It costs businesses £35 to notify under the DPA, a fee which any business which is a data controller under the terms of the Act must pay each year. A common scam is for unrelated third parties to contact companies offering to register them under the DPA for considerably more than £35.
It was this which netted Francis Boyd £401,545 in a 15 month period. He has been given a jail sentence of two and a half years by Liverpool Crown Court.
Michael Boyd, Paul Barton and Mark Deary were given sentences ranging from eight to 18 months for their role in working with Boyd in 2004 and 2005 to obtain another £206,596.
All four men were charged with conspiracy to obtain money transfers by deception.
The judge in the case said that the operation was "a well planned and sophisticated enterprise…a scam cloaked with the appearance of officialdom".
Notification of the Information Commissioner's Office is compulsory and the failure of an organisation to notify that office is a criminal offence. It incurs a fee of £35 and the ICO says that any agency demanding any more than that should be ignored.
"If a business receives a letter out of the blue demanding more than £35 to register under the DPA this will be a scam," said an ICO statement. "Our simple message to businesses is to throw the letter in the bin and not to pay the fee demanded."
The court case is a significant victory, the ICO said. "We are very pleased with this result," said Philip Taylor, a soliticor with the ICO. "It sends out a very clear signal: if you run a bogus data protection agency you will be investigated and prosecuted."
"This conviction follows a successful multi-agency operation involving Merseyside Police, Tameside Trading Standards and staff at the ICO," said Tasylor.
