Skip to content

News

Data protection enables responsible information sharing to combat scams and fraud

data protection
Facebook
Twitter
LinkedIn

In a world increasingly driven by digital interactions, scams and fraud remain significant challenges, with fraud accounting for 39% of all reported crime in England and Wales. Addressing these issues effectively requires organisations to share personal information responsibly, ensuring compliance with data protection laws while prioritising public safety.

The Information Commissioner’s Office (ICO) offers essential guidance to ensure organisations can confidently share data to prevent harm while respecting individuals’ rights. A vital takeaway is this: data protection law does not prevent organisations from sharing personal information if they do so in a responsible, fair, and proportionate manner.

Why responsible data sharing matters

The UK GDPR and the Data Protection Act 2018 (DPA) support the responsible sharing of personal data when mitigating scams and fraud. Misconceptions about data protection laws can lead to reluctance among organisations, potentially allowing criminals to exploit these gaps.

Stephen Almond, Executive Director for Regulatory Risk at the ICO, emphasises:

“Protecting people must be the priority… Data protection law is not an excuse and does not stop you sharing data that may assist with tackling fraud.”

Seven key steps to sharing personal data responsibly

To ensure compliance and effectiveness when sharing personal data, organisations should follow these seven key steps outlined by the ICO:

  1. Carry out a Data Protection Impact Assessment (DPIA)

Conducting a DPIA helps assess risks, benefits, and the lawfulness of data sharing initiatives. For activities involving a high risk to individuals, a DPIA is a legal requirement. Even when not mandatory, it is good practice for major projects or recurring data-sharing arrangements.

  1. Be clear about responsibilities

Determine whether your organisation is acting as a separate or joint controller of the shared data. This distinction impacts how responsibilities are divided and ensures compliance with the ICO’s Data Sharing Code of Practice.

  1. Set up data sharing agreements

Formalise data-sharing arrangements with agreements that define purposes, responsibilities, and practical considerations. This supports transparency and helps demonstrate accountability under UK GDPR.

  1. Identify a lawful basis for data sharing

Before sharing data, identify a lawful basis, such as legitimate interests, consent, or performance of a contract. For scams and fraud prevention, legitimate interests often apply, requiring a robust three-part legitimate interests assessment (LI assessment).

  1. Understand the type of data being shared

Particular care is needed when processing special category data or criminal offence data. Organisations must identify valid conditions for processing under Schedule 1 of the DPA 2018 and ensure appropriate safeguards.

  1. Comply with data protection principles

Adhere to the key principles of the UK GDPR:

  • Fairness and transparency: Ensure data sharing is not misleading or detrimental.
  • Purpose limitation: Use data only for its specified purpose.
  • Data minimisation: Share only the information necessary.
  • Accuracy: Maintain up-to-date and accurate data.
  • Security: Ensure robust organisational and technical safeguards.
  • Accountability: Implement “data protection by design and default.”
  1. Respect people’s rights

Ensure individuals can exercise their data protection rights with ease. Establish a single point of contact within data-sharing agreements to handle rights-related queries efficiently.

A collaborative approach to fraud prevention

Fraud prevention requires a unified approach. For example, timely sharing of data between telecommunications providers and banks can mitigate risks for individuals exposed to scams. Such collaboration can enable proactive measures, like enhanced fraud checks, to prevent financial losses.

The ICO underscores that organisations acting responsibly and in good faith will be supported, even if things go wrong. Their fair and proportionate regulatory approach reassures organisations that compliance efforts will be considered when addressing any incidents.

Support for organisations

The ICO provides a range of resources to help organisations navigate data-sharing challenges, including:

  • The statutory Data Sharing Code of Practice
  • Sector-specific guidance and practical case studies
  • Innovation advice services for tailored support

By fostering responsible data sharing, organisations can protect individuals from emotional and financial harm while respecting privacy and data protection laws.

Data protection should never be a barrier to safeguarding people from scams and fraud. By adhering to the ICO’s seven key steps and embracing responsible data-sharing practices, organisations can strike the right balance between innovation, compliance, and public safety.

How Neopay can help

Neopay offers expert guidance to help organisations navigate data protection challenges, from conducting Data Protection Impact Assessments (DPIAs) to creating compliant data-sharing agreements. We also provide support in assessing your data protection arrangements, ensuring provisions for sharing personal data are effective and lawful. With tailored solutions, we help you mitigate risks, safeguard information, and confidently contribute to fraud prevention efforts, turning compliance into a business advantage while building trust and protecting individuals.

To find out more about how we can support your business, contact our team here.

Facebook
Twitter
LinkedIn

Related Posts

APP Fraud

How fraudsters target UK consumers in the digital age

In today’s increasingly digital world, fraudsters continue to adapt and exploit vulnerabilities, with Authorised Push Payment (APP) scams posing one of the most significant threats to consumers. These scams, where
Read More >
FCA Implements Stricter Rules for Marketing Cryptoassets

FCA seeks feedback on plans to enhance transparency in the UK’s crypto markets

The Financial Conduct Authority (FCA) has launched Discussion Paper DP24/4 to gather insights and feedback on its proposals for improving transparency and integrity in the UK’s crypto markets. These plans
Read More >