Marketing boss banned after thousands of nuisance calls

Marketing company director who made over 75,500 unsolicited marketing calls banned by the Insolvency Service for six years. Elia Bols (32) now living in Australia, was director of AMS Marketing Limited, a telephone marketing company incorporated in January 2016. The Telephone Preference Service (TPS), however, received 71 complaints between October 2016 and October 2017 about AMS Marketing’s unsolicited calls. A further 32 complaints were received by the Information Commissioners Office (ICO), who informed Elia Bols that a fine of £100,000 would be issued. In April 2019, AMS Marketing was wound-up…

Updated ICO statement on recommendations published by the European Data Protection Board following the Schrems II case

An ICO spokesperson said: “We are reviewing the two recommendations published by the European Data Protection Board (EDPB) following the CJEU Schrems II ruling in July. The judgment confirmed how EU standards of data protection must travel with personal data when it goes overseas.  “The first recommendation updates the European Essential Guarantee for surveillance measures. “The second has been published for public consultation and looks at the extra measures organisations may take to support the international transfer of data to meet EU standards, and is out for public consultation. “This…

ICO fines Ticketmaster UK Limited £1.25million for failing to protect customers’ payment details

The Information Commissioner’s Office (ICO) has fined Ticketmaster UK Limited £1.25million for failing to keep its customers’ personal data secure. The ICO found that the company failed to put appropriate security measures in place to prevent a cyber-attack on a chat-bot installed on its online payment page. Ticketmaster’s failure to protect customer information is a breach of the General Data Protection Regulation (GDPR). The data breach, which included names, payment card numbers, expiry dates and CVV numbers, potentially affected 9.4million of Ticketmaster’s customers across Europe including 1.5million in the UK.…

Blog: Access to information: driving change through education, engagement and enforcement

12 November 2020 A blog for police forces, public authorities and data protection practitioners.  Here at the ICO, we recognise how hard organisations are working to keep running effective businesses and services in the face of the Covid-19 pandemic. As the regulator, we’ve been playing our part too. In September, Elizabeth Denham set out how we would continue to support our data protection and freedom of information colleagues and adjust our regulatory approach as needed. We’ve offered advice, created practical tools and updated guidance to help organisations make changes and…

Open Data Institute’s 2020 virtual summit

The ICO’s work, as regulator for both data protection and freedom of information, sits comfortably alongside that of the ODI. There is a shared passion for transparency wherever possible, and a shared recognition of the value of data, and the benefits that can come from sharing data. But the shared principle I most want to focus on today is trust. And in particular, trust as an imperative if the type of innovations being discussed today are to achieve their full potential. Listening to discussions today, I’m hearing a tone of…

UK political parties must improve data protection practices

The Information Commissioner’s Office (ICO) has set out how seven of the UK’s political parties need to improve the way they handle people’s personal data after assessing how they manage data protection. The ICO audited the parties’ data protection compliance following significant concerns about transparency and the use of people’s data in political campaigning that were highlighted in its 2018 report, Democracy Disrupted? A summary of the audits is published today and includes specific actions to improve data protection transparency and practice for: the Conservative Party; the Labour Party; the…

ICO fines Marriott International Inc £18.4million for failing to keep customers’ personal data secure

The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure. Marriott estimates that 339 million guest records worldwide were affected following a cyber-attack in 2014 on Starwood Hotels and Resorts Worldwide Inc. The attack, from an unknown source, remained undetected until September 2018, by which time the company had been acquired by Marriott.  The personal data involved differed between individuals but may have included names, email addresses, phone numbers, unencrypted passport numbers, arrival/departure information, guests’ VIP status and loyalty programme membership number.…

Greater Manchester claims management company fined £250,000 for making millions of nuisance calls

The Information Commissioner’s Office (ICO) has fined Reliance Advisory Limited (RAL) £250,000 for breaking electronic marketing law.                  The ICO found that over a six month period from the start of 2019, the Bury-based company RAL made 15.1 million calls in relation to claims management services such as mis-sold PPI. All of the calls, of which 1.1 million connected, were made to people who had not consented to receive them.   The ICO received 85 complaints from members of the public about the persistent…

ICO takes enforcement action against Experian after data broking investigation

The Information Commissioner’s Office (ICO) orders the credit reference agency Experian Limited to make fundamental changes to how it handles people’s personal data within its direct marketing services. The enforcement notice follows a two-year investigation by the ICO into how Experian, Equifax and TransUnion used personal data within their data broking businesses for direct marketing purposes. A complaint from the campaign group Privacy International to the ICO also raised concerns about the data broking industry, specifically Equifax and Experian. As a result of the ICO’s work, all three credit reference agencies (CRAs)…

Blog: Simplifying subject access requests – new detailed SARs guidance

21 October 2020 The right of access is a fundamental right under data protection law. And it has never been more necessary. In a world where personal data is used almost everywhere – by everyone – it’s vital that people have the right to be able to find out what’s happening to their information. More and more people are waking up to the power of their personal data, and are exercising their rights. That’s why, as an organisation, it’s important that you know how to deal with a subject access…