The director of a London-based software consultancy, who had the bright idea to exploit the shortage of PPE by buying up face masks to sell on at a profit, has been cuffed around the ear after his firm sent thousands of unlawful emails to promote the new enterprise.
Hammersmith-based Studios MG was incorporated in 2015 by sole director Malcolm Graham, who is also a director of IT firms Trainify, Aceify and IUK Studios, and household and sanitary goods maker Releyn, where his occupation is listed as an “entrepreneur”.
However, it seems that Graham is more Del Boy Trotter than Duncan Bannatyne and, early on in the Covid-19 pandemic, he spotted an opportunity to make a few extra quid by flogging highly sought-after PPE.
Graham launched his get-rich-quick quest on April 30, at the height of the pandemic, by sending out at least 9,000 marketing emails to promote his wares.
What he had not bargained on was that the data he was using was in fact unlawful. According to an Information Commissioner’s Office investigation, Graham had randomly collected a list of contacts from a number of various sources, including his own LinkedIn and email contacts.
The ICO probe found that Studios MG was not involved in the business of supplying PPE at all, but that Graham had decided to buy face masks to sell on at a profit.
The regulator also found that, after initially contacting Studios MG, the company deleted a database of key evidence which would have shown the full extent of the volume of emails it had sent.
The company did not provide any evidence to the ICO that it had permission to contact the people on the list, or any accounts for the period covering the activity. This is unlawful under the Privacy & Electronic Communications Regulations 2003 (PECR).
Whacking the firm with a £40,000 fine, ICO head of investigations Andy Curry said: ”[We have] investigated a number of companies during the pandemic with the aim of protecting people from being exploited by unlawful marketing attempts. Nuisance emails are never welcome at any time, but especially when people may be feeling vulnerable or worried and their concerns heightened.
“We pursued this case because the company broke the law and invaded people’s privacy. We will take action where we find systematic flouting of the law and evidence of companies trying to make money from people via nuisance marketing.”
In order to prevent the company from breaking the law in the future, it has been slapped with an enforcement notice which orders it to stop such activity within 30 days.
Bristol firm pummelled for ‘profiteering from Covid-19’
Denham plays ‘good cop, bad cop’ in ICO rule shake-up
FCA plots campaign to combat the return of the rogues
Senior judge suspends all appeals against ICO rulings
ICO warns supermarkets over Covid-19 data retention
Regulator gives the green light for mobile data tracking
ICO pledges ‘light touch’ over coronavirus privacy fears
‘Alarmist’ and ‘exploitative’ coronavirus mask ad axed