The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Private investigators sentenced for unlawfully obtaining personal data

News release: 24 January 2014


Six men who were part of a company that tricked organisations into revealing personal details about customers has today been sentenced for conspiring to breach the Data Protection Act.

Adrian Stanton, 40, ran ICU Investigations Limited in Feltham, Middlesex with Barry Spencer, 41. The pair were convicted at an earlier hearing on Isleworth Crown Court on 20 November 2013. Today Mr Stanton was fined a total of £7500 and £6107 prosecution costs. The ICO awaits the sentencing of Mr Spencer and ICU Investigations  Ltd - which will be sentenced as a separate defendant - at a confiscation hearing on 4 April 2014.

Five employees of the company who had previously pleaded guilty to the same offence were also sentenced at Isleworth Crown Court today. Their sentences were:

  • Robert Sparling (38): £4000 fine and £3000 prosecution costs
  • Joel Jones (43): £3000 fine and £2500 prosecution costs
  • Michael Sparling (41) £2000 fine and £2000 prosecution costs
  • Neil Sturton (43) £1000 fine and £1000 prosecution costs
  • Lee Humphreys (41) £1000 fine and £1000 prosecution costs

Further details about the case, including the Information Commissioner Christopher Graham’s call for more effective deterrent sentences for this type of offence, can be found in a previous ICO news release on this case.

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter.

4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

5. If you need more information, please contact the ICO press office on 0303 123 9070.