Care homes are being targeted by bogus companies into paying more
than £100 to register under the Data Protection Act 1998.
Letters being sent to care homes and other businesses are proving
to be so official-looking and threatening in tone that they con
many of the organisations into paying between £95 and
£135 for an annual registration under the act.
The fake data protection agencies use names that are similar to the
Data Protection Agency.
The information commissioner’s office estimates more than 200
businesses a month fall victim to the scam.
Peter Hobbs, data protection lead for Solihull Council, said this
was a major problem – 50 care homes had received bogus letters in
the past six months – but expected it was just the tip of the
iceberg as many would have paid and not realised they’d been duped.
Hobbs added that the scam “diluted” the message the council was
trying to get across to the sector on the importance of registering
under the DPA.
“We’re trying to get small homes to think more about data
protection, but if they get these demands they see it as another
expense and are frightened by it. It is a major problem,” he told
delegates at an information-sharing conference last week.
Sheila Scott, chief executive of the National Care Homes
Association, said her organisation had been warning its members
about the scam for more than a year.
Scott estimated most care homes would have received a letter asking
them to pay a fee for data protection registration. The amount of
money requested did not tend to be large enough to make people stop
and think before paying it, she said.
She advised care home owners to be on their guard and not to pay if
they received demands for more than the one-off £35.
The information commissioner’s office holds a list of organisations
that have had complaints made against them, and advises care homes
to check the notification section of its website if they are unsure
about the authenticity of a letter.