In a letter last week preceding his appearance before the Home Affairs Select Committee today (11 February), Information Commissioner Christopher Graham indicated that there is evidence a number of large companies paid private investigators to ‘blag’ personal data on members of the public. From a list of over 100 suspected companies and individuals, 11 will receive demands for information from his office, the ICO, this week.
Graham wrote: “The documentary evidence we hold in relation to these clients is considered significant, and this gives us the best opportunity of instigating criminal proceedings.”
America’s FBI has also reportedly been called in to investigate a further eight companies, suggesting the web of intrigue could be international.
This came just days before the Mail on Sunday revealed that details of 27,000 Barclays customers had allegedly been stolen and used as leads by brokers seeking to sell investments. The files were said to contain personally identifiable information, as well as indications of the individuals’ attitudes towards financial risk. Barclays promised to co-operate fully with regulators in investigating the matter.
Both developments herald a troubling realisation: it is not only the easily spotted ‘rogue operators’ that the public has to fear misusing their personal data. Supposedly respectable companies and professionals could be just as big a risk to their privacy, it seems.
The one positive sign is that the ICO seems ready and willing to investigate thoroughly and to issue criminal charges should sufficient evidence be found. Less positive is that this is only happening because the existence of the list of 100 suspects only came to light via The Independent newspaper. The now-defunct Serious Organised Crime Agency had been in possession of it for several years without taking action.
If prosecutions of blue-chip companies do go ahead and the charge sheet includes familiar brand names, you can expect the ensuing scandal to rival that of phone hacking. That might be exactly what companies need, in order to wake up to the seriousness of mishandling personal data.
However, it would be yet another blow to consumers’ trust in large organisations’ ability to protect their privacy, especially given that UK citizens’ medical records are about to go on sale under the government’s Care.data scheme in a matter of days.