Data is a valuable commodity. Identity thieves are well aware of this as are personal injury lawyers and claims management firms seeking details of those who have been in accidents. Equally, if a payday loan provider is given new address and contact information of someone who has moved house and failed to repay a debt, then collection becomes far more efficient.
There are plenty of examples where data has a monetary value – and this is why so-called blaggers work strive to attain it, to sell on to interested parties for financial gain.
Blaggers typically obtain information via the phone, often using details they have gained from other sources, such as through data theft or hacking, which allows them to get through basic security. Being aware of the threat and making sure that there are sufficient layers of identification checks is vital and risk managers must be aware of their techniques and of the dangers they pose.
Financial services is a target
Notably, blaggers favour businesses that are information heavy and financial services firms are a prime example. Other include:
- Local authorities
- The NHS and GP surgeries
- Housing associations
- Utility companies
- TV Licensing
Banks clearly hold some extremely valuable information, but arguably, they have some of the most stringent security measures in place. Insurers, however are among those who have been caught out, as seen in the case reported in June this year by the Information Commissioner’s Office (ICO), when a former claims company manager was fined £2,000 for ‘blagging’ calls to obtain personal data.
Joseph Walker, who worked for UK Claims Organisation Ltd, appeared in court in Liverpool, where he pleaded guilty to 12 offences of unlawfully obtaining personal data under section 55 of the Data Protection Act, with a further 44 similar matters being taken into consideration.
Walker’s role was to make blagging calls to insurers, with the aim of finding out the names of policyholders who had been in road traffic accidents.
Before contacting the insurers, UK Claims Organisation obtained information unlawfully from a car hire company. Walker would then use various guises to trap staff into revealing names and once details were obtained, these were sold to personal injury solicitors.
UK Claims Organisation has since had its authorisation cancelled by the Claims Management Regulator. But when one rogue operator is taken out of the market, there will be others waiting in the wings.
And this was certainly not the first case involving data from vehicle repair centres – this is highly sought after by blaggers and these businesses may have weaker controls than the insurers also holding the details.
Indeed, the ICO has probed numerous cases where data has been stolen from vehicle repair centres as a result of cases linked to nuisance calls, where individuals are encouraged to make claims for compensation.
But while there is a clampdown on firms making nuisance calls – and the arrival of the General Data Protection Regulation should result in a reduction of blagging too – this area should remain on the risk radar.
Not least, risk managers should also make sure they are informed of incidences where data is brought in and that it has been lawfully obtained.
This can be a sensitive area, particularly in cases where an insurer may suspect claimant fraud, for example, and so use the services of a private investigator/surveillance firm.
Proper checks should be taken to ensure they are not employing blagging techniques and are acting within the law in terms of accessing data and any monitoring or tracking work undertaken.
Cases involving journalists and newspaper group prosecutions, albeit obtaining data for different purposes, should act a reminder of the seriousness of breaching privacy rules and the increasing focus of regulators in this area.
Having a clear policy in terms of suppliers is crucial as is ensuring customer-facing staff are both aware of the dangers of blaggers and fully understand the importance of safeguarding data.