Information Commissioner's Office
Joint statement warning FCA-authorised firms and insolvency practitioners to be responsible when dealing with personal data
Joint statement from the Financial Conduct Authority (FCA), the Information Commissioner’s Office (ICO) and the Financial Services Compensation Scheme (FSCS) (07 February 2020).
We are aware that some FCA-authorised firms and insolvency practitioners (IPs) have attempted to sell clients’ personal data to claims management companies (CMCs) unlawfully.
This can happen either before or after a firm has gone into administration and where it is likely claims for compensation will be made to FSCS.
The terms, conditions and clauses within a standard contract are highly unlikely to constitute sufficient legal consent for personal data to be shared with CMCs to market their services, and may not be lawful.
Any subsequent direct marketing calls, text or emails carried out by CMCs may breach the Privacy and Electronic Communications Regulations 2003 (PECR).
CMCs are required to act honestly, fairly and professionally in line with the best interests of their customers, as required by FCA’s Handbook. CMCs using such personal data may not be acting in the customers' interests. CMCs seeking to rely on legitimate interest grounds for processing such data are highly unlikely to meet the requirements of the GDPR.
CMCs that intend to buy and use such personal data must be able to demonstrate how they have considered the fair treatment of customers and how their actions comply with privacy laws.
Where the FCA or the ICO identify breaches of the relevant data protection legislation, or CMCOB Claims Management: Conduct of Business sourcebook, or any other relevant parts of the FCA’s Handbook, we will take appropriate action.
Consumers’ rights to compensation from FSCS
When an FCA-authorised firm enters administration, eligible consumers can bring claims to FSCS. FSCS will then work jointly with the IP to identify potential claimants.
In those circumstances, consumers should contact FSCS directly and the IP should contact the consumers to explain what the administration means for them.
Making a claim to FSCS is free, and in cases where the IP has contacted the customer directly we do not consider that CMCs are likely to provide significant benefit.
Any compensation to which a consumer is entitled from FSCS may unnecessarily be reduced by the involvement of CMCs in such cases.
We continue to work together and with firms and stakeholders across the sector to ensure consumers’ interests are not compromised.
Latest News from
Information Commissioner's Office
Blog: Spotlight on the Children’s Code standards - best interests of the child, detrimental use of children’s data and data minimisation28/07/2021 16:15:00
A blog by Michael Murray, ICO’s Head of Regulatory Strategy
Blog: Regulating through a pandemic and beyond28/07/2021 13:20:00
A blog by James Dipple-Johnston, Deputy Commissioner - Chief Regulatory Officer
ICO approves the first UK eIDAS Regulations Qualified Trust Service Provider28/07/2021 09:10:00
The Information Commissioner’s Office has approved GlobalSign as the UK’s first qualified trust service provider [QTSP] under the UK eIDAS Regulations.
ICO's blog on its information rights work26/07/2021 16:20:00
Colleagues from the ICO’s FOI Directorate share their experiences and involvement in raising awareness of our regulation of access to information legislation.
Blog: New toolkit launched to help organisations using AI to process personal data understand the associated risks and ways of complying with data protection law21/07/2021 09:20:00
Alister Pearson, the ICO’s Senior Policy Officer – Technology introduces a new beta version of our AI and Data Protection Risk Toolkit. He explains how it can assure organisations that use AI to process personal data that they are processing it in line with the law and how organisations can help the ICO shape a final version.
Blog: What’s next for the Accountability Framework?19/07/2021 09:10:00
Blog posted by: Anulka Clarke, 15 July 2021.
Blog: Reflecting on the past five years of fundraising and data protection regulation16/07/2021 14:43:00
Lord Toby Harris, Chair of the Fundraising Regulator & Elizabeth Denham CBE, the UK Information Commissioner, reflect on the past five years of fundraising and data protection regulation in the charity sector.
Statement on ICO investigation into Department of Health and Social Care CCTV footage16/07/2021 09:10:00
The ICO can confirm it is investigating an alleged data breach.