23 August 2019 | Comment | Article by Mark Harvey

Bounty UK Limited data protection breach and private information misuse

Hugh James has been instructed by parents who were the victims of misuse of their private information and breaches of the Data Protection Acts by Bounty (UK) Limited and the National Health Service.

Some families were cold called by salesman in arrangements with hospital staff, resulting in their family details being taken and sold on without their consent or understanding.

In other cases the limited permission that families gave to Bounty, sometimes online, did not permit the manner in which Bounty (UK) Limited used that information.

On 9 April 2019 the Information Commissioners Office issued a monetary penalty notice against Bounty (UK) Limited in the sum of £400,000. It considered Bounty (UK) Limited to have caused a “serious contravention of the first data protection principal from schedule one to the DPA… by sharing the personal data of over 14 million individuals to a number of organisations including credit reference and marketing agencies without informing those individuals that it might do so.”

The Data Protection Act 2018 does permit an individual who can demonstrate some loss or significant distress to be compensated for the misuse of the information.

If you consider that you have been affected to this extent by the actions of Bounty (UK) Limited or indeed the hospital where this information was provided then you may be entitled to make a claim. Please contact our specialist team for more information. 

Please note that the right to pursue a claim expires six years from the date of the breach.

Disclaimer: The information on the Hugh James website is for general information only and reflects the position at the date of publication. It does not constitute legal advice and should not be treated as such. If you would like to ensure the commentary reflects current legislation, case law or best practice, please contact the blog author.

Business news, knowledge and insight