A rogue company director, who trousered an estimated £1.4m fortune from flogging illegal data and who left debts of over £846,000 when he shut up his business, has been forced to pay back just £1.
The case of David Edward Cullen, the managing director of No1 Accident Claims based in Manchester, is a stark reminder of the huge task the authorities face in bringing rogue firms – and individuals – to book.
It all started back in March 2010, when Cullen set up No1 Accident Claims with business partner Lisa Holmes.
Within eight months, Holmes quit and, soon after, it became evident that Cullen and No1 Accident Claims were profiting from selling illegally obtained personal data to solicitors. The data, belonging to people who had been in road accidents, could then be used to pursue personal injury claims.
On July 4, 2012, it appears that Cullen knew the game was up and applied for the company to be struck off – only to be forced to suspend this action after an objection was made on July 17, 2012.
In November of the same year, the business was raided by the Information Commissioner’s Office, which seized a number of computer devices and documents containing the unlawfully obtained data.
According to Companies House documents, in December 2012 Cullen held a general meeting of the firm, which “proved to the satisfaction of the members [ie himself] that the company cannot by reason of its own liabilities continue its business”.
The same month, the firm appointed Kevin Lucas of Lucas Johnson in Cheshire as liquidator. Lucas’ “statement of affairs” showed that No1 Accident Claims’ total assets were exactly £18,000. However, it owed trade and expense creditors £563,623, HMRC (PAYE contributions) £170,000, and HMRC (VAT) £130,000, a grand total of £863, 623.
Five years later and none of these creditors had seen a penny. In fact, in its final report, the liquidator’s costs were £18,432.50, coincidentally nearly the same as No1 Accident Claims’ total assets. The firm was finally liquidated on October 4 2018.
In September last year, Cullen pleaded guilty to 21 charges of unlawfully obtaining and selling personal data, in breach of section 55 of the Data Protection Act 1998, at Manchester City & Salford Magistrates Court.
Last week, appearing before Manchester Crown Court, Cullen was fined just £1,050 and ordered to pay £250 costs for breaches of data protection laws.
However, he was also disqualified from being a company director for five years and, following sentencing, confiscation under the Proceeds of Crime Act 2002 commenced.
The exact figure which Cullen is believed to have benefited from during his illegal activities is £1,434,679.60, but due to a lack of assets, the Court proceeded by making a £1 nominal order.
He is not completely off the hook just yet, though, as Cullen’s financial circumstances will be regularly reviewed, and should they improve, the amount of the confiscation order can be increased.
ICO group manager of enforcement Michael Shaw said: “The volume of confidential personal information found in Cullen’s possession showed his blatant disregard of people’s right to privacy and our data protection laws.
“The confiscation order under the Proceeds of Crime Act is a warning shot to anyone using or thinking about using personal data illegally. We can and will take action which can have a huge effect on your personal life including confiscating assets and earnings – whatever they may be.”
One industry source said: “There has got to be something wrong with the system when a crook like Cullen can be caught red-handed and still walk free by pleading poverty. OK, he can’t run a public limited company for a while but what about all the creditors he has left in his wake, not mention his former workforce for whom he obviously failed to cough up their PAYE contributions? Seven years and an estimated £1.4m haul later, it is an outrage that he only has to pay back £1, plus the nominal data protection fine of just over a grand. It doesn’t exactly send out much of a warning to other crooks who are doing the same, does it? In public, the ICO says it is pleased but behind the closed doors of its Wilmslow HQ, they must be fuming.”
Cowboy firms face fresh crackdown on ‘data farming’
Gang of four sentenced over Axa Insurance data theft
Car crash data thief hit with six month prison sentence
Sacked and fined: would-be data thieves warned again
Bent copper gets five years for car crash data theft