Cookie policy notice

By continuing to use this site you agree to our cookies policy below:
Since 26 May 2011, the law now states that cookies on websites can ony be used with your specific consent. Cookies allow us to ensure that you enjoy the best browsing experience.

This site is intended for health professionals only

At the heart of general practice since 1960

Pharmacy hit with £130,000 fine for selling on patient data

A major online pharmacist has been fined £130,000 by the information commissioner for selling on the data of more than 20,000 patients to secondary marketing companies, which is likely to have resulted in patients having ‘suffered financially’.

The Information Commissioner’s Office (ICO) today fined Pharmacy 2U for failing to inform customers of their intention to sell on their names and postal addresses through an online marketing list company, and for selling it without consent, in contravention of the Data Protection Act.

While the company says medical details were not passed on, it has not been able to notify the customers affected because it ordered the ‘certified destruction’ of their names when the breaches came to light.

The companies who bought Pharmacy 2U customer data, include a health supplements company that has been cautioned for misleading advertising and unverified health claims.

It also included an Australian lottery company under investigation by Trading Standards and which an ICO investigation said  ‘appeared to have deliberately targeted elderly and vulnerable individuals, and it is likely that some customers will have suffered financially as a result of their details being passed on’.

The breaches were partly identified as part of a Daily Mail investigation into list marketing companies targeting vulnerable individuals.

Pharmacy 2U has said that it undertook due diligence of companies buying data, but there was no publicly available information about questionable trading practices at the time.

The company ‘sincerely apologised’ for the breach, and said that as soon as it was made aware of the breach it ‘stopped the trial selling of customer data and made sure that the information that had been passed on was securely destroyed’.

Daniel Lee, managing director of Pharmacy 2U, said: ‘This is a regrettable incident for which we sincerely apologise.

‘While we are grateful that the ICO recognise that our breach was not deliberate, we appreciate this was a serious matter… We have also confirmed that we will no longer sell customer data.’

A spokesperson told Pulse: ‘As soon as the issue was brought to our attention, we ordered the certificated destruction of all the names and addresses that had been sold. For that reason, we are unable to contact individual patients.’

ICO deputy commissioner David Smith said: ‘Patient confidentiality is drummed into pharmacists. It is inconceivable that a business in this sector could believe these actions were acceptable.

‘Put simply, a reputable company has made a serious error of judgement, and today faces the consequences of that. It should send out a clear message to other companies that the customer data they hold is not theirs to do with as they wish.’

 

Readers' comments (5)

  • Cheap fine really - what if we all did that: double standard world. "We have also confirmed that we will no longer sell customer data" - well der.

    Unsuitable or offensive? Report this comment

  • You failed to mention who has a 20% stake in it. Further proof if you need it that the NHS is being geared up for back-door privatization.

    Unsuitable or offensive? Report this comment

  • Interesting concept that it seems that the breach was "not deliberate". Presumably the sale of the data occurred without any knowledge that it occurred and without any payment being received. Unfortunate or unbelievable?

    Unsuitable or offensive? Report this comment

  • Thankfully not all pharmacies are run this way... As with everything - the more power and political clout you have, the more one is able to get away with highly unethical acts! Disgraceful and they should lose their pharmacy registration!

    Unsuitable or offensive? Report this comment

  • I agree. Feel like an idiot shredding spare address labels when the big guys are doing this!

    Unsuitable or offensive? Report this comment

  • This comment has been moderated

Have your say

IMPORTANT: On Wednesday 7 December 2016, we implemented a new log in system, and if you have not updated your details you may experience difficulties logging in. Update your details here. Only GMC-registered doctors are able to comment on this site.