ICO launches Data Protection investigation into firms trading sensitive data on pensions and health

April brings new opportunities for people aged over 55 enabling them to withdraw any amount from a Defined Contribution scheme and decide what they should do with it or where to invest it. On hand will be the Government’s Pension Wise service offering free guidance.

However, in the last few days it has emerged from media reports that those eligible could also be contacted by various companies and may be at risk of receiving calls from fraudsters and cold callers. It is reported that this is a real possibility because personal data including sensitive data is being sold for as little as 5 pence. This may include pensioners’ salaries, the size of their pensions and investment plans. In addition, there are also reports of companies selling medical details to cold callers and fraudsters without any prior checks for as little as 19 pence. It is reported that such information is often compiled from health insurance applications and may refer to details of conditions such as diabetes, high blood pressure, osteoporosis, arthritis, as well as people hard of hearing who may be particularly vulnerable to scams. It has also been suggested that individuals are being targeted because they asked for mobility assistance in connection with airline bookings.

The ICO sees this as a very worrying development and officially launched an investigation. The ICO’s Head of Enforcement, Steve Eckersley said this “suggests a frequent disregard of laws that are in place to protect consumers…..personal data is such a valuable asset, particularly financial information. The worst case scenario here is this information getting into the wrong hands and being used to target individuals at a critical point in their lives”.

Recently the ICO has issued an enforcement order to a financial call centre to stop sending pension texts to members of the public who had not consented to receiving such information which was also misleading. The ICO’s investigation found “a web of lies told by the company as to how they obtained personal information”. Similarly, the ICO has recently carried out a raid at a call centre, which is believed it was using automatic dialling technology to make 4 to 6 million recorded calls a day about debt management or payment protection insurance.

The ICO has the power to fine companies up to £500,000 for the most serious data protection breaches and it can also pursue criminal prosecutions. The Information Commissioner has repeated his call for the criminal sanctions attached to the section 55 offence (obtaining or disclosing personal data without consent of the data controller – normally using data accessed through work for personal reasons or selling such data to third parties) to be increased and specifically to include the possibility of a jail sentence instead of just a fine.

Forbes can assist with advice on the application of the Data Protection Act and the appropriate contracts if your organisation is involved in transferring personal data. For more information contact Daniel Milnes or attend our upcoming event on Data Protection for Housing Officers.

Nat Avdiu

About Nat Avdiu

Nat Avdiu is a Paralegal in the Contracts and Projects team at Forbes Solicitors. Nat provides updates for clients on a range of issues including: governance, data protection and freedom of information, procurement and charity law.
This entry was posted in Corporate & Restructuring, Housing Litigation and tagged , , , , , , .