The Information Commissioner’s Office wants to beef up its legal and investigative powers to carry out search and seizure warrants, including the ability to confiscate assets in order to tackle criminal misuse of data.
In a consultation, the regulator is seeking public views on its request for extended legal powers, arguing that without them “an ever-increasing number of offenders will be able to retain significant criminal proceeds, [which] in some cases can illegally fund lavish lifestyles”.
Under GDPR, the ICO can issue financial penalties for those responsible for civil breaches of the law, but it has limited powers when it comes to investigating criminal offences.
The ICO consultation notes: “The only sanction available to the courts following a criminal conviction is a fine, which in some cases will be much less than the financial gains made by the offender. This will inevitably lead to a greater disparity between the deterrent and punitive effects of sanctions imposed in relation to civil breaches and criminal offences.”
As a result, the ICO is asking for its office to be granted access to the investigation powers that are laid out in the UK’s Proceeds of Crime Act 2002.
These powers are currently used by UK Accredited Financial Investigators (AFI) who are trained and accredited by the National Crime Agency. AFIs are staff members of public bodies and have the ability to apply for restraint orders and seize cash or assets thought to be associated with criminal activities.
The ICO is proposing that an AFI officer should be based in its Investigation Department.
The watchdog is also seeking access to information over the investigation of money laundering offences, involving the misuse of personal data.
This summer, a former employee of Nationwide Accident Repair Services was ordered to pay back £25,500 in a confiscation order. Mustafa Kasim was banged up for six months in November 2018 for profiting from the theft of thousands of customer records which he sold to rogue firms.
The case, brought by the ICO, means Mustafa Kasim has three months to pay under the Proceeds of Crime Act 2002 or could face a 12 month prison sentence. He was also ordered to pay £8,000 costs.
Kazim became the first person to be imprisoned following an ICO prosecution, which was brought under the Computer Misuse Act.
The consultation ends on December 6. More details are available on the ICO website>
Related stories
Jailed car crash data thief ordered to pay back £25,500
Car crash data thief hit with six month prison sentence
Sacked and fined: would-be data thieves warned again
Bent copper gets five years for car crash data theft
Swansea call centre boss is jailed for energy bill fraud