From the Information Commissioner’s Office:
A former company director found guilty of illegally obtaining people’s personal data and selling it to solicitors chasing personal injury claims, has been fined for breaches of data protection and issued with a confiscation order under the Proceeds of Crime Act 2002.
David Cullen of Middleton Road, Manchester, was the managing director of No1 Accident Claims Limited based on Oxford Road, Manchester from 4 March 2010 until 20 December 2012 when the company was liquidated. The business profited from selling illegally obtained personal data to solicitors. The data, belonging to people who had been in road accidents, could then be used to pursue personal injury claims.
Appearing before Manchester Crown Court on 24 June 2019, Cullen was fined £1,050 and ordered to pay £250 costs. He was disqualified from being a company director for five years and an order was made for the forfeiture and destruction of items which were seized as part of a search warrant in 2012. During the raid on Cullen’s business a number of computer devices and documents were seized containing the unlawfully obtained data.
Following sentencing, confiscation under the Proceeds of Crime Act 2002 commenced. The exact figure which Cullen is believed to have benefited from during his illegal activities is £1,434,679.60. Due to a lack of assets, the Court proceeded by making a £1 nominal order. Cullen’s financial circumstances will be regularly reviewed, and should they improve, the amount of the confiscation order can be increased.
Michael Shaw, Group Manager – Enforcement at the ICO said:
“The volume of confidential personal information found in Cullen’s possession showed his blatant disregard of people’s right to privacy and our data protection laws.
“The confiscation order under the Proceeds of Crime Act is a warning shot to anyone using or thinking about using personal data illegally. We can and will take action which can have a huge effect on your personal life including confiscating assets and earnings – whatever they may be.”
Cullen pleaded guilty to 21 charges of unlawfully obtaining and selling personal data in breach of s55 of the Data Protection Act 1998, when he appeared before Manchester City & Salford Magistrates Court on 27 September 2018.