A former company director has been found guilty of illegally obtaining personal data and selling it on to solicitors chasing personal injury claims, the ICO has confirmed.
David Cullen was the managing director of Manchester-based No1 Accident Claims Limited until the company was liquidated in December 2012, but he has been fined for breaches of data protection and also issued with a confiscation order under the Proceeds of Crime Act 2002.
His business profited from selling illegally obtained personal data to solicitors. The data in question belonged to people involved in road accidents, and could be used to pursue personal injury claims.
Appearing before Manchester Crown Court on 24 June 2019, Cullen was fined 1,050 and ordered to pay 250 costs. He was disqualified from being a company director for five years and an order was made for the forfeiture and destruction of items which were seized as part of a search warrant in 2012. During the raid on Cullen's business, a number of computer devices and documents were seized containing the unlawfully obtained data.
The exact figure which Cullen is believed to have benefited from during his illegal activities is 1,434,679.60. Due to a lack of assets, the court proceeded by making a 1 nominal order. Cullen's financial circumstances will be regularly reviewed, and should they improve, the amount of the confiscation order can be increased.
"The volume of confidential personal information found in Cullen's possession showed his blatant disregard of people's right to privacy and our data protection laws," said Michael Shaw, ICO's group manager for enforcement.
"The confiscation order under the Proceeds of Crime Act is a warning shot to anyone using or thinking about using personal data illegally. We can and will take action which can have a huge effect on your personal life including confiscating assets and earnings - whatever they may be."
It's the second time in a week that the ICO has made an announcement regarding criminally processed accident claims data. Teams from the ICO enforcement department exercise warrants to raid two Liverpool properties on suspicion of data farming on 28 June. The information obtained and sold also concerned illegally obtained motor accident data.
Such cases show the inherent value that has been placed on data, and highlights the efforts needed to ensure data is lawfully collected and used.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
“Limited resources” scupper ICO probe into EasyJet breachNews The decision to drop the probe has been described as “deeply concerning” by security practitioners
-
Surge in workplace monitoring prompts new ICO guidelines on employee privacyNews Detailed guidance on how to implement workplace monitoring could prevent data protection blunders
-
TikTok could be hit with £27m fine for failing to protect children's privacyNews Social media firm issued with a notice from the ICO for potential violations of UK data protection laws
-
What is AdTech and why is it at the heart of a regulation storm?In-depth The UK data regulator has come under heavy fire for consistently delaying much-needed action, privacy groups say
-
ICO crackdown on AI recruitment part of three-year vision to save businesses £100 millionNews ICO25 outlines a fresh approach that involves releasing learning materials, advice, and a new ICO-moderated discussion forum for businesses
-
Clearview AI fined £7.5m over improper use of UK dataNews Australian facial recognition firm collected 20 billion images from the internet without consent in order to build its database
-
UK data watchdog cut IT spending by £1.2 million during pandemicNews The ICO’s IT budget has been slashed by around 23% since 2019
