Information Commissioner's Office
Former company director believed to have profited by more than £1.4 million after selling personal data illegally
A former company director found guilty of illegally obtaining people’s personal data and selling it to solicitors chasing personal injury claims, has been fined for breaches of data protection and issued with a confiscation order under the Proceeds of Crime Act 2002.
David Cullen of Middleton Road, Manchester, was the managing director of No1 Accident Claims Limited based on Oxford Road, Manchester from 4 March 2010 until 20 December 2012 when the company was liquidated. The business profited from selling illegally obtained personal data to solicitors. The data, belonging to people who had been in road accidents, could then be used to pursue personal injury claims.
Appearing before Manchester Crown Court on 24 June 2019, Cullen was fined £1,050 and ordered to pay £250 costs. He was disqualified from being a company director for five years and an order was made for the forfeiture and destruction of items which were seized as part of a search warrant in 2012. During the raid on Cullen’s business a number of computer devices and documents were seized containing the unlawfully obtained data.
Following sentencing, confiscation under the Proceeds of Crime Act 2002 commenced. The exact figure which Cullen is believed to have benefited from during his illegal activities is £1,434,679.60. Due to a lack of assets, the Court proceeded by making a £1 nominal order. Cullen’s financial circumstances will be regularly reviewed, and should they improve, the amount of the confiscation order can be increased.
Michael Shaw, Group Manager – Enforcement at the ICO recently said:
“The volume of confidential personal information found in Cullen’s possession showed his blatant disregard of people’s right to privacy and our data protection laws.
“The confiscation order under the Proceeds of Crime Act is a warning shot to anyone using or thinking about using personal data illegally. We can and will take action which can have a huge effect on your personal life including confiscating assets and earnings – whatever they may be.”
Cullen pleaded guilty to 21 charges of unlawfully obtaining and selling personal data in breach of s55 of the Data Protection Act 1998, when he appeared before Manchester City & Salford Magistrates Court on 27 September 2018.
Notes to Editors
- The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five Acts / Regulations.
- The ICO’s prosecution policy can be found here.
- The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- A limited number of criminal prosecutions – including this case - are still being dealt with under the provisions of the Data Protection Act 1998 because of when the offence occurred.
- Criminal prosecution penalties are set by the courts and not by the ICO. The maximum penalty for criminal offences under both the Data Protection Act 1998 and the new 2018 Act is an unlimited fine.
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.
Latest News from
Information Commissioner's Office
ICO fines company flouting the law in order to profiteer from the coronavirus pandemic25/09/2020 12:25:00
The Information Commissioner’s Office (ICO) has fined Digital Growth Experts Limited (DGEL) £60,000 for sending thousands of nuisance marketing texts at the height of the pandemic.
Open letter from UK Information Commissioner Elizabeth Denham to UK organisations24/09/2020 17:08:00
Open letter from UK Information Commissioner Elizabeth Denham to UK organisations.
Statement from Information Commissioner Elizabeth Denham on the NHS COVID-19 app24/09/2020 11:10:00
Statement given by the Information Commissioner Elizabeth Denham on the NHS COVID-19 app.
Blog: Data protection considerations and the NHS COVID-19 app21/09/2020 15:38:00
Information Commissioner Elizabeth Denham talks about the regulatory work the ICO has been involved in regarding the England and Wales NHS COVID-19 app.
Data protection guidance for collecting customer information21/09/2020 12:25:00
The Information Commissioner’s Office (ICO) has published data protection guidance for organisations mandated to collect customer and visitor information.
Accountability Framework: demonstrating your compliance14/09/2020 10:15:00
Ian Hulme, Director of Regulatory Assurance discusses the launch of our new Accountability Framework and how organisations can take part in the next stage of its development.
ICO fines company £130,000 for unauthorised pensions cold calls11/09/2020 09:10:00
The Information Commissioner’s Office (ICO) has issued a fine under a law brought in to stop scammers defrauding people out of their pensions.
Blog: Ten top tips for innovators09/09/2020 09:10:00
ICO are always looking for new and innovative ways to offer advice and support to any businesses involved in data protection because it is imperative that consumers who share their personal data with your organisation are confident that this data will be treated fairly, lawfully and transparently.