How many?
So there have been 34 million pregnancies between June 2017 and April 2018. That is a pretty phenomenal percentage of the UK's population. Have they been harvesting everybody on Faecesbook or something?
Pregnancy and parenting club Bounty fined £400,000 for shady data sharing practices
The Information Commissioner’s Office has fined commercial pregnancy and parenting club Bounty some £400,000 for illegally sharing personal details of more than 14 million people. The organisation, which dishes out advice to expectant and inexperienced parents, has faced criticism over the tactics it uses to sign up new …
-
-
Friday 12th April 2019 14:24 GMT Rameses Niblick the Third Kerplunk Kerplunk Whoops Where's My Thribble?
Re: How many?
So there have been 34 million pregnancies between June 2017 and April 2018.
Erm...no. According to the article:
"Bounty shared roughly 34.4 million records from June 2017 to April 2018 "
So they shared 34.4 million records in that time, they will have acquired those records over a much longer time. Also note that the records probably relate to individuals, not pregnancies, so potentially 3 records per pregnancy (mother / father / sprog) or more in the case of multi-sprog pregnancies.
-
Sunday 14th April 2019 11:08 GMT Lee D
Re: How many?
There's no way that's true.
https://www.tommys.org/our-organisation/charity-research/pregnancy-statistics
If you multiply that out, that's about 750,000 babies a year.
Even taking into account that ~23% of pregnancies are unsuccessful, according to those same stats, they're at least one order of magnitude out (3.4m), and nearly two (340,000).
-
This post has been deleted by its author
-
Friday 12th April 2019 14:27 GMT Doctor Syntax
"Bounty shared roughly 34.4 million records from June 2017 to April 2018 with credit reference and marketing agencies. Acxiom, Equifax, Indicia and Sky were the four biggest of the 39 companies that Bounty told the ICO it sold stuff to."
How about a few prosecutions of those who bought the data? If the sale was illegal then the purchase must also have been. In the long run killing the market for illegal PII would be pretty effective.
-
Friday 12th April 2019 17:02 GMT Martin Gregorie
As a salutory lesson for Bounty and anybody else thinking of running a similar scam, the ICO should force Bounty to recover the data from those who they sold it to and pay back money earned from those now-reversed sales.
And, of course, the purchasers should be made to delete that data now they've got their money back.
-
Saturday 13th April 2019 14:13 GMT John Brown (no body)
"How about a few prosecutions of those who bought the data?"
Being in receipt of stolen goods, is not an offence unless it can be shown that the recipient knew it was stolen. Usually all that happens is the the stolen goods are recovered and the recipient ends up out of pocket.
So, what should happen is those who bought the data illegally sold should be forced to verifiably delete all of the data. Yes, they lose out on the value of the data and purchase cost, but so what? That's what happens to everyone else.
-
Saturday 13th April 2019 21:56 GMT Doctor Syntax
"Being in receipt of stolen goods, is not an offence unless it can be shown that the recipient knew it was stolen."
We're not dealing with goods, here, we're dealing with PII and there was legislation in place around that. If the buyers didn't do due diligence in relation to its being obtained it's their problem.
Interestingly Bounty stopped this last April. Remember what happened in May that might have influenced that? If any of their customers were still in possession of the data after GDPR came into force are they liable under that legislation?
-
-
-
Friday 12th April 2019 15:34 GMT Mystic Megabyte
free
Is Bounty a free service? (I can't be bothered to look) If so I suppose that the punters were the product.
On an unrelated note, news outlets moan about ad-blockers and want you to subscribe and pay. When I tried that the first thing I saw was "You agree that we can share your info with third parties". Well no I don't agree, you just lost a subscriber.
-
-
Friday 12th April 2019 18:47 GMT MonkeyCee
Re: free
They are, from all accounts, pretty scummy. They also are very reticent about admitting they are a private company, and like to imply they are part of the hospital.
Now they've been flogging their data, and don't really want to admit what they did was wrong. there whole business model has some serious ethical and moral problems.
-
Saturday 13th April 2019 06:00 GMT Anonymous Coward
Re: free
Post April 2018 they were still wandering maternity wards pretending to be hospital staff.
The nappies were useful, especially as the ward itself didn't seem to have any, and a newborn can go through 10-15 of them a day. Watching the meconium faeces come out is rather strange...
I honestly have no idea whether or not they got any information or what they said they'd do with it.
If they did then it was definitely not informed consent, given that many of the parents had been awake for 72 hours straight by that point, and the mothers had of course been rather busy shoving a huge roast potato personage out of her nether regions, or having their bellies sliced open to extract said potato.
In that situation most people would just answer any questions asked by someone who looked vaguely like they worked there.
-
-
-
-
Friday 12th April 2019 21:52 GMT Joeyjoejojrshabado
PS, Bounty are scum
"Of course, if the data sharing had been done since 25 May 2018, Bounty would be facing a far greater fine, up to 4 per cent of annual turnover or €20m, whichever is greater."
But then, the ICO didn't even use the maximum fine that was available under the 1998 DPA (£0.5m) so why would the fine have been greater if it had taken place post GDPR?
-
Saturday 13th April 2019 22:02 GMT Doctor Syntax
Re: PS, Bounty are scum
Very likely the company co-operated with the ICO. This normally gains a reduction in penalty. A penalty so near the maximum indicates that the ICO took the case very seriously indeed. Had it been under GDPR it's reasonable to expect a much larger fine would have taken place.
This is one of the things that we keep having to explain again and again.
-
Sunday 14th April 2019 12:21 GMT Joeyjoejojrshabado
Re: PS, Bounty are scum
Yes, the Commission's report notes that Bounty "voluntarily" ceased it's data trading practice before GDPR came in to force.
But the implication that GDPR's higher limit means that all fines would somehow scale up is nonsense and has been refuted by the Commissioner herself https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2017/08/blog-gdpr-sorting-the-fact-from-the-fiction/
-
-
-
Monday 15th April 2019 10:27 GMT Anonymous Coward
Bounty still don't really take data protection seriously. We noticed in January that as they come round the maternity ward offering to take photos, they type the parents details (name and address) into a laptop which displays them in what must be at least 48-point text. They then leave that on screen (slap bang in the middle) as they spend the next 10 minutes faffing about arranging the photos, for any by passer to have a good gawp at.
-
Monday 15th April 2019 12:23 GMT Captain Planet
They still do this after May 2018
"Of course, if the data sharing had been done since 25 May 2018, Bounty would be facing a far greater fine, up to 4 per cent of annual turnover or €20m, whichever is greater."
They still break GDPR rules after May 2018, new mothers are not advised on what they are signing up to (or that they are even signing up). A friend of mine recently had a baby, a Bounty rep had been in and spoken to his wife who was on all sorts of drugs after giving birth, he asked the rep what consent had been given (his details had been passed on without any communication with him) the rep simply said 'you just need to sign this', 'I just have to collect details' she didn't think any consent was needed and would not say (or did not know) what happens to the data. The rep was even dressed like a nurse and made out it was an NHS thing.
Bounty exploit their position of trust, they don't explain what you are signing up to and do not gain proper informed consent. They have not taken any notice of GDPR, I hope they get fined for their activity after May 2018.
Biting the hand that feeds IT
