Manchester business boss found guilty of illegally selling personal data

A former company director has been found guilty of illegally obtaining personal data and selling it on to solicitors chasing personal injury claims, the ICO has confirmed.

David Cullen was the managing director of Manchester-based No1 Accident Claims Limited until the company was liquidated in December 2012, but he has been fined for breaches of data protection and also issued with a confiscation order under the Proceeds of Crime Act 2002.

His business profited from selling illegally obtained personal data to solicitors. The data in question belonged to people involved in road accidents, and could be used to pursue personal injury claims.

What is the Information Commissioner’s Office (ICO)? What is the Data Protection Act 1998? ICO admits its own cookie policy is non-compliant with GDPR

Appearing before Manchester Crown Court on 24 June 2019, Cullen was fined 1,050 and ordered to pay 250 costs. He was disqualified from being a company director for five years and an order was made for the forfeiture and destruction of items which were seized as part of a search warrant in 2012. During the raid on Cullen's business, a number of computer devices and documents were seized containing the unlawfully obtained data.

The exact figure which Cullen is believed to have benefited from during his illegal activities is 1,434,679.60. Due to a lack of assets, the court proceeded by making a 1 nominal order. Cullen's financial circumstances will be regularly reviewed, and should they improve, the amount of the confiscation order can be increased.

"The volume of confidential personal information found in Cullen's possession showed his blatant disregard of people's right to privacy and our data protection laws," said Michael Shaw, ICO's group manager for enforcement.

"The confiscation order under the Proceeds of Crime Act is a warning shot to anyone using or thinking about using personal data illegally. We can and will take action which can have a huge effect on your personal life including confiscating assets and earnings - whatever they may be."

It's the second time in a week that the ICO has made an announcement regarding criminally processed accident claims data. Teams from the ICO enforcement department exercise warrants to raid two Liverpool properties on suspicion of data farming on 28 June. The information obtained and sold also concerned illegally obtained motor accident data.

Such cases show the inherent value that has been placed on data, and highlights the efforts needed to ensure data is lawfully collected and used.

Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.

Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.