The recent development in the UK has seen the country's watchdog, the ICO (Information Commissioner's Office) uncovering, and then raiding, two Liverpool addresses over suspicions of data trafficking.
According to what is known so far — the sites apparently belonged to a business that was under investigation for allegedly selling illegally obtained sensitive information. The information in question was mostly personal data. The investigation of said business led authorities to believe that the business has been involved in data farming, resulting in high volumes of gathered information.
The business used the procedure known as vishing, which allowed it to obtain personal information of motor accident victims. Not only that, but the illegally obtained data was then sold on to lawyers who would make fraudulent claims of personal injuries.
The ICO organized two teams with search warrants and has sent them to two different addresses — the address of the business itself, as well as the residential address. The teams successfully seized computers, documents, and other equipment, with the goal of analyzing them and hopefully collecting evidence for a strong case against the business.
The ICO's group manager for enforcement, Mike Shaw, commented by saying that the searches will be taken as a warning shot to other businesses that might be doing the same. Even so, the evidence that the two teams collected should be enough to identify the illegal activities of this particular business. If the analysis uncovers enough, the ICO will have all the necessary assistance in taking enforcement action.
The ICO was planning the raids for quite a while now, after spending six months investigating the business and its illegal activities. It did not do it alone, however. Instead, it collaborated with the IFB (Insurance Fraud Bureau). The collaboration of the two agencies suggests that the business violated the Data Protection Act 2018. Not only that, but it also violated the older Data Protection Act 1998, particularly when it comes to its Section 55.
According to the ICO, the raided business has been involved in illegal practices for over a year and a half, now, likely starting in November 2017. As mentioned, it used the method called 'vishing,' short for 'voice phishing.' This is a type of fraud that is conducted via telephone.
It is quite simple in concept: a third party tries to obtain private information, as well as personal and financial data through seemingly regular conversation. The caller might pretend to be a policyholder, claimant, or someone else whom the victim might trust.
ICO believes that these types of calls to the insurance industry are quite often made by marketing companies, as well as claims management firms. Their goal is to collect as much information from insurers as possible. Then, they enable referrals to law companies and ask that a personal injury claim is initiated.
This is also not the first raid for the UK's data watchdog this month. Only days ago, on Tuesday, the ICO hit the Met police with two separate enforcement notices. The reason was the discovery of a backlog of more than 1,700 subject access requests from various UK citizens who were simply ignored.
|Exchange||Volume change, 24h|