Lenient data theft sentence vilified

Calls for stiffer punishments for data thieves are falling on deaf ears in the judiciary after one criminal got off “scott-free” despite being found guilty of stealing and selling 65,000 people’s data – and making £25,000 in the process.
Marc Ben-Ezra, of Finchley, has been found guilty of committing three offences under section 55 of the Data Protection Act. He was given a three-year conditional discharge and ordered to pay just £1,700 to Cashcade – which owns the data – as well as £830.80 costs at Hendon Magistrates Court yesterday.
The offences were first uncovered in May 2011 when Ben-Ezra sent a series of emails to a number of contacts within the UK gaming industry offering customer data for sale. The emails were sent under the pseudonym Malcolm Edwards and contained a sample data set relating to 400 Foxy Bingo customers.
Cashcade instructed an investigative services company to conduct a test purchase of the data – which contained over 65,000 Foxy Bingo customers’ personal details – and paid Ben Ezra £1,700 cash for it. Cashcade then handed this information to the ICO and co-operated fully with investigators to find out who was responsible.
Information Commissioner Christopher Graham said: “This case shows that the unlawful trade in personal information is unfortunately still a thriving and lucrative activity. Ben-Ezra sold people’s personal details on an industrial scale, making in the region of £25,000 at the expense of the tens of thousands of bingo players whose privacy he compromised, and who he exposed to the nuisance of being approached by rival betting websites and, at worst, the risk of identity theft.
“However, we still don’t have a punishment that fits the crime. The ICO continues to push for the government to activate the 2008 legislation that would allow courts to consider other penalties like community service orders or the threat of prison.”
One source added: “A conditional discharge and £2,500 to pay? You’d get more for speeding. Ben-Ezra must be laughing all the way to the bank – he’s got off virtually scott-free.”
Cashcade believes that the acquired test data, which contained customers’ names, addresses, email addresses, telephone numbers and usernames, was unlawfully obtained in 2008 and sold to Ben-Ezra, who was working for a poker company in Israel at the time. It also contained nearly 500 Gala Bingo customer details.
Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of a financial penalty of up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court. The ICO continues to call for more effective deterrent sentences, including the threat of prison, to be available to the courts to stop the unlawful use of personal information.

Related stories
MPs back ‘lock up data thieves’ call
Graham: ‘Bang up data thieves’