The private investigator scandals related to the News of the World closure has revealed some interesting insights into their practices.
There may be good reasons for individuals or businesses to use private investigators but when do those activities cross the line into illegality? And where does the buck stop – at the investigator or the client?
The outcome of the current investigations could be a useful guide as to what is and what is not likely to be acceptable in future.
The Information Commissioner’s Office (ICO) – the independent regulator dealing with the Data Protection Act 1998 – has begun an investigation into whether the clients of rogue private investigators may have breached the Data Protection Act 1998 after it received material from the Serious Organised Crime Agency (SOCA).
SOCA passed information on a list of 98 clients to the ICO on 28th August 2013. Details of a further nine clients were withheld by SOCA at the request of the Metropolitan Police due to on-going investigations.
The clients of these rogue private investigators were identified as a part of SOCA’s inquiry - codenamed Operation Millipede– into the practice of blagging; obtaining personal information such as bank account details and medical histories of individuals without their consent.
Joining Up the Dots
In February 2012 four private investigators were given jail terms for conspiring to defraud individuals by blagging personal data using persuasive phone calls. On 30th August 2013 SOCA passed on materials and files to the ICO including correspondences between clients and investigators including receipts for payments.
The relevant clients included 22 law firms, accountancy, insurance and financial services firms, famous celebrities as well as 16 other private investigation agencies – indicating that private investigation firms routinely subcontract work to each other.
The ICO intends to use the information about the clients of such private investigators to determine whether the clients were aware that the law had been broken in order to obtain the information they sought.
Potential Enforcement Outcomes
Once these investigations have concluded, a number enforcement options may be available to the ICO. Firstly it could pursue criminal prosecution of the clients for unlawfully obtaining or accessing personal information. This is known as a section 55 offence as it is contrary to s55 of the Data Protection Act 1998.
Secondly the ICO could pursue a civil action for the breach of the Data Protection Act, which entails a financial penalty of up to £500,000. Further, the ICO could also issue enforcement notices and undertakings, to oblige changes in policies or procedures.
In these cases a custodial sentence is not possible under the criminal law, fuelling criticism that journalists who break the law in pursuit of information for stories are expected to conform to higher standards.
The investigation teams will additionally need to establish whether the ICO has jurisdiction over all of the clients, as a number of the clients are believed to be based outside of the UK. The ICO is expected to publish an update of its findings which is likely to take several months.