ICO News

East Lancashire Hospital Trust has contract with pregnancy club Bounty – Lancashire Telegraph

A HOSPITAL trust has a contract with a pregnancy and parenting company found to have illegally shared the personal information of more than 14 million people, it has emerged.

Bounty UK, which offers advice and goody bags to new parents, unlawfully shared its members’ data with marketing agencies, the Information Commissioner’s Office (ICO) said.

It included information on potentially vulnerable new mothers and children and appears to have been motivated by financial gain, the regulator added, as it handed the firm a £400,000 fine.

Now East Lancashire Hospitals Trust has confirmed it has a contract with Bounty will end on April 30 this year.

When asked by the Lancashire Telegraph, the trust would not confirm why they had terminated the contract and for how long it had been running for.

A trust spokesman said: “The trust’s contract with Bounty was terminated in 2018 and will end on April 30, 2019.”

Bounty operates within a number of NHS hospitals and is a familiar name in Britain’s maternity wards, where the company has been providing information packs and baby goody-bags to pregnant women and new parents since 1959.

But Russ McLean, chairman of the Pennine Lancashire Patient Voices Group, described the situation as ‘appalling’.

He said: “The trust should have tried harder to get out of the contract now they know what they know.

“I know they take data protection very seriously and that this would of come to a shock to them.

“What’s happened with Bounty may very well be the reason why they’ve terminated this contract.

“I’m appalled at companies such as Bounty taking personal data and selling something on the back of it and using the NHS to do this is deplorable.”

READ  Is the future stable for Libra? - BlueNotes

Steve Eckersley, ICO director of investigations said that Bounty was not open or transparent to the millions of people that their personal data may be passed on to such large number of organisations,

The company was found to have breached the Data Protection Act 1998 by sharing around 34.4 million records with agencies including Acxiom, Equifax, Indicia and Sky, the ICO said.

They are the four largest organisations out of a total of 39 which Bounty passed its information on to.

Mr Eckersley added: “Such careless data sharing is likely to have caused distress to many people, since they did not know that their personal information was being shared multiple times with so many organisations, including information about their pregnancy status and their children.”

Jim Kelleher, managing director of Bounty, said: “We acknowledge the ICO’s findings – in the past we did not take a broad enough view of our responsibilities and as a result our data-sharing processes, specifically with regards to transparency, were not robust enough.

“This was not of the standard expected of us. However, the ICO has recognised that these are historical issues.

“We will appoint an independent data expert to check how we are doing every year and we will publish their findings annually on the Bounty website.”


Leave a Reply