Information Commissioner's Office
Joint statement warning FCA-authorised firms and insolvency practitioners to be responsible when dealing with personal data
Joint statement from the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and the Financial Services Compensation Scheme (FSCS) (07 February 2020).
We are aware that some FCA-authorised firms and insolvency practitioners (IPs) have attempted to sell clients’ personal data to claims management companies (CMCs) unlawfully.
This can happen either before or after a firm has gone into administration and where it is likely claims for compensation will be made to FSCS.
The terms, conditions and clauses within a standard contract are highly unlikely to constitute sufficient legal consent for personal data to be shared with CMCs to market their services, and may not be lawful.
Any subsequent direct marketing calls, text or emails carried out by CMCs may breach the Privacy and Electronic Communications Regulations 2003 (PECR).
CMCs are required to act honestly, fairly and professionally in line with the best interests of their customers, as required by FCA’s Handbook. CMCs using such personal data may not be acting in the customers' interests. CMCs seeking to rely on legitimate interest grounds for processing such data are highly unlikely to meet the requirements of the GDPR.
CMCs that intend to buy and use such personal data must be able to demonstrate how they have considered the fair treatment of customers and how their actions comply with privacy laws.
Where the FCA or the ICO identify breaches of the relevant data protection legislation, or CMCOB Claims Management: Conduct of Business sourcebook, or any other relevant parts of the FCA’s Handbook, we will take appropriate action.
Consumers’ rights to compensation from FSCS
When an FCA-authorised firm enters administration, eligible consumers can bring claims to FSCS. FSCS will then work jointly with the IP to identify potential claimants.
In those circumstances, consumers should contact FSCS directly and the IP should contact the consumers to explain what the administration means for them.
Making a claim to FSCS is free, and in cases where the IP has contacted the customer directly we do not consider that CMCs are likely to provide significant benefit.
Any compensation to which a consumer is entitled from FSCS may unnecessarily be reduced by the involvement of CMCs in such cases.
We continue to work together and with firms and stakeholders across the sector to ensure consumers’ interests are not compromised.
Latest News from
Information Commissioner's Office
Statement regarding the government’s initial response to Online Harms White Paper consultation13/02/2020 09:10:00
Elizabeth Denham, Information Commissioner, yesterday gave a statement regarding the government’s initial response to Online Harms White Paper consultation.
ICO celebrates excellence in data protection with third annual award for practitioners05/02/2020 12:25:00
The Information Commissioner is looking for data protection practitioners who have made an outstanding impact within their organisation.
Statement on data protection and Brexit implementation – what you need to do30/01/2020 12:25:00
The UK will leave the European Union on 31 January and enter a Brexit transition period.
ICO launches latest phase of privacy innovation grants programme29/01/2020 12:25:00
Applications are now open for the third round of funding from the Information Commissioner’s Office’s (ICO) grants programme.
Data Protection Day 202028/01/2020 11:43:00
The ICO marked this year’s annual Data Protection Day (27 January 2020) by highlighting data sharing resources and guidance.
ICO statement in response to an announcement made by the Metropolitan Police Service on the use of live facial recognition24/01/2020 15:15:00
In October 2019 we concluded our investigation into how police use live facial recognition technology (LFR) in public places.
ICO's blog on its information rights work23/01/2020 16:10:00
Colleagues from the ICO’s access to information and compliance department share their experiences and involvement in raising awareness of our regulation of access to information legislation.
ICO publishes Code of Practice to protect children’s privacy online22/01/2020 16:33:00
The Information Commissioner’s Office yesterday published its final Age Appropriate Design Code – a set of 15 standards that online services should meet to protect children’s privacy.