UK's largest pharmacy fined for selling personal data to scam artists
The biggest online pharmacy in the UK has been slapped with a £130,000 fine after they sold patients' personal data to scammers. Those scam artists then targeted people who are vulnerable and sick, which is just great.
Pharmacy2U (P2U) was hauled in by the Information Commissioner's Office (ICO) after it was discovered that they'd been giving names and contact details for people who had bought prescriptions and remedies from their site, through their Alchemy Direct Media company. It turns out they'd illegally sold the personal data of more than 21,000 NHS patients and P2U customers.
You're supposed to get people's permission before you sell their personal data - they did not.
It might be an idea to run a quality control over who you're selling it to, which this lot clearly didn't do, as one of the companies that bought the data were lottery fraudsters, who then went after pensioners with chronic health conditions.
Over 100,000 customer details were advertised for sale on the database, which actually broke people down into categories, such as detailing which people had Parkinson's disease, or which ones were over 70.
ICO deputy commissioner David Smith said: "Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable. Put simply, a reputable company has made a serious error of judgement, and today faces the consequences of that. It should send out a clear message to other companies that the customer data they hold is not theirs to do with as they wish."
"Once people's personal information has been sold on once in this way, we often see it then gets sold on again and again. People are left wondering why so many companies are contacting them and how they come to be in receipt of their details."
"Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable"
Daniel Lee, managing director of P2U, said: "This is a regrettable incident for which we sincerely apologise. While we are grateful that the ICO recognises that our breach was not deliberate, we appreciate this was a serious matter. As soon as the issue was brought to our attention, we stopped the trial selling of customer data and made sure that the information that had been passed on was securely destroyed. We have also confirmed that we will no longer sell customer data."
"We take our responsibilities to the public very seriously and want to reassure our customers that no medical information, email addresses or telephone numbers were sold. Only names and postal addresses were given, for one-time use."