Bounty are in nearly every NHS maternity ward in the United Kingdom, they have a website and a mobile phone app. They give away free maternity packs when you sign up to their services with offers for other companies. They also offer support to users on pregnancy and motherhood. By joining Bounty, users receive advice, packs and information on tracking their baby’s development.
Considering this, the primary victim of data loss are mothers and their children who registered with Bounty.
Between 1 June 2017 and 30 April 2018, Bounty disclosed personal data with third parties for direct marketing purposes. Over 35 million pieces of personal data were disclosed including data such as; full names, addresses, email addresses, telephone numbers, due date of baby. The Information Commissioners Office (The Government body that is responsible for Data Protection) has concluded that the data was sold illegally without consent. Bounty was fined £400,000 by the ICO for breaching Data Protection Law.
Data breach is a serious matter. Your data is valuable and under law, is protected by a number of laws to ensure that your personal information is not sold, lost or hacked.
Bounty did not ask for consent to share personal data with third parties at any point, a direct contravention of the Data Protection Act. Bounty did not take the necessary steps to avoid contravention causing undue stress to those whose data was shared.
The vast majority of the data was sold to Acxiom, Equifax, Indicia and Sky but bounty had also shared data with 35 other companies – bringing the total number of companies to 39.
As a result of this you would have received lots of emails, texts, calls and post from these companies without your consent causing you stress and inconvenience.