Private investigators sentenced for unlawfully obtaining personal data
- Measuring the effectiveness of the Telephone Preference Service
- Online travel services company exposes more than a million customer records to malicious hacker
- ‘Data use is getting more complicated: the public need someone they can trust to watch over their information’
- Fine for car rental manager who sold customer details to claims company
News release: 24 January 2014
Six men who were part of a company that tricked organisations into revealing personal details about customers has today been sentenced for conspiring to breach the Data Protection Act.
Adrian Stanton, 40, ran ICU Investigations Limited in Feltham, Middlesex with Barry Spencer, 41. The pair were convicted at an earlier hearing on Isleworth Crown Court on 20 November 2013. Today Mr Stanton was fined a total of £7500 and £6107 prosecution costs. The ICO awaits the sentencing of Mr Spencer and ICU Investigations Ltd - which will be sentenced as a separate defendant - at a confiscation hearing on 4 April 2014.
Five employees of the company who had previously pleaded guilty to the same offence were also sentenced at Isleworth Crown Court today. Their sentences were:
Robert Sparling (38): £4000 fine and £3000 prosecution costs
Joel Jones (43): £3000 fine and £2500 prosecution costs
Michael Sparling (41) £2000 fine and £2000 prosecution costs
Neil Sturton (43) £1000 fine and £1000 prosecution costs
Lee Humphreys (41) £1000 fine and £1000 prosecution costs
Further details about the case, including the Information Commissioner Christopher Graham’s call for more effective deterrent sentences for this type of offence, can be found in a previous ICO news release on this case.
Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection
5. If you need more information, please contact the ICO press office on 0303 123 9070.