Apr 262014
 
 April 26, 2014  Posted by  Business, Non-U.S.

From the Information Commissioner’s Office:

A man who ran a company that tricked organisations into revealing personal details about customers has today been ordered to pay a total of £20,000 in fines and prosecution costs, as well as a confiscation order of over £69,000 at a hearing at Isleworth Crown Court.

Barry Spencer, 42, ran ICU Investigations Limited in Feltham, Middlesex with Adrian Stanton, 40. The pair were convicted at an earlier trial at Isleworth Crown Court on 20 November 2013. On the 24 January 2014, Stanton and five other employees of ICU Investigations Limited were fined a total of £18,500 and ordered to pay £15,607 prosecution costs.

Barry Spencer, who had pleaded not guilty to conspiring to commit offences under Section 55 of the Data Protection Act, has today been ordered to pay a £12,000 fine and £8,000 towards prosecution costs. A confiscation order of £69,327.32 was made under the Proceeds of Crime Act. Spencer faces a period of 20 months imprisonment should the confiscation order not be paid. He has also been disqualified from being a director for eight years.

The company ICU Investigations Ltd was also found guilty as a separate defendant and ordered to pay a nominal £100 fine.

ICO Head of Enforcement Stephen Eckersley said:

“This fine and confiscation order is not only a justified punishment for Mr Spencer, but also a powerful deterrent to anyone thinking they can profit from illegally blagging personal data.

“People have the right to have their personal data kept securely. The Information Commissioner’s Office will do everything in its power to bring unscrupulous private investigators, such as ICU Investigations Ltd, to justice, including pursuing confiscation where appropriate to remove the benefit made by offenders from their offending.”

ICU Investigations Ltd worked on behalf of clients to trace individuals, primarily for the purpose of debt recovery. The company had routinely tricked organisations including utility companies, GP surgeries and TV Licensing into revealing personal data, often by claiming to be the individuals they were trying to trace. Clients included Allianz Insurance PLC, Leeds Building Society and Dee Valley Water. An ICO investigation estimated there were nearly 2,000 separate offences between 1 April 2009 to 12 May 2010. However the ICO found no evidence of criminality by any organisation that employed ICU Investigations Ltd as the information requested could typically have been obtained legitimately.

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of ‘fine only’ – up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court. The Proceeds of Crime Act provides for the recovery of the proceeds of crime.

The ICO was aided in their investigation by TITAN, the North West Regional Organised Crime Unit and the Regional Recovery Asset Team (RART).

See our news release on the conviction of Barry Spencer and Adrian Stanton

Sorry, the comment form is closed at this time.