Feeds

Watchdog mulls SOCA's secret dossier of private dicks 'hired to hack, blag'

Did corp goliaths know PIs may have broken law, ponders ICO

Secure remote control for conventional and virtual desktops

The UK's privacy watchdog is now investigating whether corporate giants and others breached the Data Protection Act by hiring private eyes who allegedly hacked systems and blagged personal records.

The Information Commissioner’s Office (ICO) has received a list of 98 companies and individuals probed by the Serious Organised Crime Agency (SOCA) - which had been looking into claims of private investigators unlawfully accessing records and “blagging” personal files to get information for their clients.

SOCA's investigation, dubbed Operation Millipede, resulted in the conviction of four men for fraud last year. On 30 August, SOCA passed more than 20 files related to this investigation to the ICO, including correspondence and receipts between clients and the private gumshoes.

Details of a further nine clients have been withheld by SOCA, at the request of the Metropolitan Police, as they relate to ongoing criminal investigations.

The ICO will now assess the SOCA material to establish whether or not the private dicks' clients were aware that laws may have been broken in obtaining requested information.

SOCA was heavily criticised for sitting on the information for several years: it's claimed the cops' dossier revealed a hive of illegal activity - and a level of wrongdoing that was far more widespread than the allegations of newspaper reporters' voicemail-eavesdropping and blagging that led Rupert Murdoch to close the News of the World.

The ICO can wield several powers, depending on the outcome of the investigation, to end any data snaffling or possibly launch a criminal prosecution. Unlawfully obtaining or accessing personal data, contrary to section 55 of the Data Protection Act 1998, or for failing to notify as a data controller, could result in a prosecution against the customers of dodgy private dicks.

Other enforcement options include a civil action for breaching the Data Protection Act, with monetary penalties of up to £500,000, and enforcement notices and undertakings, to oblige changes in policies or procedures. The ICO will also establish whether the clients fall under the ICO’s jurisdiction. Initial estimates suggesting as many as a quarter of the clients may have been based outside the UK.

"We will liaise with our international counterparts where an organisation or individual appears to have breached the Data Protection Act, but is based abroad," an ICO statement explains.

The ICO warned that even the initial phase of its investigation is likely to take several months. It will not be publishing the list of clients at this stage, it says, so as not to prejudice any potential criminal prosecution. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.