ICO urges firms to responsibly share data to tackle fraud

The Information Commissioner's Office (ICO) is advocating for responsible sharing of personal information by organisations to combat scams and fraud.

Fraud represents the most prevalent form of crime in the UK, comprising 39% of all reported criminal activities in England and Wales. The ICO has expressed concern that some organisations' reluctance to share personal information may lead to significant emotional and financial harm to individuals.

The data protection law permits organisations to share personal data provided it is done in a manner that is responsible, fair, and proportionate. In line with International Fraud Awareness Week, the ICO has released new practical advice to clarify data protection considerations and aid organisations in sharing data responsibly to combat scams and fraud.

This advice is intended for any organisation looking to share personal information to spot, investigate, and prevent fraudulent activities, particularly targeting banks, telecommunications providers, and digital platforms. For instance, organisations might consider sharing data with banks to detect users who may have encountered scams. Swift data sharing could help banks assess risks and implement additional checks to deter fraud.

Stephen Almond, Executive Director for Regulatory Risk at the ICO, stated: "From emotional distress to financial damage, scams and fraud have serious consequences. We strongly support responsible and effective data sharing between organisations, which is key to staying one step ahead of criminals and preventing scams before they cause harm.

"Protecting people must be the priority - I am warning organisations today that data protection law is not an excuse and it does not stop you sharing data that may assist with tackling fraud. Organisations acting responsibly can be reassured that we will take this into account if something goes wrong and we need to consider a regulatory response."

Nick Sharp, Deputy Director Fraud in the National Economic Crime Centre, commented: "Information sharing between private industry, and with the public sector, is a fundamental tool used to tackle fraud.

"The new advice from the ICO is very welcome, and we encourage all industry partners to use it to ensure appropriate and confident data-sharing enables our joint efforts to reduce the harm from fraud.

"Together with our partners in both the private and public sector, we are working to identify, disrupt and prevent fraud, and will pursue every legal angle to ensure criminals who target the UK public are held to account."

The ICO's guidance is informed by discussions with key stakeholders and includes practical considerations and case studies to help organisations understand the legal framework for data sharing.

The ICO remains engaged with private and public sector bodies, including its Digital Regulation Cooperation Forum (DRCF) partners, to bolster efforts in safeguarding the public against scams and fraud.

The new guidance comes alongside various resources from the ICO on responsible data sharing, such as the ICO's statutory Data Sharing Code, sector-specific guidance, and practical case studies.

The ICO also recently celebrated its 40th anniversary by unveiling a digital exhibition showcasing significant milestones in privacy over the last forty years and emphasising its essential role in protecting public information rights.