Information Commissioner's Office
Printable version

Assessing data protection practices of UK tracing agents

Blog posted by: Anthony Luhman, ICO Director of PACE Projects and Interim Director of Investigations, 14 November 2023.

Anthony Luhman is ICO Director of PACE Projects and Interim Director of Investigations. Anthony is responsible for leading on ICO PACE Projects, our agile response to high priority issues and also responsible for overseeing sensitive, complex and high-profile investigative activity.

Earlier this year a women’s charity raised concerns with us about the alleged actions of a tracing agent – an investigator using various methods to find a person’s current address details. The charity said that a tracing agent had tracked down a domestic abuse victim to their place of safety at a refuge and passed this personal information to their abusive former partner.

Protecting the information rights of victims of domestic abuse is a priority for the ICO, so we decided to get an overview of the data protection practices of the UK private investigation and tracing agent sector.

We contacted several tracing companies and asked professional associations about their role and responsibility to members. To gain a complete picture we also spoke with groups supporting victims of domestic abuse, the National Police Chiefs’ Council and the Home Office to assess whether tracing agents were mishandling the personal information of domestic abuse victims.

Our findings

We gathered valuable information from the sector, including the safeguarding procedures tracing agents follow when asked to conduct a trace and the requirements their professional body expects of them.

Many of the tracing agents we spoke with demonstrated an awareness of the potential risks to vulnerable people and victims of domestic abuse if they are traced. That includes requiring a person’s consent before sharing their data for ‘lost family or friend’ and ‘ex-partner’ tracing, and not starting a trace for a person believed to be vulnerable.

We also found that private investigators’ industry bodies encourage data protection compliance and provide relevant training and resources to their members.

Our enquiries did not reveal evidence where tracing agents had been involved with the sharing of victims’ details. However, our engagement with the industry and charities highlighted that abusers are turning to readily available and affordable technology themselves to trace ex-partners. This includes inserting air tags into cuddly toys given to children at supervised visits, as well as tracking victims via smart phones and watches and through searches on social media profiles.

Recommendations to the tracing agent sector

Although we did not find evidence of non-compliance with data protection law, we have reminded tracing agents and its professional bodies of their data protection obligations. Our recommendations include:

Our ongoing work to protect the information rights of domestic abuse victims

Our engagement continues with women’s charities and other organisations, which informed our enquiries by highlighting the potential for significant harm to victims.

We’ll continue to work with these groups to ensure organisations are handling the personal information of domestic abuse victims appropriately and keeping them safe. And where we find evidence of non-compliance, we will take enforcement action just as we reprimanded seven organisations in the past 14 months for data breaches affecting victims of domestic abuse.

As highlighted, advances in technology and popularity of social media mean that perpetrators have an enhanced level of access to information about their partner and children. That means using spyware to hack a phone or harass victims using social media, and monitoring and tracking victims via location settings and smart wearables.

Specialist support groups and charities, such as RefugeWomen’s Aid and SafeLives provide tools and resources for women and children experiencing complex forms of tech abuse. Their websites provide crucial information on how to mitigate against these threats, and we'll help amplify such support so victims can be empowered to use technology safely and regain their freedom.

Notes to Editors

About the Information Commissioner’s Office (ICO)

  1. The ICO is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the United Kingdom General Data Protection Regulation (UK GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five acts and regulations.
  3. The ICO can take action to address and change the behaviour of organisations and individuals that collect, use, and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  4. To report a concern to the ICO telephone call our helpline on 0303 123 1113, or go to ico.org.uk/concerns.

 

Channel website: https://ico.org.uk/

Original article link: https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2023/11/assessing-data-protection-practices-of-uk-tracing-agents/

Share this article

Latest News from
Information Commissioner's Office