“It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes; and vice versa. It should never have happened.”
The Information Commissioner’s Office (ICO) will review the data protection practices at Leave.EU and Eldon Insurance after both companies accumulated combined fines of £120,000 for serious breaches of electronic marketing laws.
Eldon Insurance (trading as Go Skippy Insurance) and Leave.EU were investigated last November as part of the ICO’s review of data analytics use in political campaigns.
The investigation revealed that both organisations were ‘closely linked’ and that: “Systems for segregating the personal data of insurance customers’ from that of political subscribers’ were ineffective.”
The ICO discovered that Leave.EU had unlawfully send out nearly 300,000 political marketing messages to customers of Eldon Insurance. While the insurance company was found to have committed two unlawful direct marketing campaigns by sending more than one million emails to Leave.EU subscribers without first getting the proper consent.
For its part in the breach Leave.EU has been fined £15,000 for using the insurance company’s customer data unlawfully to send marketing messages to 300,000 people.
However, both companies were also fined as part of a second incident where 1,020,661 emails were sent to Leave.EU subscribers offering them 10 percent off GoSkippy insurance. No users had given consent to be target by this marketing. The ICO fined Leave.EU £45,000, while Eldon Insurance received a fine of £60,000.
Audit of Data Practices to Follow
Elizabeth Denham Information Commissioner commented in a released statement that: “It is deeply concerning that sensitive personal data gathered for political purposes was later used for insurance purposes; and vice versa. It should never have happened.”
“We have been told both organisations have made improvements and learned from these events. But the ICO will now audit the organisations to determine how they are using customers’ personal information.”
As part of their ongoing audit of both organisations the ICO has notified them that they will be conducting further investigation into how personal data is processed within each organisation and their data protection practices will be observed.
The ICO assessment notice gives them access to the joint office shared by Eldon insurance and Leave.EU, with the ICO warning in their report that: “It is a criminal offence to obstruct an ICO audit or destroy information covered by it.”