Supermarket group Morrisons has been fined by the UK government's data protection watchdog the Information Commissioner's Office (ICO) for sending marketing emails to people who had opted out.
According to the ICO, Morrisons "deliberately sent 130,671 emails to people who had previously opted out of receiving marketing related to their Morrisons More card".
The Morrisons More card is the supermarket's points-based loyalty scheme. The ICO investigation found that the supermarket had emailed its customers inviting them to change their account preferences in exchange for More points and money off vouchers. A total of 236,651 emails were sent in October and November 2016 to people who had previously opted out of receiving marketing communications related to their More card, although only 130,671 we received.
The supermarket chain was fined fined £10,500 for breaking the Privacy and Electronic Communication Regulations (PECR). The maximum possible fine for this offence is £500,000.
The ICO has shown itself to be increasingly ready to hand out fines for misuse of personal data. While the amount in this case is relatively small, the damage to Morrisons' reputation is likely to have more impact in an age in which trust is increasingly a differentiator.
In its defence Morrisons had said that it had received queries from customers who had not received emails as that as a result of an update to their systems earlier in the year. It said it had made the decision to send the "Your account details" email to opted out individuals to advise them how to update their marketing preferences.
With the EU GDPR becoming law in May next year, many companies will be seeking consent from existing customers to continue sending them marketing messages. It is important that they do not include advertising or marketing messages in these "re-consenting" communications, says the ICO, which has published a guide for organisations who use direct marketing.
Recently airline Flybe was fined £70,000 by the ICO for sending more than 3 million "Are your details correct?" emails, including to people who had not opted into such communications. Honda was fined £13,000 for a similar offence.
Cyber attack on Scottish Parliament comes after MPs at Westminster were targeted in June by a similar brute force attack
The UK still has 40,000 barely used phone boxes littering the landscape
Company files S1 in secret after hiring underwriters in May
Start-up Kolos given the go-ahead to build massive data centre at Ballangen in the Norwegian Arctic Circle