The Information Commissioner’s Office (ICO) is calling on organisations to share personal information responsibly to protect their customers from scams and fraud.
Fraud is the most frequently experienced crime in the UK, accounting for 39% of all reported crime in England and Wales.
The regulator warns that reluctance from organisations to share personal information to tackle scams and fraud can lead to serious emotional and financial harm.
Data protection law does not prevent organisations from sharing personal information, if they do so in a responsible, fair and proportionate way.
This International Fraud Awareness Week, the ICO has published new practical advice to provide clarity on data protection considerations and support organisations to share data responsibly to tackle scams and fraud.
It is aimed at any organisation seeking to share personal information to identify, investigate and prevent fraud, especially banks, telecommunications providers and digital platforms.
For example, organisations may wish to explore sharing personal information with banks to identify users who are likely to have been exposed to a scam on their services. Timely sharing of this data could help banks to assess the risk and ensure extra checks are in place to prevent fraud.
Stephen Almond, Executive Director for Regulatory Risk at the ICO, said:
“From emotional distress to financial damage, scams and fraud have serious consequences. We strongly support responsible and effective data sharing between organisations, which is key to staying one step ahead of criminals and preventing scams before they cause harm.
“Protecting people must be the priority – I am warning organisations today that data protection law is not an excuse and it does not stop you sharing data that may assist with tackling fraud. Organisations acting responsibly can be reassured that we will take this into account if something goes wrong and we need to consider a regulatory response.”
Nick Sharp, Deputy Director Fraud in the National Economic Crime Centre, said:
“Information sharing between private industry, and with the public sector, is a fundamental tool used to tackle fraud.
“The new advice from the ICO is very welcome, and we encourage all industry partners to use it to ensure appropriate and confident data-sharing enables our joint efforts to reduce the harm from fraud.
“Together with our partners in both the private and public sector, we are working to identify, disrupt and prevent fraud, and will pursue every legal angle to ensure criminals who target the UK public are held to account.”
Informed by engagement with key stakeholders, the ICO’s advice includes practical considerations and case studies to support organisations to understand the law when sharing data.
The ICO continues to engage with private and public sector organisations, including its Digital Regulation Cooperation Forum (DRCF) partners, to support efforts to protect the public from scams and fraud.
The new advice accompanies a wealth of further resources from the ICO on sharing data responsibly, including the ICO’s statutory Data Sharing Code, sector specific guidance, and practical case studies.
Organisations can visit the ICO’s innovation advice service or the DRCF’s AI and Digital Hub for further support.
The ICO has this week marked it’s 40th anniversary by launching a digital exhibition telling the story of the most important moments in privacy over the past four decades and it’s crucial role in protecting the public’s information rights. Visit the exhibition here.
