A man who ran a firm that tricked companies into revealing personal customer data has been slapped with a £20,000 fine, and will spend 20 months in jail unless he coughs up further £69,000.
Barry Spencer ran ICU Investigations in Feltham, Middlesex with Adrian Stanton (pictured, left to right, scoffing sandwiches) and worked for the likes Allianz Insurance, Leeds Building Society and Dee Valley Water to trace individuals, primarily for the purpose of debt recovery.
The pair were convicted at an earlier trial at Isleworth Crown Court on November 20 2013. Now Stanton and five other employees of ICU Investigations have been fined a total of £18,500 and ordered to pay £15,607 prosecution costs.
Spencer, who had pleaded not guilty to conspiring to commit offences under Section 55 of the Data Protection Act, has been ordered to pay a £12,000 fine and £8,000 towards prosecution costs.
A confiscation order of £69,327.32 was made under the Proceeds of Crime Act. Spencer faces a period of 20 months imprisonment should the confiscation order not be paid. He has also been disqualified from being a director for eight years.
The company ICU Investigations was also found guilty as a separate defendant and ordered to pay a nominal £100 fine.
ICO head of enforcement Stephen Eckersley said: “This fine and confiscation order is not only a justified punishment for Spencer, but also a powerful deterrent to anyone thinking they can profit from illegally blagging personal data.
“People have the right to have their personal data kept securely. [We] will do everything in our power to bring unscrupulous private investigators to justice, including pursuing confiscation where appropriate to remove the benefit made by offenders from their offending.”
ICU Investigations had routinely tricked organisations including utility companies, GP surgeries and TV Licensing into revealing personal data, often by claiming to be the individuals they were trying to trace.
An ICO investigation estimated there were nearly 2,000 separate offences between 1 April 2009 to 12 May 2010. However, the ICO found no evidence of criminality by any organisation that employed ICU Investigations as the information requested could typically have been obtained legitimately.
Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of ‘fine only’ – up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court.
The ICO was aided in its investigation by Titan, the North West Regional Organised Crime Unit and the Regional Recovery Asset Team.
The post Private eye faces jail over data theft appeared first on DecisionMarketing.