The information commissioner says the trade in personal data extends far beyond tabloid journalism. Dealers will supply anyone who paysby Christopher Graham / July 20, 2011 / Leave a comment
Journalists love talking about themselves and their trade. I know. For 25 years, I was one. But the unlawful trade in personal data by tabloid journalists is only part of a larger problem. Fleet Street is not even the biggest part of that problem—but it has been standing in the way of a solution.
Back in 2009, it was revealed that several T-Mobile employees were selling company contract data to competitor companies. At this time, I renewed the call of my predecessor Richard Thomas for a serious deterrent against such breaches of the Data Protection Act: namely, a custodial penalty. The press went into overdrive. I was accused of threatening journalists with jail and imperilling the existence of investigative journalism. (My predecessor had faced similar accusations.) At the Society of Editors conference that autumn, I told the delegates: “It’s so not about you.”
The trouble is that the most spectacular evidence we had of the unlawful trade did involve journalists: 305 of them, and 31 newspaper and magazine titles. They were the clients of Steve Whittamore, the private investigator whose customer base was exposed when the Information Commissioner’s Office (ICO) came to call in 2003.
In two reports to parliament in 2006, What Price Privacy? and What Price Privacy Now?, the ICO laid out the evidence of unlawful blagging of personal information. (See the findings in the charts opposite.) In this case, the users were journalists, but the dealers will supply anyone who is willing to pay. Five years on, very little has been done to sort out either the users or the dealers.
Certainly, tabloid journalists were some of the users of unlawfully obtained personal information. But only some. The problem actually involves a much bigger cast list—of lawyers, claims management companies, private investigators and scam merchants, to name but a few. And what about the dealers? Those who abuse their position of managing the millions of bits of personal data we lodge with service providers every time we buy something from a website, use a mobile phone, clock up loyalty points, register for internet banking, sign up with the local GP practice—or do almost anything else online. And what isn’t online, these days?
Every week I see details of data breaches involving local councils, doctors’ surgeries, phone companies, and so on. Sometimes it is carelessness—hard-pressed staff being tricked into giving out personal information to the wrong people. Other…