The juxtaposition of the widely publicised convictions of four private detectives for activities including ‘pretexting’ or blagging and the more obscure conviction of a letting agent for an attempt to commit an offence under the Data Protection Act 1998 has provoked strong comment from the Information Commissioner.
Christopher Graham, the Information Commissioner, continued his campaign for the implementation of custodial sentences for offences under s 55 of the DPA, remarking ‘The contrast is striking in the penalties available for blagging under the Fraud Act on the one hand and under the Data Protection Act on the other. On the same day, prison sentences were handed down in one court with chicken feed fines being imposed in another – all for the same activity’
The case concerning the attempted offence under the DPA involved a letting agent who unlawfully tried to obtain details about a tenant’s finances from the Department for Work and Pensions. Pinchas Braun was found guilty at Highbury Magistrates’ Court of an attempt to commit an offence under s 55. He was fined £200 and ordered to pay a £15 victim surcharge and £728.60 prosecution costs.
The offence was uncovered in June 2011 when the DWP received a call from an individual who they believed was fraudulently trying to access the account of a benefit claimant. The DWP investigated before reporting the matter to the ICO. The ICO’s investigating officers identified the caller as Pinchas Braun. Further enquiries found that Braun worked for a property management and rental business called Manor West Estates and that he was responsible for rent collection. The DWP account that Mr Braun had targeted belonged to one of his employer’s tenants.
Information Commissioner, Christopher Graham, said:
‘The Department for Work and Pensions hold important information about each and every one of us. We are very pleased that a DWP staff member was alert to this attempt to blag information and that the call was halted before it was too late. The motive behind Mr Braun’s action was financial. He knew that such an underhand method of obtaining the tenant’s personal information was illegal but carried on regardless. This case shows that unscrupulous individuals will continue to try and blag peoples’ details until a more appropriate range of deterrent punishments is available to the courts. There must be no further delay in introducing tougher powers to enforce the Data Protection Act beyond the current ‘fine only’ regime’.
The case involving four private detectives convicted of conspiracy to defraud saw the four men receive custodial sentences at Kingston Crown Court.
Philip Campbell Smith, Adam Spears and Graham Freeman used the services of Daniel Summers, an expert in blagging, to acquire personal and financial information on behalf of corporate clients and private individuals. Summers targeted banks, financial institutions, mortgage providers, government agencies and law enforcement databases.
The investigation was led by the Serious Organised Crime Agency. SOCA’s focus during the investigation was criminal conspiracy. However in recognition of the fact that the operation might also uncover information relevant to other authorities, SOCA worked in partnership with a number of bodies including the ICO. A fuller account from the BBC can be accessed here.
Christopher Graham, UK Information Commissioner, said:
‘The scourge of data theft continues to threaten the privacy rights of the UK population. Whilst we welcome today’s sentencing of the private investigator, Graham Freeman, and his three accomplices, the outcome of the case underlines the need for a comprehensive approach to deterring information theft. If SOCA had been restricted to pursuing this case solely using their powers under the Data Protection Act then these individuals would have been faced with a small fine and would have been able to continue their activities the very next day. This is not good enough. Unscrupulous individuals will continue to try and obtain peoples’ information through deception until there are strong punishments to fit the crime. We must not delay in getting a custodial sentence in place for section 55 offences under the Data Protection Act.’
The ICO advised SOCA on the data protection issues connected to the case and will now be provided with additional material from the SOCA for further investigation. The ICO does not rule out taking further action against the organisations that received this information, if it becomes clear that they failed to comply with the requirements of the Data Protection Act.