Author - admin

1
UK Data Protection: Beware of the consequences of unsolicited marketing emails!
2
Australia Cyber Attack Statistics
3
Primera Blue Cross Cyberattack
4
Government Regulation, Legislation and Enforcement Updates
5
European Union – General Data Protection Regulation (GDPR)

UK Data Protection: Beware of the consequences of unsolicited marketing emails!

By Claude-Étienne Armingaud and Keisha Phippen

Sending unsolicited marketing emails could prove costly to UK organisations, as bike and car accessory retailer Halfords have recently discovered.

Last month, Halfords were handed a fine of £30,000 by the Information Commissioner’s Office (ICO) for sending around half a million unsolicited marketing email messages to customers who had not previously opted-in to marketing (see here).

The fine was issued under the Privacy and Electronic Communications Regulations (PECR), which gives people specific privacy rights in relation to electronic communications and restricts how unsolicited direct marketing is carried out.

An investigation carried out by the ICO found that the retailer broke the laws governing electronic communications by sending out emails relating to a government voucher scheme that gave people £50 off the cost of repairing a bike at any participating store or mechanic in England. The email not only pointed customers to the government website, it also invited them to book a bike assessment and to redeem their voucher at their chosen Halfords store. The ICO concluded that the insinuation of Halfords having a direct connection with the government scheme encouraged its customers to redeem the voucher in its stores and that Halfords was therefore advertising its own services.

PECR prevents organisations from sending emails or messages to people unless they have consented to it or they are an existing customer who has bought similar products or services in the past (known as the “soft opt-in” rule).

Halfords argued that the email constituted a service message and should not be categorised as direct marketing, but the ICO maintained that the email did constitute direct marketing because it satisfied the definition of such under Paragraph 35 of the ICO’s Direct Marketing Guidance (see here).  In addition, the ICO concluded that the soft opt-in rule could not apply because the targeted customers had already opted out. 

Andy Curry, Head of Investigations at the ICO said: “This [decision] sends a message to similar organisations to review their electronic marketing operations, and that we will take necessary action if they break the law.”

Primera Blue Cross Cyberattack

by Jim Bulling and Julia Baldi

Primera Blue Cross, a U.S. health insurer announced up to 11 million customers could have been affected by a cyberattack, with hackers gained access to its computers on May 5 2014, and the breach only being discovered on January 29 2015. Affected customers are eligible for two years of free credit monitoring and identify theft protection services.

See the Primera press release here and a CIO article on the breach here.

Government Regulation, Legislation and Enforcement Updates

by Jim Bulling and Julia Baldi

China Introduces new Cybersecurity Laws
China introduced new cybersecurity laws, which require both local and foreign banks and financial institutions with Chinese clients (including Australian financial institutions) to use IT equipment deemed “secure and controllable” by Beijing. The breadth of the laws has upset foreign financial institutions given the potential cost of compliance if foreign entities must implement IT equipment systems in accordance with Chinese directives.

See the Financial Times report here.

Read More

European Union – General Data Protection Regulation (GDPR)

by Jim Bulling and Julia Baldi

The European Union has indicated an intention to finalise the General Data Protection Regulation (GDPR) before the end of 2015. This has the potential to effect Australian companies operating or storing data in Europe.

See the EU press release here.

Copyright © 2022, K&L Gates LLP. All Rights Reserved.