Feeds

Watchdog mulls SOCA's secret dossier of private dicks 'hired to hack, blag'

Did corp goliaths know PIs may have broken law, ponders ICO

Secure remote control for conventional and virtual desktops

The UK's privacy watchdog is now investigating whether corporate giants and others breached the Data Protection Act by hiring private eyes who allegedly hacked systems and blagged personal records.

The Information Commissioner’s Office (ICO) has received a list of 98 companies and individuals probed by the Serious Organised Crime Agency (SOCA) - which had been looking into claims of private investigators unlawfully accessing records and “blagging” personal files to get information for their clients.

SOCA's investigation, dubbed Operation Millipede, resulted in the conviction of four men for fraud last year. On 30 August, SOCA passed more than 20 files related to this investigation to the ICO, including correspondence and receipts between clients and the private gumshoes.

Details of a further nine clients have been withheld by SOCA, at the request of the Metropolitan Police, as they relate to ongoing criminal investigations.

The ICO will now assess the SOCA material to establish whether or not the private dicks' clients were aware that laws may have been broken in obtaining requested information.

SOCA was heavily criticised for sitting on the information for several years: it's claimed the cops' dossier revealed a hive of illegal activity - and a level of wrongdoing that was far more widespread than the allegations of newspaper reporters' voicemail-eavesdropping and blagging that led Rupert Murdoch to close the News of the World.

The ICO can wield several powers, depending on the outcome of the investigation, to end any data snaffling or possibly launch a criminal prosecution. Unlawfully obtaining or accessing personal data, contrary to section 55 of the Data Protection Act 1998, or for failing to notify as a data controller, could result in a prosecution against the customers of dodgy private dicks.

Other enforcement options include a civil action for breaching the Data Protection Act, with monetary penalties of up to £500,000, and enforcement notices and undertakings, to oblige changes in policies or procedures. The ICO will also establish whether the clients fall under the ICO’s jurisdiction. Initial estimates suggesting as many as a quarter of the clients may have been based outside the UK.

"We will liaise with our international counterparts where an organisation or individual appears to have breached the Data Protection Act, but is based abroad," an ICO statement explains.

The ICO warned that even the initial phase of its investigation is likely to take several months. It will not be publishing the list of clients at this stage, it says, so as not to prejudice any potential criminal prosecution. ®

Remote control for virtualized desktops

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.