A criminal investigation into the alleged sale by garage workers of leads for personal injury claims could have repercussions for law firms.

The Information Commissioner’s Office said today that it had commenced criminal proceedings against eight individuals over the alleged unlawful accessing and obtaining of  personal information from vehicle repair shops.

The alleged activity took place across the UK between December 2014 and November 2017, with the defendants alleged to have conspired to access and obtain the data of hundreds of thousands of individuals without consent.

The defendants are being prosecuted for conspiring to commit an offence under section one of the Computer Misuse Act 1990 and section 55 of the Data Protection Act 1998 – both relating to the use of personal data.

The ICO said its prosecution follows a ‘complex and wide-ranging’ criminal investigation. The first hearing will take place at Manchester and Salford Magistrates Court on 27 October.

Any use of stolen data for personal injury referrals would create a number of potential regulatory issues for firms who have run claims based on that information. Principles around upholding the rule of law and the proper administration of justice, acting with integrity, acting honestly, maintaining trust in the profession and not allowing your independence to be comprised could all be breached if firms have benefitted from stolen data.

Solicitors Regulation Authority rules state specifically that firms must have effective governance structures, arrangements, systems and controls in place to comply with data protection regulations. Solicitors can only act for clients on instructions from the client or someone properly authorised to provide instructions, and if they have any reason to suspect that instructions do not represent a client’s wishes, they are not permitted to act.

 

This article is now closed for comment.