Information Commission guide alerts firms to bogus data protection agencies

The Information Commissioner’s Office (ICO) has published a guide to data protection for small businesses in a bid to make compliance easier and to warn companies of an ongoing scam involving bogus government agencies.


The guide, Getting it Right, aims to give businesses a jargon-free explanation of what they need to know to comply with the Data Protection Act (DPA).


It also warns companies to beware of bogus data protection ‘agencies’ run by fraudsters who demand high fees to register companies under the DPA. The ICO said letters from agencies charging more than £35 for notification are likely to be a scam – a practice exposed by Personnel Today last year.


The DPA requires that all businesses to follow eight principles, including making sure staff and customer records are stored securely, used for the right reasons and are always accurate and are kept up to date. Businesses that process personal information also have to register with the ICO.


But the bogus agencies scam has thrown the notification process into confusion. The ICO was unable to give figures for the number of businesses that had sent in notifications because many had returned theirs to fraudsters. Some of the bogus agencies had forwarded forms to the ICO, while others had not, a spokesperson said.


Assistant information commissioner Jonathan Bamford, said: “It is good business practice to comply with data protection. No business wants to keep files that are inaccurate or out of date.


“Small businesses can have a lot of legislation to comply with and we are trying to cut out the jargon. Our simple guide has been designed to help businesses understand and easily follow data protection rules.”


Getting it Right is available by calling 0870 600 8100 or online at


For further advice on registering under the Data Protection Act, go to


For more on the scammers, go to

Comments are closed.