A man found guilty of illegally obtaining people’s personal data and selling it to personal injury solicitors has been fined for breaches of data protection and issued with a £1.4m confiscation order.
David Cullen was the managing director of No1 Accident Claims in Manchester from 4 March 2010 until 20 December 2012, when the company was liquidated.
The business profited from selling illegally obtained personal data belonging to people who had been in road accidents to solicitors.
Mr Cullen pleaded guilty last year to 21 charges of unlawfully obtaining and selling personal data in breach of section 55 of the Data Protection Act 1998.
Appearing before Manchester Crown Court last week, he was fined £1,050 and ordered to pay £250 costs.
He was disqualified from being a company director for five years and an order was made for the forfeiture and destruction of computer devices and documents containing the unlawfully obtained data which were seized as part of a search warrant in 2012.
Following sentencing, confiscation under the Proceeds of Crime Act 2002 commenced. Mr Cullen is believed to have benefited by £1.43m from his illegal activities, but due to a lack of assets, the court made a £1 nominal order.
His financial circumstances will be regularly reviewed, and should they improve, the amount of the confiscation order can be increased.
Michael Shaw, group manager – enforcement at the Information Commissioner’s Office (ICO), said: “The volume of confidential personal information found in Cullen’s possession showed his blatant disregard of people’s right to privacy and our data protection laws.
“The confiscation order under the Proceeds of Crime Act is a warning shot to anyone using or thinking about using personal data illegally.”
Separately, the ICO last week searched two addresses in Liverpool as part of an ongoing investigation into the acquisition and sale of illegally obtained personal data of motor accident victims, again to sell on to personal injury solicitors.
Following a six month investigation, working in partnership with the Insurance Fraud Bureau, two teams of ICO enforcement officers executed search warrants at a business and a residential address to seize computer equipment and documents which will be analysed for evidence.
The business is suspected of carrying out high volumes of data farming activity, known as blagging or vishing – the act of using the telephone in an attempt to obtain private, personal and financial information within what seems like a normal conversation. Often callers pose as policy holders, claimants or other companies in a position of trust.
The ICO said vishing calls to the insurance industry are frequently made by marketing firms or claims management companies in order to obtain information from insurers to enable referrals to law firms for personal injury claims to be initiated.
The alleged offences are contrary to section 170 of the Data Protection Act 2018, the successor to section 55 of the 1998 Act.