Private Investigators who tricked companies and public services into handing over personal information have been found guilty of breaking data protection laws. Yet, despite committing thousands of offences in a single year, the individuals will only face a relatively small fine.
This case alone highlights that serious need for our courts to issue much tougher penalties for unlawfully obtaining or disclosing personal information, otherwise these cases will continue to occur. In this case, the court heard that nearly 2000 offences were committed between April 1 2009 and May 12 2010 by investigators working for ICU Investigations Ltd, whose clients include Allianz Insurance Plc, Hove Council, Leeds Building Society and Dee Valley Water.
Currently, unlawfully obtaining personal data is punishable by a fine of up to £5000 in a magistrate’s court, or an unlimited fine at a crown court. Many people will be shocked to learn that people who have been caught illegally accessing other people’s medical records and personal information will face such minimal penalties. We have consistently warned about the vulnerability of our personal information and we support the ICO in wanting to see stiffer penalties introduced for section 55 breaches.
If this case wasn’t evidence enough, the FT has disclosed that eight major construction companies have been forced to set up a compensation fund for construction workers whose names appeared on a secret industry “blacklist”. The blacklist, used by 40 of the biggest companies, was discovered in a raid by the Information Commissioner’s Office in 2009, and contained 3,219 names of workers and hundreds of environmentalists.
The incident raises serious questions about where the information came from. In March 2012 the ICO’s David Clancy said: “There is information on the Consulting Association files that I believe could only be supplied by the police or the security services”. With such a violation of privacy, it is only right that individuals involved should absolutely be facing prosecution for obtaining and divulging the information.
The Information Commissioner, Christopher Graham has warned that “Public confidence in the security of information held about them is the foundation on which all sorts of online services and developments depends. The public expects to see firmer action taken against people who break the rules in this area, and Parliament needs to recognise that.”
It is hardly surprising people choose to ignore the law when the penalties handed down are trivial. It is essential that people who deliberately set out to acquire personal information without permission face the prospect of a jail sentence if people’s privacy is to be protected. Equally, the companies paying these investigators should not be able to turn a blind eye to the methods being employed on their behalf. They are paying for information and should face the full force of the law if they do not take steps to ensure it was legally acquired.
The Information Commissioner is absolutely right that tougher penalties are needed urgently and Parliament should not delay in giving him the powers he needs to protect our privacy.