Earlier this month, the Information Commissioner’s Office (ICO) successfully prosecuted a married couple for unlawfully obtaining and selling personal information, fining them £7,500 and ordering them to pay £7,388 towards prosecution costs. The couple used ‘blagging’ to obtain personal information about individuals from banks, telecommunication companies and other organisations to sell the information for profit.
‘Blaggers’ attempt to get personal information by pretending to be someone they are not. They use pieces of information they gather from different sources to obtain even more personal information on an individual. The result is that the ‘blaggers’ obtain enough personal information illegally to be able to sell it to parties seeking such information, such as bail agents, private detectives and, possibly, criminal entities.
Under the principles of the Data Protection Act (DPA), banks, and other organisations that hold customer personal information, owe a duty to their customers to process the data fairly and lawfully and to take the appropriate technical and organisational measures against unauthorised or unlawful processing. Failing to follow these principles may lead to an ICO investigation, and, if found to be in contravention of the principles, to being served with an enforcement notice. If organisations fail to comply with any such notice then they could be prosecuted. The current penalty for such an offence is limited to a fine.
In addition, under section 55 of the DPA, a person who knowingly or recklessly discloses personal data without the consent of the data controller will be committing an unlawful act and thus guilty of an offence, unless he acted in the reasonable belief that his actions were lawful and that he had the consent of the data controller to disclose such information. The current penalty for this offence is also limited to a fine.
In July 2006 the government launched a consultation aimed at the general public and relevant public and private organisations in the UK to introduce prison sentences of up to two years for offences of knowingly or recklessly obtaining or disclosing personal information without the consent of the organisation holding the information. This ICO is asking for the custodial sentence to deter ‘blaggers’ from engaging in this kind of activity and to give the public greater reassurance that those prosecuted successfully could be sent to jail. This follows from a special report presented to parliament in May 2006 by the Information Commissioner entitled What Price Privacy? The unlawful trade in confidential personal information. The consultation ended on 30 October 2006 and the summary of responses should be presented by January 2007.
Increasing the sentences could affect banks and other such organisations by reducing the frequency of ‘blagger’ enquiries. It may however also expose their employees to prison sentences if they knowingly or recklessly disclose personal information.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our Privacy Notice.