Cyber Security

Amex fined £90,000 for sending 4 million spam emails in a year

0

American Express (Amex) has been fined £90,000 by the UK data regulator for sending over 4 million spam emails to customers within one year.

The UK Information Commissioner’s Office (ICO) stated that during the investigation they found that Amex had sent over 50 million which they claim as servicing emails to its customers.

The ICO revealed that for nearly 12 months, between 1 June 2018 and 21 May 2019, 4,098,841 of those emails were marketing emails, designed to encourage customers to make purchases on their cards which would benefit Amex financially.

Amex’s argument that they were sending emails designed to inform their customers regarding ongoing campaigns was considered groundless by the ICO.

The UK data regulator found that complaints showed the messages were direct marketing emails sent to customers who opted out.

The company rejected the complaints and decided not to review its marketing model, considering that the marketing emails were a requirement of Credit Agreements with customers.

Andy Curry, ICO Head of Investigations stated that their investigation was initiated from just a handful of complaints from customers who were tired of being interrupted with emails they did not want to receive.

He also added that they would encourage all companies to revisit their procedures and familiarise themselves with the differences between a service email and a marketing email, and ensure their email communications with customers are compliant with the law.

By sending marketing emails to those who didn’t want to receive them, Amex broke Regulation 22 of the Privacy and Electronic Communications Regulations 2003 (PECR) that give people specific privacy rights in relation to electronic communications.

While the UK data watchdog can impose monetary penalties of up to £500,000 on data controllers, it decided to fine Amex only £90,000 as the company did not deliberately plan to violate PECR in this instance.

Amex can pay this fine by June 17, also if the payment is made in advance, the Commissioner will also reduce it by 20% to £72,000.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Air India data breach affects 4.5 million customers

    Previous article

    Domino’s India discloses data breach after hackers sell data online

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *