ICO Fines Pensions Firm for Spamming Millions of Users

The Information Commissioner’s Office (ICO) has fined a pensions company for sending out nearly two million spam emails.

The UK’s privacy watchdog slapped Kent-based Grove Pension Solutions with a £40,000 penalty after it sent out the unsolicited marketing emails between October 31, 2016 and October 31, 2017.

Although the firm had sought advice over the use of third-party marketing agents from both a data protection consultancy and its lawyers, the counsel they gave proved to be inaccurate.

According to the Privacy and Electronic Communications Regulations (PECR), firms can’t send out marketing emails unless the recipient has given their explicit consent. The maximum fine under the regime is £500,000.

“Spam email uses people's personal data unlawfully, filling up their inboxes and promoting products and services which they don't necessarily want,” said ICO director of investigations and intelligence, Andy White.

“We acknowledge that Grove Pension Solutions Ltd took steps to check that their marketing activity was within the law, but received misleading advice. However, ultimately, they are responsible for ensuring they comply with the law and they were in breach of it.”

The moral of this cautionary tale is for organizations unsure about data protection and marketing laws to get in touch with the ICO directly, rather than spending money consulting with third party ‘experts’ which may do little except give them a false sense of security.

“The ICO is here to provide businesses with guidance about electronic marketing and data protection, free of charge. The company could have contacted us and avoided this fine,” explained White.

The fine follows another £40,000 penalty levied by the ICO last week, this time against Brexit organization Vote Leave, which sent out thousands of unsolicited text messages in the run up to the 2016 referendum.

That follows a similar fine for Leave.EU related to its sending of nearly 300,00 political marketing messages.

Leave.EU is now the subject of a criminal investigation by the National Crime Agency (NCA) over allegations that its funding came from outside the UK, breaking election laws.

What’s Hot on Infosecurity Magazine?