Skip to content

ICO gets powers to conduct financial investigations

What has happened?

June 2021 has brought with it some evidence that the Information Commissioner’s Office (the ICO) is beginning to flex its muscles in some new areas.

What do you need to do?

This month, the Government is handing authorities, including the ICO, new powers that will give them the power to conduct their own financial investigations. Accredited financial investigators at the ICO will now be able to conduct investigations, apply for restraint orders and carry out search and seizure exercises in circumstances where they believe cash has been obtained through or is intended for use in, criminal activities. The legislation allows financial investigators to discharge powers that are normally granted to law enforcement officials.

The amendments were made through the Proceeds of Crime Act 2002 (References to Financial Investigators) Order 2021, which will come into force on 28 June 2021.

In addition, more prosecutions for data-related offences can be expected in the UK after the ICO announced that it had won a court order compelling a man convicted of securing unauthorised access to personal data to return money he earned from the activity. Mustafa Kasim was successfully prosecuted by the ICO under the 1990 Computer Misuse Act in November 2020 and the case was the first time that an individual had been imprisoned following an ICO prosecution. The ICO investigation found that the former Nationwide Accident Repair Services employee had used colleagues’ log-in details to access software containing thousands of customer records, which featured their names, phone numbers, vehicle and accident information. Kasim was sentenced to serve six months in jail. The ICO has now successfully pursued a case against him under the Proceeds of Crime Act, which means that he will have to pay a £25,500 confiscation order within three months. He also faces a further £8,000 bill for costs.

The theft of confidential data from corporate databases is common and further prosecutions are to be expected. The Computer Misuse Act is a relatively low-profile piece of criminal statute, but its wide-ranging provisions and broad scope make it an attractive tool for the ICO and other authorities to rely on for bringing prosecutions for data-related crimes.

How can we help you?

If you’d like to know more about how we can help you with your IT security, anti-fraud or ICO reporting arrangements, or any other regulatory compliance issues, our expert team is here to help.

Contact us today on 0207 436 0630 or email info@thistleinitiatives.co.uk.