The ban on referral fees should not be limited to personal injury (PI), an influential committee of MPs has said, claiming that the payments make criminality “profitable”.
The justice select committee also called for the Information Commissioner to have the power to compel audits of law firms and insurance companies to check for breaches of the Data Protection Act.
In a report entitled Referral fees and the theft of personal data, following evidence given to the committee by the Information Commissioner Christopher Graham, it said the government should immediately introduce custodial sentences for breaches of section 55 of the Act, including by those who pass on leads to PI lawyers.
Section 55 makes it a criminal offence to knowingly or recklessly obtain, disclose or procure the disclosure to another person of personal data. The power to introduce custodial sentences of up to two years exists but has not yet been activated. The maximum penalty is currently a fine of up to £5,000.
The committee said: “We welcome the government’s commitment to ban referral fees. We do not believe the ban should be limited to personal injury cases.
“Referral fees reward a range of illegal behaviour, and banning them, together with introducing custodial sentences for breaches of the Data Protection Act, would have the twin effect of both increasing the deterrent and reducing the financial incentives for these offences.”
The committee said supplying data to PI lawyers may be legal if the subject gives their consent, but if they have not done so is likely to be a breach of section 55. Mr Graham’s evidence was that even in cases where insurance companies have a clause in the small print of policies giving them permission to pass data to lawyers, the practice might still not be legal.
“Potentially it is a breach of the first data protection principle,” he said. “It is not fair processing if you claim consent and all your policyholders say, ‘I don’t know what you’re talking about – I never knew’.”
The committee said it was struck by “the range of illegal behaviour that referral fees can reward”, from individuals stealing data to companies with contracts or practices which breach the Act, to the sending of spam text messages. “Clearly a system which makes criminality so profitable needs to be changed.”
Potential misuses of personal data are also not being fully investigated, the MPs warned, because the Information Commissioner does not have the power to compel private sector organisations to undergo information audits. “If the commissioner had been able to compel audits of insurance companies and personal injury lawyers, the issues around referral fees might have been identified and tackled sooner,” it said.
Committee chairman Sir Alan Beith MP said: “Ministers must examine how to enable the commissioner to investigate properly without increasing the regulatory burden on business or the public sector.”
The committee was also concerned that the government intends to wait for the Leveson inquiry into phone hacking before deciding whether to introduce custodial sentences for breaches of section 55 – even though it is “not exclusively, or even primarily, an issue relating to the media”. It urged the government to act “without further delay”.
Sir Alan said: “Fines are used to punish breaches of data protection laws, but they provide little deterrent when the financial gain exceeds the penalty.”