Included in this week's Data & Privacy News: Marketing agency fined for sending emails without consent; Majority of UK firms not insured against security breaches and data losses; ICO survey shows lack of trust and confidence in how organisations handle personal data.

Marketing agency fined for sending emails without consent 

Everything DM Ltd (EDML), based in Stevenage, has received a fine of £60,000 from the Information Commissioner's Office (ICO) for sending 1.42 million nuisance emails to prospective customers on behalf of its clients. 

Between May 2016 and May 2017, EDML sent emails on behalf of its clients for a fee via its direct marketing tool, Touchpoint.

Those emails gave the impression clients had sent them directly, and EDML was unable to prove the recipients had ever agreed to receive the marketing emails from either itself or its clients. 

The ICO investigation found that EDML had failed to take reasonable steps to ensure the data complied with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECRs).

EDML has also been issued with an Enforcement Notice requiring then to comply with the PECRs in the future. 

Majority of UK firms not insured against security breaches and data loss 

A report by NTT Security has revealed that only a third of UK businesses are insured against information security breaches and data loss, despite annual losses from cyber crime estimated to be topping £291 billion. 

According to the Risk:Value report, UK businesses would have to spend £1 million on average to recover from a breach. 

The report also show that nearly half of senior executives are unaware as to what their company insurance policy covers them for. 

Matthew McKenna, Vice President, EMEA at SecurityScorecard, believes many companies are facing difficulties with unclear cyber insurance policies, particularly those in the small and midsize business segment where a dedicated cyber security professional may not be present. 

ICO survey shows lack of trust and confidence in how organisations handle personal data 

Information Commissioner Elizabeth Denham has issued a reminder to organisations to be transparent with people's personal information, after an ICO survey showed that most UK citizens still don't trust organisations with their data.

The original benchmark research conducted in 2017, found that 20% of people had trust and confidence in organisations storing and using their personal information. This figure increased to 34% in the latest survey but is still relatively low. 

One of the ICO's main strategic goals under their Information Rights Strategic Plan 2017-2021 is to increase the UK public's trust and confidence in how data is used and made available. 

Other key findings from the survey include:

  • A significant increase in the proportion of respondent stating they would get advice/information from the ICO;
  • Public concerns around organisations using personal information which is then stolen by criminals; and
  • Most feel that a company should be held responsible for lost or stolen data in a data breach.

Key Contacts

Ross McKenzie

Ross McKenzie

Partner, Commercial & Data Protection
Aberdeen, UK

View profile
Helena Brown

Helena Brown

Partner, Commercial and Data Protection & Head of Data
Edinburgh, UK

View profile