ICO Demands Jail Sentence For Web Gambling Sting

The Information Commissioner has fined a man for selling the personal details of online bingo players

A former gambling worker has been guilty of breaking the Data Protection Act (DPA) and has been hit with a fine by the Information Commissioner’s Office (ICO).

The man, identified as Marc Ben-Ezra of Finchley, unlawfully obtained and sold the personal details of over 65,000 online bingo players.

Ben-Ezra pleaded guilty to committing three offences under section 55 of the DPA. He was given a three year conditional discharge and ordered to pay £1,700 to Cashcade Ltd as well as £830.80 costs at Hendon Magistrates Court.

Prison Needed

“This case shows that the unlawful trade in personal information is unfortunately still a thriving and lucrative activity,” said Information Commissioner, Christopher Graham. “Mr Ben-Ezra sold people’s personal details on an industrial scale, making in the region of £25,000 at the expense of the tens of thousands of bingo players whose privacy he compromised, and who he exposed to the nuisance of being approached by rival betting websites and, at worst, the risk of identity theft.”

But it was also clear that Graham is frustrated at the lack real teeth the ICO currently has, despite its ability to issue fines of up to £500,000 to companies that break the law. The ICO has previously called for jail sentences, and this stance was backed last month by MPs on the Justice Committee, after they called for more severe penalties, including custodial sentences, to be imposed on those found guilty of breaching the DPA.

“I am grateful to Cashcade Limited and Gala Coral for their work in exposing this unlawful practice,” Graham said. “However, we still don’t have a punishment that fits the crime. The ICO continues to push for the government to activate the 2008 legislation that would allow courts to consider other penalties like community service orders or the threat of prison.”

Sting Operation

In this particular case the offences were revealed in May this year, when Ben-Ezra sent a series of emails to a number of contacts within the UK gaming industry offering customer data for sale. The emails were sent under the pseudonym Malcolm Edwards and contained a sample data set relating to 400 Foxy Bingo customers.

Cashcade Limited, which the Foxy Bingo marketing and is its data controller, hired investigators to conduct a test purchase of the data. The investigators paid Ben Ezra £1,700 cash for over 65,000 Foxy Bingo customers’ personal details.

Cashcade then handed this information to the ICO.

Perversely, it was found that Ben-Ezra was selling customer details in order to help pay off his own gambling debts.

Despite high profile cases like this, there remains some concern that the ICO is not doing enough to crack down on breaches of the DPA. Earlier this year for example, hardware encryption specialist ViaSat UK said that a Freedom of Information Act (FoI) request had revealed that the ICO had only acted on less than one percent of the data breaches reported to it.

The ICO however disputed those figures.