Feeds

ICO: Private dicks broke data-protection rules when they blagged data

Fate of ICU Investigations to be decided next year, says judge

Providing a secure and efficient Helpdesk

Two private investigators who tricked organisations into revealing personal details about customers have been found guilty of breaching the Data Protection Act.

Barry Spencer, 41, and Adrian Stanton, 40, who ran ICU Investigations Ltd in Feltham, Middlesex, were convicted at Isleworth Crown Court of conspiring to unlawfully obtain personal data.

Five other employees of ICU Investigations had previously pleaded guilty to the same offence. All face a sentencing hearing scheduled for 24 January 2014.

ICU Investigations took on debt recovery work for various clients that involved tracing individuals. Isleworth Crown Court heard private detectives employed by the firm routinely tricked organisations including utility companies, doctors' surgeries and TV Licensing into revealing personal data, often by claiming to be the targeted individual.

The company came to the attention of data privacy watchdogs at the Information Commissioner's Office, who launched an investigation that concluded with estimates that ICU Investigations was culpable for nearly 2,000 separate data privacy breaches between April 2009 and May 2010.

In a statement, ICO Criminal Investigations Team manager Damian Moran said: “Private investigators must learn they are not above the law. While the majority of private investigators go about their business in an honest manner, unscrupulous operators such as ICU Investigations Ltd taint the industry and blight the reputations of their counterparts."

“These men knew they were breaking the law, but did so anyway, presumably confident they would not be caught. That faith was misplaced, and they and their employees will now face the consequences of their actions,” he added.

There is no suggestion of criminality in organisations - including Allianz Insurance PLC, Brighton & Hove Council, Leeds Building Society and Dee Valley Water - that employed ICU Investigations Ltd. The information they requested could typically have been obtained legitimately, according to the ICO, and wrongdoing only entered the frame because ICU Investigations routinely used illegal tactics.

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is only punishable by a fine, even in the case of more serious offences put before a Crown court. The ICO would like to see courts given the power to jail offenders for serious data breaches, as a deterrent.

Changes to allow the courts to impose custodial sentences where personal data has been illegally obtained are already on the statute book, as part of the Criminal Justice and Immigration Act 2008, but are yet to be activated.

Information Commissioner Christopher Graham commented: “Public confidence in the security of information held about them is the foundation on which all sorts of online services and developments depends."

“The public expects to see firmer action taken against people who break the rules in this area, and Parliament needs to recognise that. I spoke with the Home Secretary, Teresa May, on this matter earlier this week to urge her to introduce more effective sentences for these kinds of offences, and she has agreed to meet me to discuss the matter.” ®

Beginner's guide to SSL certificates

More from The Register

next story
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.