Three regulatory bodies have issued a joint statement warning that some insolvency practitioners and Financial Conduct Authority (FCA)-authorised firms are trying to sell clients’ personal data unlawfully.
The FCA, the Information Commissioner’s Office (ICO) and the Financial Services Compensation Scheme (FSCS) said that they are aware that some of these firms have attempted to sell clients’ personal data to claims management companies (CMCs).
This can happen either before or after a firm has gone into administration and where it is likely claims for compensation will be made to FSCS.
“The terms, conditions and clauses within a standard contract are highly unlikely to constitute sufficient legal consent for personal data to be shared with CMCs to market their services, and may not be lawful,” the statement said.
The organisations vowed to take appropriate action when regulations have been breached, “to ensure consumers’ interests are not compromised”.
“CMCs are required to act honestly, fairly and professionally in line with the best interests of their customers, as required by FCA’s Handbook,” the statement said.
“CMCs using such personal data may not be acting in the customers’ interests.
“CMCs seeking to rely on legitimate interest grounds for processing such data are highly unlikely to meet the requirements of the GDPR.
“CMCs that intend to buy and use such personal data must be able to demonstrate how they have considered the fair treatment of customers and how their actions comply with privacy laws.”