Online pharmacy caught selling consumer data to a lottery company
Everyone worries about online privacy to one extent or another. There's a lot of variation between the lackadaisical and the tin-foil hat brigade. The best place is usually somewhere in the middle, those who are cautious but don't go overboard. That can be difficult to balance when stories like this come along -- an online pharmacy turning over its customer info.
This happened in the United Kingdom and was investigated by the ICO (Information Commissioner's Office) which is in charge of protecting consumer rights in just these types of incidents.
The company in question is named Pharmacy 2U and it was found to have handed over data from some 20,000 customers.
In the report, the organization claims "The ICO investigation found that Pharmacy 2U had not informed its customers that it intended to sell their details, and that the customers had not given their consent for their personal data to be sold on. This was in breach of the Data Protection Act".
ICO Deputy Commissioner David Smith added "Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable. Put simply, a reputable company has made a serious error of judgment, and today faces the consequences of that. It should send out a clear message to other companies that the customer data they hold is not theirs to do with as they wish".
The pharmacy was fined £130,000, and this will be slightly reduced if the company pays early -- it has until November 13 to meet that goal. Security firm Sophos points out that "It's not an irony that openness and privacy go together: if someone collects your personal data, they jolly well ought to be clear about what they plan to do with it".
While it's good to see things like this not go unpunished, it would be better still to think it didn't happen at all. Perhaps the tin-foil hat isn't always a bad idea.