Feeds

ICO: Private dicks broke data-protection rules when they blagged data

Fate of ICU Investigations to be decided next year, says judge

Reducing the cost and complexity of web vulnerability management

Two private investigators who tricked organisations into revealing personal details about customers have been found guilty of breaching the Data Protection Act.

Barry Spencer, 41, and Adrian Stanton, 40, who ran ICU Investigations Ltd in Feltham, Middlesex, were convicted at Isleworth Crown Court of conspiring to unlawfully obtain personal data.

Five other employees of ICU Investigations had previously pleaded guilty to the same offence. All face a sentencing hearing scheduled for 24 January 2014.

ICU Investigations took on debt recovery work for various clients that involved tracing individuals. Isleworth Crown Court heard private detectives employed by the firm routinely tricked organisations including utility companies, doctors' surgeries and TV Licensing into revealing personal data, often by claiming to be the targeted individual.

The company came to the attention of data privacy watchdogs at the Information Commissioner's Office, who launched an investigation that concluded with estimates that ICU Investigations was culpable for nearly 2,000 separate data privacy breaches between April 2009 and May 2010.

In a statement, ICO Criminal Investigations Team manager Damian Moran said: “Private investigators must learn they are not above the law. While the majority of private investigators go about their business in an honest manner, unscrupulous operators such as ICU Investigations Ltd taint the industry and blight the reputations of their counterparts."

“These men knew they were breaking the law, but did so anyway, presumably confident they would not be caught. That faith was misplaced, and they and their employees will now face the consequences of their actions,” he added.

There is no suggestion of criminality in organisations - including Allianz Insurance PLC, Brighton & Hove Council, Leeds Building Society and Dee Valley Water - that employed ICU Investigations Ltd. The information they requested could typically have been obtained legitimately, according to the ICO, and wrongdoing only entered the frame because ICU Investigations routinely used illegal tactics.

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is only punishable by a fine, even in the case of more serious offences put before a Crown court. The ICO would like to see courts given the power to jail offenders for serious data breaches, as a deterrent.

Changes to allow the courts to impose custodial sentences where personal data has been illegally obtained are already on the statute book, as part of the Criminal Justice and Immigration Act 2008, but are yet to be activated.

Information Commissioner Christopher Graham commented: “Public confidence in the security of information held about them is the foundation on which all sorts of online services and developments depends."

“The public expects to see firmer action taken against people who break the rules in this area, and Parliament needs to recognise that. I spoke with the Home Secretary, Teresa May, on this matter earlier this week to urge her to introduce more effective sentences for these kinds of offences, and she has agreed to meet me to discuss the matter.” ®

Security and trust: The backbone of doing business over the internet

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.