NEWS – “without comment”
Information Commissioner target GDPR excuses for not tackling scams
Friday, November 22, 2024
The Information Commissioner’s Office, the UK regulator for data protection has made it very clear that data protection is not an excuse when tackling scams and fraud, and it has called for companies to share personal information responsibly to protect customers from scams and fraud.
Companies often mis-understand GDPR and it’s used extensively by companies to try to restrict what the public can do (e.g. “you can’t take photos from public land”), or in the case of fraud and scams, refusing to provide information that would let a victim take action. We have seen a company refusing a Subject Access Request for login information for an account created under a person’s name and with access to their sensitive personal data after being told it was fraudulent, in order to protect the personal data (IP address, etc.) of the fraudster.
“The UK GDPR and the Data Protection Act 2018 (DPA) do not prevent you from sharing personal information where it is appropriate to do so, or from taking steps to prevent harm.
Organisations may wish to explore sharing personal information with banks to identify users who are likely to have been exposed to a scam on their services. Timely sharing of this data could help banks to assess the risk and ensure extra checks are in place to prevent fraud.”
Information Commissioner’s Office Guidance
The ICO has published new guidance for organisations on preventing, detecting and investigating scams and frauds.
“From emotional distress to financial damage, scams and fraud have serious consequences. We strongly support responsible and effective data sharing between organisations, which is key to staying one step ahead of criminals and preventing scams before they cause harm.
Protecting people must be the priority – I am warning organisations today that data protection law is not an excuse and it does not stop you sharing data that may assist with tackling fraud. Organisations acting responsibly can be reassured that we will take this into account if something goes wrong and we need to consider a regulatory response.”
Stephen Almond, Executive Director for Regulatory Risk, Information Commissioner’s Office
Full Article: https://www.thinkbroadband.com/news/10416-ico-targets-gdpr-excuses-in-not-tackling-scams
Posted by: Ian (D. Withers)
www.WAPI.org