Financial companies may be illegally selling customer data

Some firms nearing administration are making a quick buck selling customer details to ambulance chasers and breaking the law in the process.

Getting phone calls from claims management firms encouraging us to make a claim against something or other is one of the great irritants of modern life.

You might have hoped that with the deadline for PPI claims having now passed, these would become less frequent.

But now it's emerged that some financial firms are pocketing cash by selling customer data directly to claims management companies.

Should companies be doing more to protect our personal information?

What’s going on?

A recent joint statement from the Information Commissioner’s Office (ICO), the Financial Conduct Authority (FCA) and the Financial Services Compensation Scheme (FSCS) revealed some regulated firms may be breaking the law when it comes to sharing their clients' data.

Thankfully, this doesn’t appear to be happening on a regular basis, but rather when a financial firm hits the wall.

According to the three official bodies, some firms going into administration who believe there are likely to be claims for compensation made to the FSCS, are selling data about their customers to claims management firms.

So, as firms realise they are going to the wall, they are trying to make extra money by selling data to the ambulance chasers who once would have called you on a daily basis about PPI or packaged current accounts, to try to steer you towards using them when making a claim to the FSCS.

It’s not just the regulated financial firms that are up to it either ‒ the statement said that insolvency practitioners are in on it too.  

What laws are being broken?

For starters, by passing on personal data, there’s a good chance these firms are breaking both the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

If a claims management firm then acts on the data that they’ve received by calling, texting or emailing you, that may breach the Privacy and Electronic Communications Regulations 2003.

What’s more, the authorities made it clear the claims management firms who use this personal data may not be acting in the customers’ best interests, in direct contravention of the FCA’s handbook.

The regulators also emphasised that where it finds examples of this wrongdoing, it will act.

GDPR: what it means for you, your data and your emails

Stack of papers with sensitive data. (Image: Shutterstock)Why this matters

When a firm goes bust, it’s not just gutting for the staff. There are customers that are potentially seriously out of pocket too.

That’s why the FSCS is such a fantastic service as it ensures that even if a financial firm you deal with hits the wall, you should be able to reclaim a certain portion of your cash back, if not all of it.

And it is right that, in the event that a firm you deal with collapses, you are signposted towards making a claim with the FSCS.

But that isn’t what’s happening here.

People aren’t being advised to speak to the FSCS about the possibility of making a claim – they are having their personal details handed over to call centre merchants who fancy taking a cut of any payment you might get.

And that’s the other thing that’s frustrating. Making a claim to the FSCS is straightforward, not something which actually requires the ‘expertise’ of a claims management firm.

So, you may end up handing over a chunk of the money you are entitled to, to a firm that has done something that you are more than capable of doing yourself.

It’s worth remembering that claims management firms only fell under the coverage of the FCA last year, and within a few months the regulator was having to publicly demand they clean up their act, citing “widespread” poor practice.

Opinion: we need to value our data

What should I do?

The ICO told loveMONEY that anyone with any concerns over how their personal data has been handled should report it to them.

If it believes the organisation has not complied with its obligations, it can advise it on how to improve, though it does have the power to issue fines.

For example, in January it fined DSG Retail (the owner of Currys PC World and Dixons Travel) £500,000 after a point of sale computer system was caught out in a cyber-attack, putting the details of around 14 million people at risk.

The FCA also pointed people towards the ICO but said people can get advice from the regulator’s consumer contact centre.

And if you do get calls from some claims management firm offering to handle the whole thing for you, don’t be tempted.

You are entitled to all of that money – you don’t need to pay a claims firm to fill out a form for you.


Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © All rights reserved.