Information Commissioner's Office
Joint statement warning FCA-authorised firms and insolvency practitioners to be responsible when dealing with personal data
Joint statement from the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and the Financial Services Compensation Scheme (FSCS) (07 February 2020).
We are aware that some FCA-authorised firms and insolvency practitioners (IPs) have attempted to sell clients’ personal data to claims management companies (CMCs) unlawfully.
This can happen either before or after a firm has gone into administration and where it is likely claims for compensation will be made to FSCS.
The terms, conditions and clauses within a standard contract are highly unlikely to constitute sufficient legal consent for personal data to be shared with CMCs to market their services, and may not be lawful.
Any subsequent direct marketing calls, text or emails carried out by CMCs may breach the Privacy and Electronic Communications Regulations 2003 (PECR).
CMCs are required to act honestly, fairly and professionally in line with the best interests of their customers, as required by FCA’s Handbook. CMCs using such personal data may not be acting in the customers' interests. CMCs seeking to rely on legitimate interest grounds for processing such data are highly unlikely to meet the requirements of the GDPR.
CMCs that intend to buy and use such personal data must be able to demonstrate how they have considered the fair treatment of customers and how their actions comply with privacy laws.
Where the FCA or the ICO identify breaches of the relevant data protection legislation, or CMCOB Claims Management: Conduct of Business sourcebook, or any other relevant parts of the FCA’s Handbook, we will take appropriate action.
Consumers’ rights to compensation from FSCS
When an FCA-authorised firm enters administration, eligible consumers can bring claims to FSCS. FSCS will then work jointly with the IP to identify potential claimants.
In those circumstances, consumers should contact FSCS directly and the IP should contact the consumers to explain what the administration means for them.
Making a claim to FSCS is free, and in cases where the IP has contacted the customer directly we do not consider that CMCs are likely to provide significant benefit.
Any compensation to which a consumer is entitled from FSCS may unnecessarily be reduced by the involvement of CMCs in such cases.
We continue to work together and with firms and stakeholders across the sector to ensure consumers’ interests are not compromised.
Latest News from
Information Commissioner's Office
How modern data protection is helping to unlock the power of data13/05/2021 12:25:00
Elizabeth Denham’s keynote speech on the regulator’s view, delivered at the Data and the Future of Financial Services 2021 conference.
ICO and Office of the Privacy Commissioner, New Zealand, sign Memorandum of Understanding12/05/2021 15:15:00
The Information Commissioner’s Office (ICO) and the New Zealand Office of the Privacy Commissioner (OPC) have today signed a Memorandum of Understanding (MOU).
Blog: Work on updating the ICO’s Journalism code continues10/05/2021 09:10:00
Blog posted by: Anulka Clarke, Acting Director of Regulatory Assurance, 07 May 2021.
Five things we learned from DPPC 202107/05/2021 15:20:00
The ICO’s Data Protection Practitioners’ Conference 2021 was held this week, bringing together more than 3,000 data protection professionals from across the country.
Data Protection Practitioners’ Conference 202105/05/2021 14:15:00
Elizabeth Denham’s speech at the Data Protection Practitioners’ Conference on 5 May 2021
Digital Regulatory Cooperation Forum’s response to DCMS on the future of the digital regulatory landscape05/05/2021 12:05:00
The Digital Regulatory Cooperation Forum (DRCF) has submitted its response to the Department of Digital, Culture, Media and Sport (DCMS) on the future of the digital regulatory landscape and how to achieve coherence in regulatory approaches across digital services.
Blog: Free advisory check-ups help small businesses make the best use of their data30/04/2021 16:25:00
A blog from Syed Ali, Lead Engagement and Regulatory Assurance Officer
Data protection is an enabler for trust and confidence in the implementation of digital identity systems23/04/2021 12:25:00
Blog posted by: Steve Wood, Deputy Commissioner (Executive Director, Regulatory Strategy), 22 April 2021.
How the ICO Innovation Hub is enabling innovation and economic growth through cross-regulatory collaboration21/04/2021 14:20:00
The COVID-19 pandemic has changed work for so many of us around the world; forcing innovation and new ways of working. And that’s just as true for regulators – we’ve had to adapt to develop new ways to support organisations.