No, Christopher
Graham won’t be handing out golden tickets to enable people to tour an enchanted
chocolate factory. But he may be writing to 125 victims of Operation Spruce.
Back in 2008,
investigators at the Serious & Organised Crime Agency started Operation
Millipede, which, in February 2012, led to the convictions of four private investigators
who had been engaged by some 98 clients who were seeking personal information
about individuals. Some of the personal information was evidently to be obtained
in dodgy ways. But which of these clients knew that the private investigators would
be using unlawful methods to obtain the information that had been requested? The
offences were carried out between January 2007 and May 2009.
To cut an
extremely long and tedious story short, over the summer SOCA passed the ICO a
bundle of some 31 lever arch files, and invited them to read the files and work
out who had breached data protection law. Following a careful analysis by ICO
staff, it’s now possible that 19 clients were aware that personal information relating
to 125 individuals was going to be obtained unlawfully. And it’s on these 19 clients
that the next stage of the investigation will focus.
For the next
8 months, a crack team of ICO investigators, supplemented by perhaps 7 other
experienced investigators, will be working hard to see what action, if any, can be taken
against them.
Who are they?
We don’t know their names. But we do
know that they are in the construction industry (1), financial services (2), general
retail (5), and insurance sector (3). Also, there are 4 law firms, 3 private
investigators and 1 security industry firm under the spotlight.
Parliament’s
Home Affairs Committee has been following developments quite closely, and
Christopher Graham has made a number of appearances before it. Today’s image
was taken at a particularly tetchy session (on 9 September), where it was clear
that our beloved Commissioner was not very impressed with some of the questions
that were being asked of him, and in turn some Committee members were not very
happy with the line our Commissioner was taking.
Fancy having
the temerity to blame parliamentarians for not bothering to implement laws
which would have made data protection offences less inviting to commit! Or for
reminding parliamentarians how little they cared about the unlawful trade in
personal information in the days when Richard Thomas was Information Commissioner.
Or having the nerve to say in public that the Committee would be behaving pretty
badly if it were to publicise a list of potential wrongdoers before the ICO
had adduced sufficient evidence to support allegations about any of them.
Christopher
Graham used one telling phrase early on in the session: “In partnership with Parliament
I think we can make progress.” But as
the session went on, it was clear that this partnership was in danger of
becoming somewhat strained. If you want
to see a Commissioner ticking off parliamentarians for not doing their job very
thoroughly, this is a session to watch.
The
Committee was much politer to the Commissioner when it invited him to appear
before it earlier this week (8 October). Perhaps someone had told the parlamentarians that they
needed to adopt a much more conciliatory attitude if they were to retain an
aura of executive authority. Our Commissioner was in a better mood, too. But he
also made a point of expressing his independence by inferring how much notice
he was minded to take about their opinion as to whether it would be appropriate
to ask that investigators be seconded from the National Crime Agency support the
ICO’s own team.
Anyway, sometime
next year, some of these 125 victims will be contacted, and this is where they could hit the jackpot (if they are alive and can still remember what they were doing in 2007-9, that is). If it can be
established that the clients knew that nefarious means were used to obtain
personal about the victims, presumably these victims would be able to commence their
own legal action against them. And, as the ICO would have kindly already complied a
juicy bundle of evidence, the prospects of success could be pretty good.
So, if you
get a letter from an ICO investigator next year advising that your details are associated
with one of their investigations, it just could be your lucky day.
Note:
A quick comment
about the custodial sentences handed out to the private investigators. They
received sentences of 12 months, 8 months, 6 months and 4 months. So they had all
completed their time in jail before the police sent the files to the ICO to start
to investigate the clients who initially commissioned these acts.
Sources:
.
Posts
