Grove Pensions Solutions, based in Kent, hired a third party marketing firm to distribute over 2 million emails over a twelve month period, promoting its services. An investigation led by the Information Commissioners Office found that Grove Pension Solutions Ltd was responsible for the two million emails, which were sent between 31 October 2016 and 31 October 2017.
The ICO found that Grove Pensions Solutions had instructed a marketing company and used third party email providers to carry out hosted marketing campaigns, that advertised the company’s services. The company had sought specialist advice from a data protection consultancy as well as independent legal advice, however, the ICO found that the marketing firm provided inaccurate advice and did not comply with regulations. The ICO said that a simple review of the customer journey would have exposed the issues apparent with the consents.
The law states that organisations cannot send direct marketing emails unless the recipient has given them specific consent to do so. This also applies to organisations using third parties to send direct marketing on their behalf.
Andy White, Director Of Investigations and Intelligence at the ICO, said: “Spam email uses people’s personal data unlawfully, filling up their inboxes and promoting products and services which they don’t necessarily want. We acknowledge that Grove Pension Solutions Ltd took steps to check that their marketing activity was within the law, but received misleading advice. However, ultimately, they are responsible for ensuring they comply with the law and they were in breach of it. The ICO is here to provide businesses with guidance about electronic marketing and data protection, free of charge. The company could have contacted us and avoided this fine.”
The law says that organisations cannot generally send marketing emails unless the recipient has given them their consent to receive them. This applies equally to organisations using third parties to send direct marketing on their behalf.
Protect Yourself From Spam Emails
If you receive a spam email it could contain links to a malicious web page that is being used to harvest personal details, possibly in order to access victim’s bank accounts.
- Double check where the email has come from before clicking on the link.
- Consider contacting the company separately to double check your account activity.
- Remember trusted companies’ will not request your personal details via email or through attached links.
- If you have filled in one of the forms, do not use online banking until you have had your computer checked out by an expert. Also consider contacting your bank to make them aware of the situation – money held in your account may be at risk.
If you receive one of these emails report it to Action Fraud by calling 0300 123 2040 or by using the online reporting tool.