The UK privacy watchdog and London’s Metropolitan Police are investigating claims that firms are selling sensitive financial data without consent, including pension information.
The Information Commissioner’s Office (ICO) said it was aware of the claims based on an undercover investigation by the Daily Mail.
Reporters posing as a cold-calling company were able to buy a database of information on the pensions, salaries and investments of 15,000 people for as little as 5p a record.
They found that data businesses were willing to sell information without checking if they were registered with the Financial Conduct Authority or asking how they planned to use the information.
“We’re aware of allegations raised against several companies involved in the cold-calling sector, and will be making enquiries to establish whether there have been any breaches of the Data Protection Act or Privacy and Electronic Communications Regulations,” the ICO said in a statement.
Earlier in March 2015, a survey by the ICO revealed that 85% of UK consumers are concerned about how their personal details are passed on or sold to other organisations.
The allegations come just days before UK pension tax reforms will give millions of citizens aged 55 and over the ability for the first time to cash in their pensions from 6 April 2015.
Read more about data privacy
- The European Court of Justice (ECJ) has begun considering a case brought by privacy campaigner Max Schrems that could decide how Europeans’ data will be shared with US internet firms in future
- New European data protection law will come into force in 2017 at the earliest, but UK business should not delay in getting its house in order, says the ICO
- A survey by the Information Commissioner’s Office (ICO) shows that 85% of UK consumers are concerned about how their personal details are passed on or sold to other organisations
This has raised concerns that fraudsters will use illegally obtained data to identify potential targets for scamming campaigns.
According to the Daily Mail, some of the people whose details were contained in the database it was sold said they had been inundated with cold calls from suspected fraudsters.
Symantec European chief security strategist Sian John said the non-consensual sale of private financial information highlights a blatant disregard for the privacy and security of people’s data.
“Our research recently found 72% of European consumers think it’s unfair that companies are making money from their personal information and with today’s findings, it is likely that this feeling will increase,” she said.
John said that if businesses are going to continue collecting, using and selling people’s sensitive personal information, they must be more transparent about how this data is being used and the steps that have been taken to secure it.
“Consumers are increasingly aware of the value of their information, with 63% of European consumers valuing their data at over €1,000. They are also taking steps to protect their online privacy with one in three people surveyed providing fake information to companies,” she said.
According to Symantec, the Daily Mail’s findings highlight the growing need for businesses to be more transparent about how they use and store people’s information.
Failure to do so is likely to result in customers migrating to those organisations and services which will keep their data secure and be open about how it is being used, the company said.