IT firms targeted by data protection scams

Bogus agencies are targeting software and IT companies with threatening letters demanding extortionate fees to register under the UK's Data Protection Act (DPA).

The scale of the problem has forced the UK's data protection watchdog, the Information Commission (IC), to take the unusual step of issuing a warning urging tech firms not to fall for the scams.

The official fee for firms who process personal data to register with the IC directly is just £35 a year but fake agencies have been sending out letters scaring businesses into believing they have fallen foul of the DPA and must pay a fee of between £95 and £135 to register.

The IC received 60,000 calls last year from businesses that had received these letters and is still taking 2,000 calls a month. Many silicon.com readers have also contacted us in recent months saying they have been targeted.

One said: "I received a letter telling me that I had not registered under the Data Protection Act 1998. The letter warned me that I could be fined up to £5,000 for not doing so, and that it would cost me £95 for registration and processing."

Richard Thomas, the Information Commissioner, said in a statement: "The golden rule is that if you receive a letter out of the blue demanding more than £35 to register under the DPA this will be a scam. Our simple message to businesses is to throw the letter in the bin and not to pay the fee demanded."

The IC is, however, powerless to take action against these bogus agencies. It is up to the Office of Fair Trading to pursue them under regulations outlawing misleading advertisements, and 28 agencies are currently under investigation.

Thomas advises that any firms in doubt about the authenticity of a demand should visit the IC website or contact the notification line on 01625 545740.