Just 9 days ago, the Serious Organised Crime Agency (SOCA) handed over to my office the famous list of 98 ‘blue chip’ clients of criminal private investigators. The Information Commissioner’s Office (ICO) immediately set in train an investigation with a view to prosecuting breaches of the Data Protection Act. We took delivery of more than 30 files of material that resulted from Operation Millipede, SOCA’s successful prosecution of four rogue investigators in 2012.
It now falls to us to conduct a thorough and efficient investigation with a view to bringing criminal prosecutions where appropriate and taking other civil enforcement action.
It’s important that’s a transparent process, and we’ve undertaken to report on progress as we complete each stage of the operation. But that transparency shouldn’t get in the way of the investigation. It’s not clever to start a criminal investigation by publishing the names of everyone and everything you’re investigating. That’s why we’ve stated we’re not publishing the list at this stage, and why I’ve written to Keith Vaz MP to urge similar patience on the part of his Select Committee.
Nor is it fair that the first time the individuals named on the list learn of their inclusion is when their identities are revealed by a committee of MPs. We have to start from the central principle of British justice that some of the 98 may not have broken any law. The criminal offence associated with ‘unauthorised disclosure’ of personal information depends on the prosecution establishing that the clients knew that the information they were seeking would be, or could only be, obtained by unlawful means. That will be central to the ICO’s investigation.
It is an investigation that is typical of our work. For years we’ve been warning about the dirty trade in confidential personal information and the threat to our privacy and security posed by the ‘blagging’ of personal information in family disputes, in the insurance business, in the credit sector – and for purposes of fraud and other criminal enterprises.
It was back in May 2006 that we called for a tightening of the law to tackle the growing trade. What has followed amounts to nothing less than a Seven Year Dither. Even the threat of prison for blagging contained in the 2008 Criminal Justice Act remains as ‘uncommenced’ legislation. We are promised yet another consultation on its implementation.
The most serious cases of criminal behaviour under the Data Protection Act can, if they are prosecuted in the Crown Court, result in unlimited fines and recovery of the proceeds of crime. But all too often blagging cases are dealt with in the magistrates’ court where the going rate for a section 55 offence is a slap on the wrist of around £150. It’s not even a ‘recordable offence’ on the Police National Computer. The courts do not have the discretion to use the full range of possible penalties – including the threat of prison for the most serious offences.
As a result, blagging doesn’t feel like the serious crime that it is. Until the politicians get their act together the modern scourge of identity theft can only spread. What confidence can citizens have in the security of their personal information if ministers won’t act on this long-overdue measure?
And that leads to a greater concern. As ministers roll out their ambitious plans for ‘modernising’ public services, the failure to act to stamp out data protection abuses threatens public confidence in systems and processes which, with proper safeguards, could offer huge benefits in efficiency and effectiveness. Take the plans for an NHS that makes the best use of patient data to improve patient care and save millions. The grubby reality is that anyone blagging sensitive personal information from your local GP surgery undermines the entire process, at a risk of receiving just a £150 fine. And so long as the crime of blagging isn’t taken seriously by the authorities we’re building the digital future on some very rocky foundations.
Keith Vaz and his Select Committee continue to focus on whether the private investigator client list should be published. But surely effective regulatory action is what is needed, rather than a day’s headlines. If MPs really want to do something to stop the blagging they should demand that ministers stop shilly shallying and implement the tougher penalties that recognise the blagging problem for the scourge that it is.
|Christopher Graham, Information Commissioner, has a range of responsibilities under the Freedom of Information Act 2000, the Data Protection Act 1998 and related laws.|