Feeds

Watchdog mulls SOCA's secret dossier of private dicks 'hired to hack, blag'

Did corp goliaths know PIs may have broken law, ponders ICO

Securing Web Applications Made Simple and Scalable

The UK's privacy watchdog is now investigating whether corporate giants and others breached the Data Protection Act by hiring private eyes who allegedly hacked systems and blagged personal records.

The Information Commissioner’s Office (ICO) has received a list of 98 companies and individuals probed by the Serious Organised Crime Agency (SOCA) - which had been looking into claims of private investigators unlawfully accessing records and “blagging” personal files to get information for their clients.

SOCA's investigation, dubbed Operation Millipede, resulted in the conviction of four men for fraud last year. On 30 August, SOCA passed more than 20 files related to this investigation to the ICO, including correspondence and receipts between clients and the private gumshoes.

Details of a further nine clients have been withheld by SOCA, at the request of the Metropolitan Police, as they relate to ongoing criminal investigations.

The ICO will now assess the SOCA material to establish whether or not the private dicks' clients were aware that laws may have been broken in obtaining requested information.

SOCA was heavily criticised for sitting on the information for several years: it's claimed the cops' dossier revealed a hive of illegal activity - and a level of wrongdoing that was far more widespread than the allegations of newspaper reporters' voicemail-eavesdropping and blagging that led Rupert Murdoch to close the News of the World.

The ICO can wield several powers, depending on the outcome of the investigation, to end any data snaffling or possibly launch a criminal prosecution. Unlawfully obtaining or accessing personal data, contrary to section 55 of the Data Protection Act 1998, or for failing to notify as a data controller, could result in a prosecution against the customers of dodgy private dicks.

Other enforcement options include a civil action for breaching the Data Protection Act, with monetary penalties of up to £500,000, and enforcement notices and undertakings, to oblige changes in policies or procedures. The ICO will also establish whether the clients fall under the ICO’s jurisdiction. Initial estimates suggesting as many as a quarter of the clients may have been based outside the UK.

"We will liaise with our international counterparts where an organisation or individual appears to have breached the Data Protection Act, but is based abroad," an ICO statement explains.

The ICO warned that even the initial phase of its investigation is likely to take several months. It will not be publishing the list of clients at this stage, it says, so as not to prejudice any potential criminal prosecution. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.