Fraud is the most common crime in the UK, representing 39% of all reported offenses in England and Wales. The devastating emotional and financial toll of scams on individuals demands urgent action. Yet, some organizations hesitate to share personal information, fearing data protection law constraints.
This reluctance, however, can inadvertently empower fraudsters and expose people to harm. To address this, the Information Commissioner’s Office (ICO) is emphasizing that data protection law does not prevent organizations from sharing personal data, provided it is done responsibly, fairly, and proportionately.
As part of International Fraud Awareness Week, the ICO has released new practical guidance to clarify data protection considerations and support organizations in sharing data responsibly to combat fraud.
Enabling Responsible Data Sharing
The new advice is designed for organizations such as banks, telecommunications providers, and digital platforms, which often have critical roles in fraud prevention. For instance, a telecommunications provider may detect users exposed to scams on its services and share relevant data with banks to enable timely intervention. Such sharing allows banks to assess risks and apply extra checks, potentially preventing fraudulent transactions.
Guidance Tailored to Organizational Needs
The ICO’s advice includes practical considerations, legal clarifications, and real-world case studies to guide organizations in understanding their responsibilities under the law. It complements a range of existing resources, such as the ICO’s statutory Data Sharing Code and sector-specific guidance.
For organizations seeking additional assistance, the ICO’s innovation advice service and the Digital Regulation Cooperation Forum’s AI and Digital Hub are valuable resources.
Link to ICO Article: Data protection is not an excuse when tackling scams and fraud | ICO