/rj5fd3n1wA

— ICO (@ICOnews) April 12, 2019

Bounty said it acknowledged the ICO's findings and that its data-sharing process had not been "robust enough" in the past.

"This was not of the standard expected of us," the firm's managing director Jim Kelleher said.

"However, the ICO has recognised that these are historical issues. Our priority is to continue to provide a valuable service for new parents that is both helpful and trusted."

Mr Kelleher said Bounty has made "significant changes" including reducing the number of personal records it holds and the length of time they are kept for.

The firm will appoint an independent data expert and publish the findings of annual checks on its website, he added.

Continue Reading




Subscribe

Trending