Warning over data protection laws
“Our investigation highlights that sensitive personal and financial data is being traded on a huge scale."
Businesses and consumers are being warned to exercise caution with personal information to avoid breaking data protection laws, or falling prey to scammers.
Which? Money recently posed as a pensions advice company operating a common scam. They contacted 14 list broker firms, out of which 10 entered negotiations to hand over more than half a million names, phone numbers and even pension details to the fake company, in return for as little as four pence per record.
The companies were apparently willing to sell the lists, despite the fact that the fake business looked like a scam. It was not listed at Companies House, not regulated by the Financial Conduct Authority, and not registered with the Information Commissioner’s Office (ICO).
Only four of the companies contacted displayed ‘best practice’ by refusing to deal with the fake firm at all, Which? Money said.
A number of the companies were also found to be in breach of ICO guidance when it came to the consent consumers have to give before data can be shared with other organisations for marketing. Consent must be ‘knowingly and freely given, clear and specific’. The consumer must know which organisations, or at the very least, the precisely-defined type of organisation with whom their data will be shared, and for what purpose. A line in a privacy policy allowing marketing from ‘selected third parties’ would not be considered sufficient.
Commenting on the findings, Which? Money editor Harry Rose, said: “Our investigation highlights that sensitive personal and financial data is being traded on a huge scale, with unscrupulous companies selling to anyone who comes calling.
“Millions are already pestered by nuisance callers and targeted by scammers. To avoid ending up on a list, never give permission for your data to be shared by third parties and if you are called out of the blue about a financial opportunity, hang up and report it.”
The ICO is investigating Which? Money’s findings, which it said are “very concerning and appear to raise serious issues about the compliance of organisations with data protection law. People have the right to know what happens with their personal data and be given a choice about how their details are used.”
Where it finds companies have not adhered to the law, ICO ‘will consider enforcement action’, which could result in fines of up to £500,000.
RCVS' Mind Matters Initiative (MMI) has launched round two of its veterinary mental health research grants.
