The group established a team of undercover researchers which approached 14 companies whose businesses is the trading of data and personal information.
Of those 14 companies, 10 failed to carry out the correct checks to ensure that the potential new customers were from a registered company. The Which? investigators were not registered with companies house and had approached the data company using a fictional company name. Despite this, they were still offered the opportunity to buy personal data on a large scale.
It has also claimed that many more were in breach of the guidelines for the industry handed down by the Information Commissioners Office which require consumers to give consent for their data to be shared between companies for marketing purposes.
The rules state that consent for data to be shared should be “‘knowingly and freely given, clear and specific’. It also states that consumers should know which company or type of organisation might receive your data, as well as details about where the data originated and how permission was given.
However, when questioned, most of the companies Which? approved were vague and non-specific, stating that it had come from online sources or phone surveys. Three said they had bought the data from other data companies and one hadn’t even registered with the ICO and so as well as being in breach of the law, was unaware of the rules.
The value of data
One of the most eye-catching figures from the research was just how cheap personal data is these days. One company was willing to sell half a million personal records (information which included phone numbers and addresses) at a price of just 4p per record.
Another firm offered a list of more than 2,000 people with an income in the higher tax band at a price of just 66p a record. These people were all professionals with a pension and the data available included National Insurance numbers, pension providers, pensions sizes and, most remarkably of all, policy numbers
If you are not shocked by the low value of your personal information, you should at least have raised an eye at the level of detail that is available out there. Most people have the perception that the majority of their data is private and perhaps a few general items have slipped out over the years.
Nothing could be further from the truth. Many of these companies hold copious amounts of identifiable data about individuals, which is available on the open market too, if the Which? research is to be believed, just about anybody.
As the editor of Which? Money, Harry Rose, has commented, “’Our investigation highlights that sensitive personal and financial data is being traded on a huge scale, with unscrupulous companies selling to anyone who comes calling.”
In response to the report, the Information Commissioners Office is opening an investigation and have said they are “very concerned” about the findings.
But, of course, it shouldn’t take an independent investigation by Which? to unearth such unscrupulous practices. This is something that the Information Commissioners Office should be actively pursuing themselves, in order to ensure their guidance is being followed.
For individuals, the findings are clear. It is down to you to protect your personal data by taking sensible steps to ensure it doesn’t fall into the hands of data companies who are happy to sell to anyone.
Never hand over your personal details without ensuring that it will not be shared with any third parties. Avoid filling in online forms and registrations where this guarantee isn’t expressly provided.
And of course, make use of a VPN to ensure all of your online traffic is encrypted and protected. Whilst some data of this nature is handed over innocently, much more is taken illicitly by hackers and cyber-criminals.