nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Brit bank fined £75k over 1.5 MEEELLION text and email spamhammer

And London advertising firm spanked for similar campaign

By John Leyden, 10 Oct 2017

A Bradford-based bank has been fined by the UK's data privacy watchdog for sending illegal marketing texts and emails.

Vanquis Bank Limited spammed 870,849 text messages and 620,000 emails to promote its credit cards without the recipients' consent, which is against the law.

The bank obtained the marketing lists used to send the messages from other organisations. It relied on indirect consent, which included vague wording – such as "trusted parties" and "carefully selected third parties" – not specific enough to grant permission for how the information was actually used.

The campaign resulted in a number of complaints, an investigation and ultimately a hefty £75,000 fine from the Information Commissioner's Office (ICO). The penalty follows another earlier this year to related firm Provident Personal Credit Limited, also for spam texting.

Spam texting tactics are commonly associated with claims management firms and payment protection insurance (PPI) reclaiming outfits but a growing body of ICO enforcement actions show that more mainstream firms as well as ambulance-chasing types are adopting much the same annoying strategies.

London advertising firm Xerpla has also been fined £50,000 by the ICO. The firm sent nearly 1.26 million spam emails promoting products and services as far-ranging as dog food, wine, competitions and boilers on behalf of other companies. Xerpla did not have consent to send the emails to their recipients.

ICO head of enforcement Steve Eckersley commented: "There are rules in place to protect people from the irritation, and in some cases anxiety and distress, spam texts and emails cause.

"People need to be properly informed about what they are consenting to. Telling them their details could be passed to 'similar organisations' or 'selected third parties' cannot be relied upon as specific consent."

The spam emails from Xerpla were fired at people who had subscribed to two websites operated by the firm – www.yousave.co.uk and www.headsyouwin.co.uk. Subscribers were told their details could be shared with other organisations by way of a generic statement in a privacy policy. These messages were not clear and specific enough to constitute consent for the subsequent marketing, the ICO said. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing