recent work

Individual sells personal information unlawfully, resulting in conditional discharge and fine

A gambling industry worker sold the personal information, including names, addresses, phone numbers and email addresses of 65,000 online bingo players and made approximately £25,000 from it – risking them to identity theft and compromising their privacy as a result.

Although the data in questions was sold to a Mr Marc Ben-Ezra in 2008, who later tried to sell the data to various contacts within the UK gaming industry, the offence wasn’t uncovered until May 2011, when Cashcade Ltd, who provides marketing services to the Foxy Bingo snd is also a data controller for the brand, became suspicious. Test data was purchased, and then information was passed over to the ICO for investigations.

Information Commissioner, Christopher Graham, said:

“This case shows that the unlawful trade in personal information is unfortunately still a thriving and lucrative activity. Mr Ben-Ezra sold people’s personal details on an industrial scale, making in the region of £25,000 at the expense of the tens of thousands of bingo players whose privacy he compromised, and who he exposed to the nuisance of being approached by rival betting websites and, at worst, the risk of identity theft.

“I am grateful to Cashcade Limited and Gala Coral for their work in exposing this unlawful practice. However, we still don’t have a punishment that fits the crime. The ICO continues to push for the government to activate the 2008 legislation that would allow courts to consider other penalties like community service orders or the threat of prison.”   

Cashcade Limited understands that the data was sold to Mr Ben-Ezra having been unlawfully obtained in 2008; the perpetrators of this offence are yet to be uncovered. Mr Ben-Ezra cooperated fully with officers when questioned; the ICO website quotes:  ‘during an interview under caution he admitted the offences and stated that the practice of buying and selling customer data was widespread during his time working in the gaming industry in Israel’

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of a financial penalty of up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court. The ICO continues to call for more effective deterrent sentences, including the threat of prison, to be available to the courts to stop the unlawful use of personal information.