Joint Statement from the FCA, ICO & FSCS published to Insolvency Practitioners and Authorised Firms
When an FCA-authorised firm enters administration, eligible consumers can bring claims to the Financial Services Compensation Scheme (FSCS). FSCS will then work jointly with the insolvency practitioners (IP) to identify potential claimants.
The Financial Conduct Authority (FCA) are aware that some insolvency practitioners (IPs) and FCA-authorised firms have attempted to sell clients’ personal data to claims management companies (CMCs) unlawfully. This can happen either before or after a firm has gone into administration and where it is likely claims for compensation will be made to FSCS.
In a standard contract, the terms, conditions and clauses, are highly unlikely to constitute sufficient legal consent for personal data to be shared with CMCs to market their services, and may be unlawful. Where companies pass on personal data, they may be failing to meet their obligations under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
CMCs intending to buy and use such personal data must be able to demonstrate how they have considered the fair treatment of customers and how their actions comply with privacy laws. In line with the FCA Handbook, CMCs are required to act honestly, fairly and professionally in line with the best interests of their customers. CMCs cannot rely on the grounds of legitimate interest for processing data as they are highly unlikely to meet the requirements of the GDPR. Additionally, any subsequent direct marketing calls, texts or emails carried out by CMCs may breach the Privacy and Electronic Communications Regulations 2003 (PECR).
It has been made clear that, where the FCA or the Information Commissioner’s Office (ICO) identify breaches of the relevant data protection legislation, or relevant parts of the FCA’s Handbook including CMCOB Claims Management: Conduct of Business sourcebook, appropriate action will be taken.