top of page

The purpose of this information sheet is not intended to cause shock or frighten the reader, but to show that Data Protection is being taken seriously by the ICO and those who chose to ignore the legislation to the detriment of their clients and sometimes also their employees.

 

22 October 2021

The Information Commissioner’s Office (ICO) is urging organisations to revisit their bulk email practices after failures by HIV Scotland led to a £10,000 fine.

The breach of data protection law involved an email to 105 people which included patient advocates representing people living in Scotland with HIV. All the email addresses were visible to all recipients, and 65 of the addresses identified people by name.

 

25 October 2021

The ICO has fined Unite the Union £45,000. There were multiple breaches of regulation 21 by Unite the Union arising from the organisation’s activities over a twelve-month period, resulting in 57,665 unsolicited direct marketing calls to subscribers who were registered with the TPS.  These 57,665 unsolicited calls led to a total of 27 complaints being made to the Commissioner over the period of contravention.

 

15 September 2021

The ICO has fined We Buy Any Car Limited £200,000. It sent 191.4 million marketing emails and 3.6 million marketing SMS messages to individuals without fully satisfying the requirements of the soft opt in, resulting in 42 complaints to the Commissioner, over a period of twelve months.

 

08 June 2021

Colour Car Sales Ltd (CCSL) of Stoke-on-Trent, is a credit intermediary for used car finance. They have been fined £170,000 for sending spam text messages directing people to a number of car finance websites. The company was also issued with enforcement notices ordering it to stop marketing until consent had been obtained.

 

14 January 2021

A motor industry employee has been prosecuted for passing the personal information of service users to an accident claims management firm without authorisation.

Kim Doyle, of Village Lane, Higher Whitley, pleaded guilty to charges of conspiracy to secure unauthorised access to computer data, and to selling unlawfully obtained personal data. She was sentenced at Manchester Crown Court on 8 January 2021 to eight months' imprisonment, suspended for two years.

​

Doyle unlawfully compiled lists of road traffic accident data including partial names, mobile phone numbers and registration numbers despite having no permission from her employers. Doyle then unlawfully transferred the data she obtained to William Shaw; the director of an accident claims management firm.

William Shaw, of Flixton Road, Urmston, was also sentenced to eight months' imprisonment, suspended for two years after pleading guilty to conspiracy to secure unauthorised access to computer data.

​

Doyle and Shaw were also each ordered to carry out 100 hours' unpaid work and contribute £1,000 costs.

A Confiscation Order, under the Proceeds of Crimes Act, to recover benefit obtained as a result of the offending had been given by the Court in which Doyle must pay a benefit figure of £25,000 and Shaw must pay a benefit figure of £15,000. Both Doyle and Shaw will face three months' imprisonment if the benefit figures are not paid within three months.

cyberalarm.jpg
cyberalarm.jpg

Click on the Hiscox icon for insurance details

Hiscox logo.jpg
OGL.jpg
0333 772 1510

Hebborn Consultancy Ltd. is a private company limited by shares, registered in England and Wales number 11479220. ICO registration number ZA768371

Hebborn Consultancy Ltd. Chapman Way Hethel Norfolk  NR14 8FB.

The Company's' registered office is Tedder House Tedder Close Watton Norfolk IP25 6HU

©2025 Hebborn Consultancy Ltd. 

bottom of page