A claims management boss who tapped up former colleagues to contact RTA victims has been fined £10,000 for data protection breaches.
Jonathan Riches, from Portcawl in south Wales, had worked for vehicle rental outfit Enterprise Rent-A-Car before leaving in 2009 to start his own personal injury business. But he stayed in touch with former colleagues and through them managed to illegally obtain the details of people involved in road traffic accidents. He then contacted them offering legal services.
The Information Commissioner’s Office (ICO), which investigated Riches, said at one point he had access to Enterprise’s internal database of clients.
Riches, 46, has previously been ordered to pay Enterprise Rent-A-Car a £300,000 civil settlement and was summoned to appear in court in 2016.
He failed to appear and fled to the USA, with a warrant issued for his arrest. He returned to the UK and surrendered himself to authorities earlier this year.
At Cardiff Crown Court, he pleaded guilty to an offence under section 55 of the Data Protection Act 1998 and was fined £10,000 plus £1,700 costs.
Her Honour Judge Francis ruled that the fine must be paid within 12 months or Riches would be jailed for nine months.
Andy Curry, head of investigations at the ICO, said: ‘Mr Riches spearheaded a brazen operation, through his accomplices illegally accessing Enterprise Rent-A-Car systems in order to steal data which he then used to enrich himself to the tune of hundreds of thousands of pounds.
‘His scheme, which involved the unauthorised use of people’s personal data, was not only illegal, but it also meant people received nuisance calls asking them if they wanted to make a personal injury claim.’
Curry added that Enterprise had informed the ICO of the breach as soon as it was aware and took measures to mitigate the actions of those involved.
Three accomplices of Riches have previously been sentenced.
