Lawyers are on a whittled-down list of clients of private investigators being probed for data protection breaches, parliament heard today. 

Information Commissioner Christopher Graham told the House of Commons home affairs select committee that he has identified 11 possible criminal and civil breaches of the Data Protection Act. A further eight are outside UK jurisdiction.

A further 42 individuals or companies are also suspected of breaching civil rules only, based on analysis of a list of clients of rogue private investigators.

Graham confirmed that lawyers, insurance companies, security businesses and private investigators are among those under suspicion. Talks will begin with regulators - including the Solicitors Regulation Authority - to establish what action can be taken.

He told MPs: ‘We will make further enquiries by seeking to interview those organisations or individuals accompanied by sector regulators.’

This is the first official revelation that law firms are among clients facing possible action for employing rogue private investigators. 

A total of 90 people and organisations were identified as part of the Serious Organised Crime Agency’s Operation Millipede inquiry into private investigators and the practice of ‘blagging” - obtaining personal information, such as bank account details and medical history, by impersonating an official.

Of the remainder not definitely investigated for data protection breaches, Graham said there was either insufficient evidence to proceed or their involvement could not yet be established.

The information commissioner said he will require up to eight further months to decide whether to bring any criminal or civil prosecutions.

Graham said the penalty for a civil prosecution could be as much as £500,000, but he called for a change to the law to allow jail sentences for criminal breaches of data protection legislation.

‘If we’re only dealing with fines then for a big money-making operation it doesn’t amount to much unless people feel ‘I could go to jail for this’.

Steve Wilmott, SRA director of intelligence and investigations, said: ‘We are working very closely with the ICO, and they have disclosed a certain amount of information to us. We will therefore be going through this information and determining if the law firms named have knowingly used private investigators that engage in illegal activities.

‘If they did, then they will have failed to uphold a number of Principles in the SRA Code of Conduct and we will look to take appropriate action.'