The Information Commissioner's Office (ICO) has fined Morrisons supermarket 10,500 for sending out spam to its customers, despite them opting out of receiving marketing emails.
The UK data protection watchdog found that the chain had knowingly sent 130,671 emails to people holding a Morrisons store card who had preciously opted out of receiving such emails.
The emails were sent to customers in the tail-end of 2016 and included the subject line, "Your Account Details." The email in question then asked recipients to change their marketing preferences so they could then receive discounts and earn extra points from using their card. Opting in would also mean Morrisons could send newsletters detailing the company's latest news and information.
"It is vital that the public can trust companies to respect their wishes when it comes to how their personal information is used for marketing," ICO deputy commissioner Simon Entwisle said.
"These customers had explicitly told Morrisons they didn't want marketing emails about their More card. Morrisons ignored their decision and for that we've taken action."
The ICO added that fining businesses that misuse the UK's systems of opting in or out to marketing materials will go some way to ensure all companies adhere to the new General Data Protection Regulation (GDPR) guidelines planned to come into force in 2018. The GDPR will force companies to require clear opt-in consent from customers to use their personal data for particular purposes.
Under GDPR, any company that possesses personal customer information must ensure it's fair and lawfully processed, processed for limited purposes, any use of that customer data is for adequate, relevant and not excessive reasons, is always up to date and accurate, isn't kept longer than deemed necessary, is processed within the customer's rights, is secure and never transferred to any other country without being adequately secured.
Morrisons commits to Oracle in £110 million IT move UK businesses 'struggle to translate' ICO's GDPR guidance General Data Protection Regulation (GDPR)
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
Why bolstering your security capabilities is critical ahead of NIS2NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
-
SEC data breach rules branded “worryingly vague” by industry bodyNews The new rules announced last week leave many questions unanswered, according to security industry experts
-
Crackdown on crypto needed to curb cyber crime, says expertNews Threat actors would struggle to generate money without the anonymity provided by unregulated digital tokens, but such a move would require worldwide buy-in
-
The gratitude gapWhitepaper 2023 State of Recognition
-
UK gov invites experts to contribute to its overhauled AI regulatory approachNews The new approach will not adopt the EU's centralised model and sits alongside the National AI Strategy and Data Protection and Digital Information Bill
-
UK government opts against regulation for cyber security standardsNews UK Cyber Security Council will move ahead with its planned chartered standards, with the government to monitor its adoption
-
Encryption battle plays out in Australian ParliamentNews The opposition said that the government is “addicted to secrecy”
