Context
The ICO has published details of two monetary penalty notices that it has issued, both for different reasons but both arising out of systems failings.
Key points to note
Royal Mail inadvertently sent follow-up direct marketing e-mails to 215,202 parties who had expressed a desire to no longer receive marketing from Royal Mail. Royal Mail had initially identified that these parties and had separated their data away from a mailing list to which a marketing communication was sent. The separation was not sufficient though to stop a follow-up communication being sent to these identified parties. The systems failing, therefore, was the inadequacy of the data separation.
Tuckers Solicitors were the victim of a ransomware attack. The attack was possibly possible because of the late application of a security patch to the firm’s systems. The patch was issued in January 2020 but not applied by the firm until June 2020. The systems failing in this case was the late application of the security patch.
Next actions
None – for information and awareness, but firms need to be aware of the importance of data systems controls and protections.