Feeds

ICO: Private dicks broke data-protection rules when they blagged data

Fate of ICU Investigations to be decided next year, says judge

Two private investigators who tricked organisations into revealing personal details about customers have been found guilty of breaching the Data Protection Act.

Barry Spencer, 41, and Adrian Stanton, 40, who ran ICU Investigations Ltd in Feltham, Middlesex, were convicted at Isleworth Crown Court of conspiring to unlawfully obtain personal data.

Five other employees of ICU Investigations had previously pleaded guilty to the same offence. All face a sentencing hearing scheduled for 24 January 2014.

ICU Investigations took on debt recovery work for various clients that involved tracing individuals. Isleworth Crown Court heard private detectives employed by the firm routinely tricked organisations including utility companies, doctors' surgeries and TV Licensing into revealing personal data, often by claiming to be the targeted individual.

The company came to the attention of data privacy watchdogs at the Information Commissioner's Office, who launched an investigation that concluded with estimates that ICU Investigations was culpable for nearly 2,000 separate data privacy breaches between April 2009 and May 2010.

In a statement, ICO Criminal Investigations Team manager Damian Moran said: “Private investigators must learn they are not above the law. While the majority of private investigators go about their business in an honest manner, unscrupulous operators such as ICU Investigations Ltd taint the industry and blight the reputations of their counterparts."

“These men knew they were breaking the law, but did so anyway, presumably confident they would not be caught. That faith was misplaced, and they and their employees will now face the consequences of their actions,” he added.

There is no suggestion of criminality in organisations - including Allianz Insurance PLC, Brighton & Hove Council, Leeds Building Society and Dee Valley Water - that employed ICU Investigations Ltd. The information they requested could typically have been obtained legitimately, according to the ICO, and wrongdoing only entered the frame because ICU Investigations routinely used illegal tactics.

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is only punishable by a fine, even in the case of more serious offences put before a Crown court. The ICO would like to see courts given the power to jail offenders for serious data breaches, as a deterrent.

Changes to allow the courts to impose custodial sentences where personal data has been illegally obtained are already on the statute book, as part of the Criminal Justice and Immigration Act 2008, but are yet to be activated.

Information Commissioner Christopher Graham commented: “Public confidence in the security of information held about them is the foundation on which all sorts of online services and developments depends."

“The public expects to see firmer action taken against people who break the rules in this area, and Parliament needs to recognise that. I spoke with the Home Secretary, Teresa May, on this matter earlier this week to urge her to introduce more effective sentences for these kinds of offences, and she has agreed to meet me to discuss the matter.” ®

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.