Cheshire law firm Bott & Co has started preparing a group action against pregnancy and parenting support club Bounty, for illegally sharing personal information of 14 million people.
The firm said those affected could be entitled to a share of millions of pounds, amounting to hundreds and even thousands in compensation individually, depending on the seriousness of the breach.
The claim will be for distress and inconvenience, unless individuals can show any specific losses.
Bounty was fined £400,000 by the Information Commissioner’s Office (ICO) earlier this month for collecting personal information for the purpose of membership registration, but also operating as a data broking service between 1 June 2017 and 30 April 2018, supplying data to third parties for the purpose of electronic direct marketing.
The ICO found that Bounty shared more than 34 million records between June 2017 and April 2018 with 39 organisations, including credit reference and marketing agencies such as Acxiom, Equifax, Indicia and Sky.
ICO director of investigations Steve Eckersly said: “The number of personal records and people affected in this case is unprecedented in the history of ICO’s investigations into the data broking industry and organisations linked to this.
“Bounty were not open or transparent to the millions of people that their personal data may be passed on to such large number of organisations. Any consent given by these people was clearly not informed.
“Bounty’s actions appear to have been motivated by financial gain, given that data sharing was an integral part of their business model at the time.
“Such careless data sharing is likely to have caused distress to many people, since they did not know that their personal information was being shared multiple times with so many organisations, including information about their pregnancy status and their children”
Bott & Co solicitor Coby Benson said it was “shocking” that Bounty sold customer data for its own financial gain.
“People affected must feel betrayed since they did not know their details were being shared with third parties.”