Online drug dispensary Pharmacy 2U – which offers treatments for conditions such asthma, Parkinson’s disease and erectile dysfunction – has been whacked with a £130,000 after being found guilty of illegally selling details of more than 20,000 customers to marketing companies.
An Information Commissioner’s Office investigation discovered that more than 100,000 customer details were advertised for sale through an online marketing list company. Breakdowns of customers, such as men over 70 years old, along with their conditions, were available, and records were advertised for sale for £130 per 1,000 records.
Businesses that bought the details included a health supplements company that has been cautioned for misleading advertising and an Australian lottery company subject to investigation by Trading Standards.
The ICO investigation found that Pharmacy 2U had not informed its customers that it intended to sell their details, and that the customers had not given their consent for their personal data to be sold on. This was in breach of the Data Protection Act.
ICO deputy commissioner David Smith said: “Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable. Put simply, a reputable company has made a serious error of judgement, and today faces the consequences of that. It should send out a clear message to other companies that the customer data they hold is not theirs to do with as they wish.
“Once people’s personal information has been sold on once in this way, we often see it then gets sold on again and again. People are left wondering why so many companies are contacting them and how they come to be in receipt of their details.”
The fine is the first of its type, with the company found to have breached the first principle of the Data Protection Act regarding fair and lawful processing of data.
The investigation found the lottery company that bought customer records appeared to have deliberately targeted elderly and vulnerable individuals, and it is likely that some customers will have suffered financially as a result of their details being passed on, the ICO added.
Related stories
ICO hunts firms selling illegal data
Top brands ‘making nuisance calls’
Industry fights pensions data outcry
Data firms fingered in pension claims
ICO raids Hove nuisance call hide-out
Graham: I’ll only spank the bad boys
DMA wants more rogue call action
