Share This Page

GOOGLE
https://theprivacyadvocate.com/businesses-that-got-fined-in-2018/">
RSS
LinkedIn

Businesses That Got Fined in 2018

November 30, 2018

Just a partial list from one regulator. Enough to get you started and prepared for 2019.

Browse this list for ideas on organizations and individuals that have gotten fined due to data privacy violations. Some may be organizations very similar to yours. And, contrary to popular myths, it’s not about the size of the organization or the industry, or how long you’ve been in business. It’s about when getting caught non-compliant.

Thanks to UK’s Information Commissioner Office (ICO), the list below include actions the regulator has taken against a former nurse, tax preparer, a designer, financial firms, marketing services, insurance firms, and a police department.

You’ll also find on this list, Uber, Heathrow Airport, Equifax, Google, Facebook, among others. The idea is to give you diverse case studies that can help your business adopt better privacy practices, implement privacy requirements, and avoid harsh financial consequences in 2019. You’ll find here details of what happened, what privacy requirements were violated, and what action the ICO took.

Tax Returned Limited

13 December 2018, Enforcement notices, Marketing

Tax Returned Limited sent 14.8 million marketing text messages without valid consent through a third party service provider between July 2016 and October 2017. The firm has been issued with an enforcement notice ordering the firm to stop its illegal marketing activity. 

Finance sector – organizations fined for non-payment of data protection fee

28 November 2018, Monetary penalties, Finance insurance and credit

Organizations across the finance sector are among the first to be fined by the ICO for not paying the data protection fee.

Manufacturing sector – organizations fined for non-payment of data protection fee

28 November 2018, Monetary penalties, Retail and manufacture

Organizations across the manufacturing sector are among the first to be fined by the ICO for not paying the data protection fee.

Business sector – organizations fined for non-payment of data protection fee

28 November 2018, Monetary penalties, General business

Organizations across the business sector are among the first to be fined by the ICO for not paying the data protection fee.

Uber

26 November 2018, Monetary penalties, Transport and leisure

The Information Commissioner’s Office (ICO) has fined ride sharing company Uber £385,000 for failing to protect customers’ personal information during a cyber attack. 

Solartech North East Ltd

26 November 2018, Enforcement notices, Marketing

Solartech North East Ltd based in Middlesbrough made 74,902 calls to numbers registered with the TPS between May and June 2017. An enforcement notice has been issued to the firm ordering Solartech North East Ltd to stop its illegal marketing activity. 

DM Design Bedrooms Ltd

23 November 2018, Monetary penalties, Marketing

DM Design Bedrooms Ltd based in Cumbernauld, Glasgow has been fined £160,000 for making more than 1.6 million nuisance calls to TPS subscribers between April and November 2017. 

Solartech North East Ltd

23 November 2018, Monetary penalties, Marketing

Solartech North East Ltd based in Middlesbrough have been fined £90,000 for making 74,902 calls to numbers registered with the TPS between May and June 2017. 

DM Design Bedrooms Ltd

23 November 2018, Enforcement notices, Marketing

DM Design Bedrooms Ltd based in Cumbernauld, Glasgow made more than 1.6 million nuisance calls to TPS subscribers between April and November 2017. The firm   has been issued with an enforcement notice ordering it to stop its illegal marketing activity. 

Metropolitan Police Service

16 November 2018, Enforcement notices, Criminal justice

An investigation by the Information Commissioner’s Office (ICO) found that the Metropolitan Police Service’s (MPS) use of the Gangs Matrix led to multiple and serious breaches of data protection laws. 

Secure Home Systems Ltd

31 October 2018, Monetary penalties, General business

Secure Home Systems (SHS) of Bilston, West Midlands, has been fined £80,000 for making calls to 84,347 numbers registered with the TPS between September and December 2017, using call lists bought from third parties without screening them. 

ACT Response Limited

30 October 2018, Monetary penalties, General business

ACT Response Ltd of Middlesbrough was behind 496,455 live marketing calls to TPS subscribers and has been fined £140,000. 

Facebook Ireland Ltd

24 October 2018, Monetary penalties

The Information Commissioner’s Office (ICO) has fined Facebook £500,000 for serious breaches of data protection law. 

Aggregate IQ Data Services Ltd

24 October 2018, Enforcement notices, General business

Enforcement notice issued to Aggregate IQ Data Services Ltd. 

Boost Finance Limited

09 October 2018, Monetary penalties

The Information Commissioner has fined London-based marketing company, Boost Finance Ltd (BFL), a company responsible for millions of nuisance emails about pre-paid funeral plans. 

Heathrow Airport

08 October 2018, Monetary penalties, Transport and leisure

Heathrow Airport Limited (HAL) has been fined £120,000 by the Information Commissioner’s Office (ICO) for failing to ensure that the personal data held on its network was properly secured. 

Oaklands Assist UK Limited

01 October 2018, Monetary penalties, Marketing

A Manchester firm has been fined £150,000 by the Information Commissioner’s Office (ICO) for making thousands of nuisance direct marketing phone calls. 

Bupa Insurance Services Ltd

28 September 2018, Monetary penalties, Health

Bupa Insurance Services Limited (Bupa) has been fined £175,000 by the Information Commissioner’s Office (ICO) for failing to have effective security measures in place to protect customers’ personal information. 

Clare Lawson

24 September 2018, Prosecutions, Health

A former nurse at Southport and Ormskirk Hospital NHS Trust has been prosecuted for accessing patients’ medical records without authorisation. 

Equifax Ltd

20 September 2018, Monetary penalties, Finance insurance and credit

The Information Commissioner’s Office has issued Equifax Ltd with a £500,000 fine for failing to protect the personal information of up to 15 million UK citizens during a cyber attack in 2017. The…

London Borough of Lewisham

06 September 2018, Enforcement notices, Local government

Enforcement notice for London Borough of Lewisham. 

Everything DM Ltd

05 September 2018, Monetary penalties, Marketing

Everything DM Ltd (EDML), based in Stevenage, was fined £60,000 for sending 1.42 million emails without consent. 

Everything DM Ltd

04 September 2018, Enforcement notices, Marketing

The Information Commissioner’s Office (ICO) has taken enforcement action against Everything DM Ltd (EDML) for sending 1.42 million emails without consent. 

Lifecycle Marketing (Mother and Baby) Ltd

09 August 2018, Monetary penalties, Marketing

The ICO has fined Lifecycle Marketing (Mother and Baby) Ltd, also known as Emma’s Diary, £140,000 for illegally collecting and selling personal information belonging to more than one million people.…

AMS Marketing Ltd

01 August 2018, Monetary penalties, Marketing

The Information Commissioner’s Office has fined   AMS Marketing Ltd   £100,000 for making 75,649 nuisance calls.   

Independent Inquiry into Child Sexual Abuse

18 July 2018, Monetary penalties, Central government

Independent Inquiry into Child Sexual Abuse (IICSA) fined £200,000 for revealing identities of abuse victims in mass email. 

Noble Design and Build of Telford

03 July 2018, Prosecutions

Noble Design and Build of Telford, Shropshire, which operates CCTV systems in buildings across Sheffield, broke data protection laws by failing to comply with an Information Notice.

Our Vault Ltd

28 June 2018, Enforcement notices, Finance insurance and credit

The Information Commissioner’s Office (ICO) has taken enforcement action against two firms for making nuisance telephone calls – Our Vault Limited in Chorley, Lancashire, and Swansea-based Horizon Windows Limited. Enforcement Notices have been issued to both companies ordering the firms to stop their illegal marketing activity. 

Horizon Windows

28 June 2018, Enforcement notices, Retail and manufacture

The Information Commissioner’s Office (ICO) has taken enforcement action against two firms for making nuisance telephone calls – Our Vault Limited in Chorley, Lancashire, and Swansea-based Horizon Windows Limited. Enforcement Notices have been issued to both companies ordering the firms to stop their illegal marketing activity. 

Our Vault Ltd

28 June 2018, Monetary penalties, Finance insurance and credit

Our Vault was fined £70,000 for making 55,534 unsolicited marketing calls to people who had registered with the Telephone Preference Service (TPS) and had not consented to being contacted by the company. 

British Telecommunications plc

20 June 2018, Monetary penalties, Online technology and telecoms

British Telecommunications plc (BT) has been fined £77,000 by the Information Commissioner’s Office after it sent nearly five million nuisance emails to customers. 

Ainsworth Lord Estates Limited

18 June 2018, Enforcement notices, Land or property services

Ainsworth Lord Estates Limited has been served with an Enforcement Notice for failing to respond to a subject access request. 

Gloucestershire Police

11 June 2018, Monetary penalties, Criminal justice

Gloucestershire Police fined for revealing identities of abuse victims in bulk email. 

Humberside Police

08 June 2018, Undertakings, Criminal justice

The Chief Constable of Humberside Police has signed an undertaking to comply with the Seventh Data Protection Principle. 

The British & Foreign Bible Society c/o the Bible Society

07 June 2018, Monetary penalties

The British and Foreign Bible Society, based in Swindon, has been fined £100,000 by the Information Commissioner’s Office, after their computer network was compromised as the result of a…

Bayswater Medical Centre

23 May 2018, Monetary penalties, Health

Bayswater Medical Centre in London has been fined £35,000 by the ICO after it left highly sensitive medical information in an empty building. 

West Midlands Police

21 May 2018, Undertakings, Criminal justice

A follow up has been completed to provide an assurance that West Midlands Police  has appropriately addressed the actions agreed in its undertaking signed 31 October 2017. 

The University of Greenwich

21 May 2018, Monetary penalties, Education and childcare

The University of Greenwich has been fined £120,000 by the Information Commissioner following a “serious” security breach involving the personal data of nearly 20,000 people.   

Yahoo! UK Services Ltd

21 May 2018, Monetary penalties, Online technology and telecoms

Yahoo! UK Services Limited, based in London, has been fined £250,000 by the Information Commissioner’s Office after their computer network was compromised as the result of a cyber-attack in November 2014. 

Daniel Short

17 May 2018, Prosecutions, General business

A former Recruitment Consultant who illegally obtained personal information, namely information relating to clients and service users, has been prosecuted. 

Crown Prosecution Service

16 May 2018, Monetary penalties, Criminal justice

The Crown Prosecution Service (CPS) has been fined £325,000 by the ICO after they lost unencrypted DVDs containing recordings of police interviews. 

SCL Elections Limited

05 May 2018, Enforcement notices, Marketing

The Information Commissioner’s Office has served a legal notice on SCL Elections Ltd ordering it give an academic all the personal information the company holds about him. 

ANA Consulting (AB) Groupe Ltd and Mr Ahmed Hamza Atcha

01 May 2018, Prosecutions, General business

A company and a company director who failed to comply with an Information Notice has been prosecuted. ANA Consulting (AB) Groupe Ltd and Mr Ahmed Hamza Atcha, of Chorley Road, Westhoughton,…

Costelloe & Kelly Ltd

01 May 2018, Monetary penalties, Marketing

Costelloe & Kelly Ltd undertook a direct text marketing campaign without a valid consent to individuals in contravention of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. 

IAG Nationwide Ltd

01 May 2018, Enforcement notices, Marketing

Unsolicited calls for direct marketing purposes to subscribers who had registered with the Telephone Preference Service in contravention of Regulations 21 and 24 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. 

IAG Nationwide Ltd

01 May 2018, Monetary penalties, Marketing

Unsolicited calls for direct marketing purposes to subscribers who had registered with the Telephone Preference Service in contravention of Regulations 21 and 24 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. 

Michelle Harrison

23 April 2018, Prosecutions, Health

Michelle Harrison of Milton Keynes, inappropriately accessed the records of 12 patients outside of her role as receptionist/general assistant in the Orthotics Department at Milton Keynes University Hospital NHS Foundation Trust between March 2016 and January 2017. 

Mr Alex Goldthorpe t/a Approved Green Energy Solutions

18 April 2018, Monetary penalties, Land or property services

Unsolicited calls for direct marketing purposes to subscribers who had registered with the Telephone Preference Service in c ontravention of Regulation 21 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. 

The Energy Saving Centre Ltd

18 April 2018, Enforcement notices, Land or property services

Unsolicited calls for direct marketing purposes to subscribers who had registered with the Telephone Preference Service in c ontravention of Regulation 21 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. 

The Energy Saving Centre Ltd

18 April 2018, Monetary penalties, Land or property services

Unsolicited calls for direct marketing purposes to subscribers who had registered with the Telephone Preference Service in c ontravention of Regulation 21 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

In the near future we’ll also post a list from FTC. Remember that the Federal Trade Commission is a GDPR regulator on U.S. soil. It cooperates with and assists European regulators crackdown privacy violators on this side of the pond. It’s a great idea to be compliant with privacy requirements.

Content courtesy: ICO.org

Photo courtesy: Pepi Stujanovski, Rawpixel, Vladimir Solomyani, Melinda Gimpel, Michael Longmire, Maria pagan, Thought Catalog, Holge Link, Shot By Cerqueira, Katie Harp Rebelsaurus, Madison Kaminski, Didier Weemaels on unsplash.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Share This Page

GOOGLE
https://theprivacyadvocate.com/businesses-that-got-fined-in-2018/">
RSS
LinkedIn
Social media & sharing icons powered by UltimatelySocial