Cookies on Pinsent Masons website

Our website uses cookies and similar technologies to allow us to promote our services and enhance your browsing experience. If you continue to use our website you agree to our use of cookies.

To understand more about how we use cookies, or for information on how to change your cookie settings, please see our Cookie Policy.

Data protection scam operators jailed

Four men who operated bogus data protection agencies pulled in over half a million pounds in illicit income from their criminal enterprise. The men charged businesses bogus fees for notification under the Data Protection Act (DPA).31 Jan 2007

It costs businesses £35 to notify under the DPA, a fee which any business which is a data controller under the terms of the Act must pay each year. A common scam is for unrelated third parties to contact companies offering to register them under the DPA for considerably more than £35.

It was this which netted Francis Boyd £401,545 in a 15 month period. He has been given a jail sentence of two and a half years by Liverpool Crown Court.

Michael Boyd, Paul Barton and Mark Deary were given sentences ranging from eight to 18 months for their role in working with Boyd in 2004 and 2005 to obtain another £206,596.

All four men were charged with conspiracy to obtain money transfers by deception.

The judge in the case said that the operation was "a well planned and sophisticated enterprise…a scam cloaked with the appearance of officialdom".

Notification of the Information Commissioner's Office is compulsory and the failure of an organisation to notify that office is a criminal offence. It incurs a fee of £35 and the ICO says that any agency demanding any more than that should be ignored.

"If a business receives a letter out of the blue demanding more than £35 to register under the DPA this will be a scam," said an ICO statement. "Our simple message to businesses is to throw the letter in the bin and not to pay the fee demanded."

The court case is a significant victory, the ICO said. "We are very pleased with this result," said Philip Taylor, a soliticor with the ICO. "It sends out a very clear signal: if you run a bogus data protection agency you will be investigated and prosecuted."

"This conviction follows a successful multi-agency operation involving Merseyside Police, Tameside Trading Standards and staff at the ICO," said Tasylor.