By Brian Davidson, CIPP/E

The UK ICO has announced that it will investigate the practices of private investigators “to remove any criminal elements that breach the Data Protection Act and tarnish the industry’s reputation.”

The ICO has announced that it has written to private investigations firms, public authorities that use such services and the police to examine the extent of the problem. The ICO has also asked members of the public who have applicable evidence of private investigators breaching the UK Data Protection Act to get in touch.

The issue arose as a result of the recent UK Leveson Inquiry and the Home Affairs Select Committee, a judicial public inquiry into the culture, practices and ethics of the British press following the News International phone-hacking scandal, which uncovered instances of individuals unlawfully accessing people’s personal data via mobile phones and other devices.

An ICO statement reads, “We believe the majority of private investigators go about their business in compliance with the Data Protection Act using their expertise to ask the right questions, investigate the right areas and examine the information that’s already available. The fact that less scrupulous professionals may be trying to take shortcuts by illegally accessing people’s data is, quite simply, wrong. This is why they must be identified and stopped using the enforcement powers available, including monetary penalties of up to £500,000 for serious breaches of the act.”

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The ICO also has concerns that some private investigators are not complying with other areas of the act, by failing to ensure the accuracy of the information they handle and its secure deletion after it is no longer required. The ICO will report its findings in the summer.

Brian Davidson, CIPP/E, is an privacy and information law advisor at Field Fisher Waterhouse, LLP.