Online pharmacy slapped with £130,000 fine for flogging customer data

Perhaps not the best way to treat customers.

Online pharmacy slapped with £130,000 fine for flogging customer data

Privacy group: Must be a ban on all marketing to patients

20 Oct 2015 at 10:29, Kat Hall

Online pharmacy Pharmacy 2U has been slapped with a £130,000 fine by the Information Commissioner's Office for flogging customers to a marketing company without their consent.

The ICO said Pharmacy 2U offered the customer names and addresses for sale through an online marketing list company.

The ICO investigation found that Pharmacy 2U had not informed its customers that it intended to sell their details, and that the customers had not given their consent for their personal data to be sold on. This was in breach of the Data Protection Act.

Privacy group medConfidential, which informed the ICO of the practice, welcomed the fine but said more action needed to be taken.

Phil Booth, coordinator of medConfidential, said: “Vulnerable people shouldn’t be exposed to this sort of harm and distress, but what’s doubly appalling is that this was done by the largest NHS-approved online pharmacy in the country, which is part-owned by the company that provides a majority of GPs with their medical records systems.

"The government has to act decisively," added Booth. "Six-figure fines alone won’t stamp out this poisonous trade; not when there’s so much profit to be made. There must now be a blanket, statutory ban on all marketing to patients. Those who profiteer from patients’ data are predators and should face prison when they are caught.”

“This is a regrettable incident for which we sincerely apologise," said Daniel Lee, managing director, Pharmacy2U, in a statement. "While we are grateful that the ICO recognise that our breach was not deliberate, we appreciate this was a serious matter.

"As soon as the issue was brought to our attention, we stopped the trial selling of customer data and made sure that the information that had been passed on was securely destroyed," he added. "We have also confirmed that we will no longer sell customer data." ®

҉ helvella ɐllǝʌlǝɥ ҉ helvella ɐllǝʌlǝɥ ҉ helvella ɐllǝʌlǝɥ ҉ helvella ɐllǝʌlǝɥ ҉

This information is being sent from me personally and not in my capacity as an Admin of Thyroid UK. I am not a medical professional and this information is not intended to be a substitute for medical guidance from your own doctor. Please check with your personal physician before applying any of these recommendations.

Last edited by

13 Replies

  • Thanks Rod for this. It's not much of a deterrent though, they knew fine well that what they were doing was illegal. No mention of how much money they received for flogging personal details, now that would be interesting.

    Still, they're no worse than the NHS who are doing exactly the same allbeit with a half-hearted attempt to give people the choice to refuse.

  • We probably have quite a few actual, and more potential, customers here. Publicity is probably a stronger deterrent than the fine.

  • How can selling patient data not be 'deliberate'?

  • PattyOdores, was wondering that myself. I mean it's not like they had to market the info, set a price, invoice the buyer, and bank the monies is it? :o

  • Exactly, LOL

  • It's disgraceful. What will happen when our medical records go online?

  • I've opted out of everything I can, e.g. and summary care record. I dont trust the HSCIC with any of my data.

  • Heres the full ICO action..

    There is reference to the pharmacy not being deliberate 'partly', see section 59 if interested but i think thats a play on words in how its been reported.

    £130 per 1000 records. Some sold filtered for people aged over 70


  • Thanks for the full link PattyOdores, will take a proper read.

  • Having read the decision I fail to see how it was not deliberate ad pet para26. Purchased some NDT from them but will now de register from their mail shots.

    Which big NHS supplier part owns them? Is it EMIS?

  • Well EMIS have the largest share of the GP system market so could be. (53% in 2014)

  • Found EMIS own less than a fifth but are biggest share holder.Andy Hornby ex of HBOS, Boots and Coral became Chairman in 2012.

    Think I will complain to Information Commissioner on their understanding of "deliberate" which is a bit Lewis Carroll.

  • Sounds like my kids when they were little : I didn't do it deliberately... To which my answer was : that is no excuse! You did it because you didn't take enough care not to do it!!! Perhpas this pharmacy didn't take enough care not to get caught...

You may also like...