16/06/2017
Morrisons Break Personal Information Regulations
A recent investigation by the Information Commissioner’s Office (ICO) has revealed that the supermarket chain, Morrisons has been found guilty and fined for breaking personal information regulations.
The investigation shows that Morrisons shared the email addresses of over 130,000 people to send unsolicited marketing emails when these customers had opted to not receive such emails from Morrisons.
Sent in October and November
The emails which were entitled, ‘Your Account Details’, were found to have been deliberately sent in October and November 2016 to 130,671 recipients who had previously stated that they did not want to receive emails with information about the ‘More’ card. The emails were offering money off coupons, extra ‘More points’ and the latest Morrisons news to recipients.
The investigation also reveals that a further 105,980 marketing emails were instigated by Morrisons, although these were not received by the intended recipients. This does, however support the suggestion of intent to send out high numbers of marketing emails.
The deputy commissioner of the ICO, Simon Entwisle stated that it is of a paramount importance to maintain trust in companies that they will respect wishes of the customers related to usage of their personal information in marketing purposes.
The penalty handed to Morrisons for breaking the privacy and electronic communication regulations is a fine of £10,500, which they have to pay before 13th July 2017.
Privacy and Electronic Communication Regulations
The privacy and electronic communication regulations state that a person cannot transmit or initiate transmission related to unsolicited communications with the direct marketing purposes through electronic mail. This is only lawful if the recipient of the e-mail has previously given consents that such communications can be sent or initiated for sending by the sender.
This means that businesses need to obtain permission from recipients before sending out marketing emails, and it is quite clear that in the Morrisons case, these regulations were violated. A new data protection law is set to be introduced next May which is intended to protect even more people’s personal data from unsolicited email marketing.
It is highly recommended that any businesses who use email marketing, are familiarised with the most up-to-date regulations about personal privacy and data protection to avoid getting into hot water such as that which Morrisons have found themselves in.
For a company as large as Morrisons, the fine of £10,500 isn’t going to have a huge effect. It does, however serve as a warning to them and other businesses that these regulations are to be taken seriously and the privacy of email recipients at the forefront of email marketing.