Private investigators sentenced in the UK for unlawfully obtaining personal data

January 26, 2014 |

The Information Commissioner’s Office has issued a press release about six private investigators who were prosecuted and fined for obtaining personal information from organisations without authority.  The charges were conspiring to breach the Data Protection Act.

The press release (found here) relevantly provides:

Six men who were part of a company that tricked organisations into revealing personal details about customers has today been sentenced for conspiring to breach the Data Protection Act.

Adrian Stanton, 40, ran ICU Investigations Limited in Feltham, Middlesex with Barry Spencer, 41. The pair were convicted at an earlier hearing on Isleworth Crown Court on 20 November 2013. Today Mr Stanton was fined a total of £7500 and £6107 prosecution costs. The ICO awaits the sentencing of Mr Spencer and ICU Investigations  Ltd – which will be sentenced as a separate defendant – at a confiscation hearing on 4 April 2014.

Five employees of the company who had previously pleaded guilty to the same offence were also sentenced at Isleworth Crown Court today. Their sentences were:

    • Robert Sparling (38): £4000 fine and £3000 prosecution costs
    • Joel Jones (43): £3000 fine and £2500 prosecution costs
    • Michael Sparling (41) £2000 fine and £2000 prosecution costs
    • Neil Sturton (43) £1000 fine and £1000 prosecution costs
    • Lee Humphreys (41) £1000 fine and £1000 prosecution costs

Interestingly the Information Commissioner wants the Data Protection Act amended to allow for custodial sentences where personal data has been illegally obtained.  In Australia even with the amendments to the Privacy Act the scope for criminal prosecutions for breach of the Privacy Act is very limited and limited to fines. Without mandatory data breach notification laws the knowledge of the scope of illegal access to personal information is limited. Those remain significant weaknesses in the Commonwealth privacy legislation, far behind the UK Data Protection Act.

It will be interesting to see how proactive the Cth Privacy Commissioner will be in enforcing his enhanced powers.  And that is the nub of it.  Having powers and not using them is quickly noticed. The law quickly falls into disrepute if it is not actively regulated.

Leave a Reply