The UK Information Commissioner’s Office to investigate reported sale of pension information and medical details

April 6, 2015 |

The Daily Mail in Your pension secrets sold to conmen for five pence: On eve of pensions revolution, an exposé that will horrify every family in the land reports on a likely illegal sale of pension information without the owner’s knowledge.  It is the type of action which data laws are designed to prevent.  Not surprisingly the Information Commissioner’s Office has announced an investigation with Media reports claim pension information and medical details were available for sale stating:

The ICO has confirmed it has launched an investigation into allegations about firms sharing sensitive personal data, including pension details.

A report claimed several companies involved in the cold calling sector appeared to be breaking the law, and the ICO is now making enquiries to establish whether there have been any breaches of the Data Protection Act or Privacy and Electronic Communications Regulations.

Responding to claims in Monday’s Daily Mail about pension information, the ICO’s Head of Enforcement, Steve Eckersley said:

“What the Daily Mail has shown us is very worrying indeed. It suggests a frequent disregard of laws that are in place specifically to protect consumers. We will be launching an investigation immediately.”

“The information we’ve been shown supports the work we’ve been doing to target the shady industry that operates behind the nuisance of cold calls and spam texts.”

“We’re already aware of the potential for a huge spike in the number of scam texts and calls linked to pensions when the law changes in April, and have already taken action against a company that was sending out misleading messages.

“What we’ve seen here confirms those fears. Personal data is such a valuable asset, particularly financial information. The worst case scenario here is this information getting into the wrong hands and being used to target individuals at a critical point in their financial lives.”

The ICO has powers to issue companies with fines of up to £500,000 for the most serious breaches of the Data Protection Act, while it can also pursue criminal prosecutions around unlawfully obtaining or accessing personal data.

Steve Eckersley also commented on concerns around the sharing of health information:

“People rightly consider information about their health to be sensitive, and in a recent survey we found that half of people consider it to be extremely sensitive. To think such information could be in the hands of unscrupulous businesses looking to profit from it sends a shiver down the spine. We’ll be looking into the claims made by these companies to consider whether there has been any breach of data protection law.”

 Stephen Eckersley also commented on concerns about the sharing of financial data of people who applied for payday loans:

“Our research has shown people consider their financial data to be the most sensitive information they own. We are also aware that many people who apply for payday loans are often in vulnerable financial positions.

“The ICO works constantly to target rogue businesses and individuals that seek to profit from the unscrupulous trade in personal data. Last week we ordered a lead generation company to stop bombarding people with messages and earlier this month we raided a call centre in Hove estimated to be sending five million nuisance calls a day. We will be looking at this information brought to us by the Daily Mail, consider whether there have been any breaches of the Data Protection Act and what action should be taken.”

The article in the Daily Mail which prompted the investigation provides:

Highly sensitive details of the pension pots of millions are being sold for as little as 5p and ending up in the hands of criminals.

A Mail investigation reveals today how private financial information is being passed on by firms without their customers’ knowledge. This valuable data is then repeatedly sold on, ending up in the hands of fraudsters and cold-calling firms.

The troubling revelations come on the eve of major government reforms that will hand millions the chance to cash in their pension pots – giving them access to huge sums previously locked away. They will renew fears the reforms could trigger a flood of scams on the elderly and vulnerable whose newly-available funds will be rich pickings.

Last night the Information Commissioner’s Office (ICO) vowed to pass evidence uncovered by the Mail to police and began an immediate inquiry into the firms involved. A Cabinet minister praised the investigation and promised action. The Mail’s undercover reporters targeted data firms, posing as a cold-calling company looking for people with pensions to whom they could sell investments.

We found some firms were willing to sell financial data on thousands of people without making any checks on what it would be used for.

A director of one firm – B2C Data – boasted he had access to the salaries, investments and pensions of ‘a million people’. The information he sold to the reporter includes details of the salary, pension pots and investments of 15,000.

Such information would be a godsend to criminals looking to exploit those approaching retirement.

When shown the evidence relating to B2C, Steve Eckersley, the head of enforcement at the ICO, said: ‘This is, on the face of it, a very worrying breach of the Data Protection Act, and we will be investigating the details further.’

One Response to “The UK Information Commissioner’s Office to investigate reported sale of pension information and medical details”

  1. The UK Information Commissioner’s Office to investigate reported sale of pension information and medical details | Australian Law Blogs

    […] The UK Information Commissioner’s Office to investigate reported sale of pension information and m… […]

Leave a Reply