Thought for the day: Don't get hit by the data protection racket

A scam letter is being sent out to businesses from a company purporting to be an official body under the Data Protection Act....

New Asset  

A scam letter is being sent out to businesses from a company purporting to be an official body under the Data Protection Act. Don't be taken in, warns Simon Moores.



I have narrowly avoided falling into an idiot trap. Not the one where a Netherlands-based Nigerian offers to wash a hundred million dollars through my Halifax savings account, but a much cleverer one from a village at the northern end of the Yorkshire moors.

I knew about the Data Protection Act "scam" and I’ll call it that, although legally it has fallen through a gap in the law. The letter I received looked quite convincing. It warned me that I might not have properly complied with the Data Protection Act of 1998 and that I should immediately complete the enclosed forms DP1 DP2 and Appendix A to determine my position as a "Data Controller".

There was lots of e-mail and post to go through after the bank holiday, so I swiftly ran my eyes over the letter and started completing the form. I even wrote the return envelope and signed the declaration. And then I stopped, because it was asking me for £95, and I’m notoriously tight-fisted.

Since when, unless you wish to have a "briefing" at the Office of the Deputy Prime Minister –  which will set you back £161 – do you have to pay to find out whether you have fallen foul of the Data Protection Registrar?

A closer look at the letterhead revealed that this was from the Data Processing Protection Corporation (DPPC), which is "registered" in England and Wales and is trying very hard to relieve the gullible and the overworked of £95.

As government increasingly finds new and more creative ways of squeezing taxes out of business, companies - and I use the term loosely - like DPPC find equally creative ways of making a living from people like me who were almost too busy to check whether a letter, which appeared to be from the Data Protection Registrar, actually was.

I ask you, would anyone really be surprised if government decided to stick a £95 charge on Data Protection registration? It’s this complacency which DPPC counts on, our rather loose trust relationship with the Treasury.

In the same pile of mail as the letter from DPPC was a bright red final demand from HM Customs & Excise. I have written about this before, but in the age of joined-up government, sending in your VAT return on time causes them all kind of problems, particularly if you also happen to pay electronically.

“You're unusual”, I was told by the VAT collections supervisor. “It makes us look silly, as all this money is being spent on modernisation and at the basic level, it’s not working as it should be, with my people having to write figures into the printed demand by hand."

The moral of the story is that life in the speed camera society is littered with digital idiot traps and that frequently, well-intentioned technology in the hands of HM Treasury can create more problems than it solves.

What do you think?

Have you been caught out by the data protection scam?  Tell us in an e-mail >> reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.

Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.

Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security.

For further information on Zentelligence and its research, presentation and analyst services visit

Read more on IT legislation and regulation