The Information Commissioner today began an investigation into almost 100 clients of private investigators for possible breaches of the Data Protection Act.

The commissioner last week took receipt of the list of 98 company and individual clients who the Serious Organised Crime Agency (SOCA) had identified as part of an investigation into the ‘blagging’ of personal information.

That investigation, Operation Millipede, concluded with four men convicted of fraud offences in 2012 after SOCA found they had obtained information illegally.

Files from that investigation, reported to contain the names of solicitors and law firms, are now in the hands of the Information Commissioner’s Office (ICO). They are believed to contain details of correspondence between clients and the private investigators, and receipts for payments.

Enforcement options available to the ICO include criminal prosecution for unlawfully obtaining personal data, or a civil action for breaching the Data Protection Act, with potential fines up to £500,000.

The ICO will assess the SOCA material and write in due course to all the individuals and organisations listed. Clients will be asked what information investigators provided and whether they were aware that the law might have been broken to access it.

The ICO will also look to establish whether the clients fall under its jurisdiction. Initial estimates suggest that as many as a quarter of the clients may have been based outside the UK.

The initial phase is likely to take several months and the ICO said it would not publish the list of clients at this stage.

Details of a further nine clients have been withheld by SOCA, at the request of the Metropolitan Police, as they relate to ongoing police investigations.