Information Commissioner's Office
Joint statement warning FCA-authorised firms and insolvency practitioners to be responsible when dealing with personal data
Joint statement from the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and the Financial Services Compensation Scheme (FSCS) (07 February 2020).
We are aware that some FCA-authorised firms and insolvency practitioners (IPs) have attempted to sell clients’ personal data to claims management companies (CMCs) unlawfully.
This can happen either before or after a firm has gone into administration and where it is likely claims for compensation will be made to FSCS.
The terms, conditions and clauses within a standard contract are highly unlikely to constitute sufficient legal consent for personal data to be shared with CMCs to market their services, and may not be lawful.
Any subsequent direct marketing calls, text or emails carried out by CMCs may breach the Privacy and Electronic Communications Regulations 2003 (PECR).
CMCs are required to act honestly, fairly and professionally in line with the best interests of their customers, as required by FCA’s Handbook. CMCs using such personal data may not be acting in the customers' interests. CMCs seeking to rely on legitimate interest grounds for processing such data are highly unlikely to meet the requirements of the GDPR.
CMCs that intend to buy and use such personal data must be able to demonstrate how they have considered the fair treatment of customers and how their actions comply with privacy laws.
Where the FCA or the ICO identify breaches of the relevant data protection legislation, or CMCOB Claims Management: Conduct of Business sourcebook, or any other relevant parts of the FCA’s Handbook, we will take appropriate action.
Consumers’ rights to compensation from FSCS
When an FCA-authorised firm enters administration, eligible consumers can bring claims to FSCS. FSCS will then work jointly with the IP to identify potential claimants.
In those circumstances, consumers should contact FSCS directly and the IP should contact the consumers to explain what the administration means for them.
Making a claim to FSCS is free, and in cases where the IP has contacted the customer directly we do not consider that CMCs are likely to provide significant benefit.
Any compensation to which a consumer is entitled from FSCS may unnecessarily be reduced by the involvement of CMCs in such cases.
We continue to work together and with firms and stakeholders across the sector to ensure consumers’ interests are not compromised.
Latest News from
Information Commissioner's Office
Marketing boss banned after thousands of nuisance calls26/11/2020 15:38:00
Marketing company director who made over 75,500 unsolicited marketing calls banned by the Insolvency Service for six years.
Updated ICO statement on recommendations published by the European Data Protection Board following the Schrems II case16/11/2020 10:15:00
Statement by an ICO spokesperson on recommendations published by the European Data Protection Board following the Schrems II case
ICO fines Ticketmaster UK Limited £1.25million for failing to protect customers’ payment details13/11/2020 14:25:00
The Information Commissioner’s Office (ICO) has fined Ticketmaster UK Limited £1.25million for failing to keep its customers’ personal data secure.
Blog: Access to information: driving change through education, engagement and enforcement13/11/2020 09:10:00
A blog for police forces, public authorities and data protection practitioners (12 November 2020).
Open Data Institute’s 2020 virtual summit12/11/2020 15:48:00
Elizabeth Denham spoke at the Open Data Institute’s 2020 virtual summit. She spoke about the role of trust in innovation, where data ethics and social equality overlap, and the hope that 2021 might be a year of opportunity.
UK political parties must improve data protection practices12/11/2020 09:10:00
The Information Commissioner’s Office (ICO) has set out how seven of the UK’s political parties need to improve the way they handle people’s personal data after assessing how they manage data protection.
Blog: ICO regulatory sandbox06/11/2020 09:10:00
Sandbox helps develop innovative tools to combat financial crime.
ICO fines Marriott International Inc £18.4million for failing to keep customers’ personal data secure02/11/2020 09:10:00
The ICO has fined Marriott International Inc £18.4million for failing to keep millions of customers’ personal data secure.