BT walloped with £70K ICO fine for 5 million spam emails
Telecommunication provider found to be in breach of the Data Protection Act 1998
British Telecommunications plc (BT) has been hit with a 77,000 fine by the Information Commissioner's Office (ICO) for sending out almost five million nuisance emails to customers.
The ICO's investigation found that the company did not have customer consent to send direct marketing emails, which is a breach of section 55A of the Data Protection Act 1998.
The investigation began after an unnamed member of the public highlighted the issue.
"Organisations have a responsibility to ensure they are acting within the law. Where they do not, the ICO can and will take action," said Steve Eckersley, ICO head of enforcement.
"This particular investigation was prompted by a concerned member of the public. We investigated the matter and uncovered the full extent of this activity which shows how important it is for people to report nuisance emails."
Between December 2015 and November 2016 4.9 million emails were sent to BT customers promoting three charity initiatives for the BT "My Donate" platform, "Giving Tuesday" and "Stand up to Cancer".
BT accepted that emails for "Giving Tuesday" and "Stand up to Cancer" were unlawful during the investigation, but it disputed the assessment that "My Donate" emails were direct marketing.
The ICO found that all of the emails sent constituted marketing and were not simply service messages and had been delivered to recipients who had not given the necessary consent. As a result, the emails were sent in breach of regulation 22 of the Privacy and Electronic Communications Regulations.
Although BT did not deliberately break the rules, the ICO said it should have known the risks and it failed to take reasonable steps to prevent them.
BT responded in a statement saying it was "disappointed" by the decision to impose a fine but have accepted the facts set out by the ICO.
"There was no financial benefit to BT and minimal impact on customers, in fact, almost five million emails elicited just one complaint," the company spokesperson said.
"We are pleased that the ICO has acknowledged that this was not a deliberate contravention of regulations. In turn, we have accepted the facts set out by the ICO and have apologised."
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now