BT walloped with £70K ICO fine for 5 million spam emails
Telecommunication provider found to be in breach of the Data Protection Act 1998
British Telecommunications plc (BT) has been hit with a 77,000 fine by the Information Commissioner's Office (ICO) for sending out almost five million nuisance emails to customers.
The ICO's investigation found that the company did not have customer consent to send direct marketing emails, which is a breach of section 55A of the Data Protection Act 1998.
The investigation began after an unnamed member of the public highlighted the issue.
"Organisations have a responsibility to ensure they are acting within the law. Where they do not, the ICO can and will take action," said Steve Eckersley, ICO head of enforcement.
"This particular investigation was prompted by a concerned member of the public. We investigated the matter and uncovered the full extent of this activity which shows how important it is for people to report nuisance emails."
Between December 2015 and November 2016 4.9 million emails were sent to BT customers promoting three charity initiatives for the BT "My Donate" platform, "Giving Tuesday" and "Stand up to Cancer".
BT accepted that emails for "Giving Tuesday" and "Stand up to Cancer" were unlawful during the investigation, but it disputed the assessment that "My Donate" emails were direct marketing.
The ICO found that all of the emails sent constituted marketing and were not simply service messages and had been delivered to recipients who had not given the necessary consent. As a result, the emails were sent in breach of regulation 22 of the Privacy and Electronic Communications Regulations.
Although BT did not deliberately break the rules, the ICO said it should have known the risks and it failed to take reasonable steps to prevent them.
BT responded in a statement saying it was "disappointed" by the decision to impose a fine but have accepted the facts set out by the ICO.
"There was no financial benefit to BT and minimal impact on customers, in fact, almost five million emails elicited just one complaint," the company spokesperson said.
"We are pleased that the ICO has acknowledged that this was not a deliberate contravention of regulations. In turn, we have accepted the facts set out by the ICO and have apologised."
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now