Six men who were part of a company that tricked organisations into revealing personal details about customers have been fined for conspiring to breach the Data Protection Act.
Adrian Stanton, 40, ran ICU Investigations Limited in Feltham, Middlesex with Barry Spencer, 41. The pair were convicted at an earlier hearing on Isleworth Crown Court on November 20, 2013. Stanton was fined a total of £7500 and £6107 prosecution costs. The regulator the Information Commissioner’s Office (ICO) awaits the sentencing of Spencer and ICU – which will be sentenced as a separate defendant – at a confiscation hearing on April 4.
Five employees of the company who had previously pleaded guilty to the same offence were also sentenced at Isleworth Crown Court on January 24. Their sentences were:
Robert Sparling (38): £4000 fine and £3000 prosecution costs
Joel Jones (43): £3000 fine and £2500 prosecution costs
Michael Sparling (41) £2000 fine and £2000 prosecution costs
Neil Sturton (43) £1000 fine and £1000 prosecution costs
Lee Humphreys (41) £1000 fine and £1000 prosecution costs.
ICU Investigations Ltd worked on behalf of clients to trace individuals, primarily for the purpose of debt recovery. The court heard the company had routinely tricked organisations including utility companies, GP surgeries and TV Licensing into revealing personal data, often by claiming to be the individuals they were trying to trace. Clients included Allianz Insurance PLC, Brighton & Hove Council, Leeds Building Society and Dee Valley Water.
The ICO found no evidence of criminality by any organisation that employed ICU. The data protection watchdog added that the information requested could typically have been obtained legitimately, and there was no evidence clients were aware the data had been obtained by illegal means.
An ICO investigation estimated there were nearly 2,000 separate offences between 1 April 2009 to 12 May 2010.
ICO Criminal Investigations Team Manager Damian Moran said after last year’s conviction: “Private investigators must learn they are not above the law. While the majority of private investigators go about their business in an honest manner, unscrupulous operators such as ICU Investigations Ltd taint the industry and blight the reputations of their counterparts.
“These men knew they were breaking the law, but did so anyway, presumably confident they would not be caught. That faith was misplaced, and they and their employees will now face the consequences of their actions.”
Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of ‘fine only’ – up to £5,000 in a magistrates court or an unlimited fine in a Crown Court. The ICO has long called for more effective deterrent sentences, including the threat of prison, to be available to the courts to counter the unlawful use of personal information.
And Information Commissioner Christopher Graham said: “Public confidence in the security of information held about them is the foundation on which all sorts of online services and developments depends.
“The public expects to see firmer action taken against people who break the rules in this area, and Parliament needs to recognise that. I spoke with the Home Secretary Theresa May on this matter earlier this week to urge her to introduce more effective sentences for these kinds of offences, and she has agreed to meet me to discuss the matter. That conversation needs to result in action.”
