Data is becoming an increasingly sensitive and important issue for businesses and if you get it wrong there can be serious financial and reputation costs. The hacking of Talk Talk’s website shows the importance of treating your customers’ personal information with respect and giving consideration as to how best it can be protected.
Another recent case in this area is that of Pharmacy2U which was fined £130,000 by the Information Commissioner for selling customers’ details to third parties without their consent in breach of the Data Protection Act. Pharmacy2U is the largest NHS approved online pharmacy and like many businesses collects personal data through its customer registration process. It engaged a marketing company to advertise more than 100,000 customers’ details for sale and the details of more than 20,000 customers were subsequently passed to third parties in return for payment.
It is important that businesses review their terms and conditions in light of this case where they routinely pass customer details to third parties for the purposes of direct marketing. Businesses must ensure they provide clear information, in a prominent place, to customers as to how their data will be used and who it will be shared with; it is not enough to simply rely on small print which is hidden away. It is also worth noting that where a breach of the Data Protection Act occurs then anyone who is affected has a right of compensation for any distress caused (without the need to show any actual financial loss). As such, the combination of a hefty fine from the Information Commissioner and individual compensation cases brought by thousands of customers could be very expensive and time consuming for any business.