View more on these topics

FSCS lawyers may have breached data rules over Keydata letters

The Information Commissioner’s Office says law firm Herbert Smith is likely to have breached data protection rules in disclosing the names of all Keydata investors and the amount they have been paid in compensation.

Herbert Smith is acting on behalf of the Financial Services Compensation Scheme to pursue advisers that recommended Keydata products in a bid to recoup compensation paid out to Keydata investors.

In October, the law firm wrote to over 500 firms that sold Keydata products backed by Luxemburg-based vehicle SLS to begin the legal process of recovering Keydata compensation. It began proceedings against advisers who sold Lifemark-backed Keydata products last month.

Alongside the letters sent to Keydata SLS advisers, Herbert Smith sent out a claim form and particulars of claim detailing firms’ affected clients and how much compensation they were paid. It included details of all other firms that sold Keydata SLS products, including client names and compensation amounts.

An adviser who recommended SLS products, who wishes to remain anonymous, complained to the ICO about the level of information disclosed.

The response from the ICO, sent last month and seen by Money Marketing, states: “We have already decided it is unlikely that Herbert Smith have complied with requirements of the data protection act because they should not have disclosed the information. We believe steps could and should have been taken to remove the client information which was not applicable to that specific organisation before it was sent out.”

The ICO has decided not to take the matter further as it says Herbert Smith has taken remedial action.

Herbert Smith, the ICO and the FSCS declined to comment on the data protection breaches.

Financial Escape director Phil Castle, who is facing a liability over Keydata Lifemark claims, says: “The mistakes in the handling of the Keydata debacle appear to be continuing. Herbert Smith has got away with a slap on the wrist.”


Pru business down but M&G adds boost

Prudential saw a 5 per cent fall in new business in the UK for the first three months of the year but has been boosted by a strong performance from asset management arm M&G. Last week, the Pru reported a new business profit of £62m for Q1 compared with £65m in the same period last […]

IMA chief Richard Saunders to step down

Richard Saunders, chief executive of the Investment Management Assocation is to step down at the end of 2012. A process to find a successor will begin shortly. Saunders says: “After 11 years in this role I feel it is time for me to move on. “It has been a great privilege to work with a […]


News and expert analysis straight to your inbox

Sign up


There are 27 comments at the moment, we would love to hear your opinion too.

  1. Once again one rule for some and one rule for everybody else.
    How can I join this elite club!!!
    No I dont want to it stinks.

  2. Neil Shillito 15th May 2012 at 4:27 pm

    Having bludgeoned the guy to death with a blunt instrument, how does one take ‘remedial action’?

  3. How many thousands of clients had their investment details in Keydata SLS breached by HS to just how many others, the other 500 IFAs to start with, any journalists seeing the lists etc?

    A slap on the wrist is a fortunate outcome perhaps?

    Is HS/FSCS required to contact the thousands of clients affected by this breach and to apologise to them?

  4. Exactly what remedial action have these a*rseholes taken?

    We are regulated by fools, governed by imberciles and the whole blo*dy lot of them are protected by crooks.

  5. Exasperated Me 15th May 2012 at 4:34 pm


    MUPPETS!! Oh, that is insulting Muppets

  6. For the record, the letter was not written to me. I only received my Herbert Smith letter of threat, sorry I mean pre action (not following) the protocol letter on 4th May.
    This may interest everyone too;]
    Sent: 15 May 2012 08:55
    To: Phil Castle
    Subject: RE: From Margaret Cole: Keydata and ARC

    FSCS Ref: 1-3BMAE6
    (Please quote this reference when contacting us)

    Dear Mr Castle

    Thank you for your further emails of 10 May 2012 and 11 May 2012, the contents of which have been noted.

    After liaising further with our Legal Department, I confirm that, currently, the only legal proceedings that we have is against the distributors of the Keydata products. However, please note that this does not prevent FSCS from pursuing recovery action against other appropriate parties in the future. FSCS has and continues to consider other avenues for pursuing recoveries which it considers are likely to be both reasonably possible and cost effective to pursue in line with our obligations under our Rules (specifically, under COMP 7.2.3R). It would not, of course, be appropriate for us to comment on what those other avenues might be.

    It would not be appropriate for me to comment on the other queries you have raised. If you wish to make further representations or raise specific issues relating to the legal proceedings, you, or your lawyers, should continue to write to Herbert Smith.

    Yours sincerely

    Specialist Contact Officer

    Specialist Contact Team

  7. @Peter
    Why not become an MP like that muppet david Willets who stuffed private constituents’ letters in public litterbins in St James’s Park.
    No ICO action there. He’s in the club, job done.

  8. Any competent lawyer would have complied with the requirements of the DPA.

  9. Whilst I did not do any Keydata business can I ask the following questions and perhaps they are questions those affected by the action of the FSCS should ask.

    1. As an IFA is it fair and reasonable that I should carry out greater due diligence on regulated products than the regulator? If so, why do we need a regulator and why should I fund it?
    2. As an IFA should I carry out due diligence equal to that of the regulator? If so, can I please be provided with equal funding to achieve this?
    3. As an IFA is it reasonable to assume that whilst carrying out due diligence on a product I cannot nor would I be expected to, carry out diligence at a level equal to that of the entity that regulates the product? If this is the case, why is it that the IFA’s are picking up the bill (if indeed the FSCS suceed), and not the regulator.

    Additionally, as the FSCS have taken it upon themselves to sit as judge and jury where there has in the majority been no client complaint, and IFA’s have had no right of defence nor been asked to provide any of the carefully completed documentation, does this breach their human right to a defence if indeed such action by the FSCS is viewed as legal?

    Those affected should act ‘as one’ and get some actions going.

  10. Do you think they could have sold the list to a claims firm?

  11. Just to answer my own question – it looks like about 3,516 individuals had their data protection rights broken by HS.

  12. Rudolf Schnackenberg 15th May 2012 at 5:11 pm

    I spoke to the ICO and was told it was a breach of the data protection act and individuals who have had their personal financial details mailed out to hundreds of firms should complain. Have the police been informed of this breach of the law?

  13. innocent bystander 15th May 2012 at 5:12 pm

    Surely a law firm, and especially one of Herbert Smith’s standing, that professes to give advice to clients on complying with the data protection act should have been held more fully to account. They can’t take back the release of information or control that release now it has been made.

    This is the ICO being very soft – wonder if it is because they were working on behalf of a fellow regulator?

    Doesn’t smell right

  14. One cannot help wondering about the competence of a law firm that cannot even get its data protection compliance right.

  15. Any competent lawyer would have complied with the Data Protection Act.

  16. On the topic of SLSs generally, what do you make of EEA’s announcement yesterday? Do you think all this fuss over SLS funds is because Governmental bodies dont like the income aspects being offset against capital gains allowance rather than be subject to income tax?

  17. look on the bright side if they had got a massive fine they would put it on the FSCS bill, and who pays the FSCS bill US!! Isnt it clever how we pay teh legal bill of the FSCS to sue us. So when we win and cost are awarded against the FSCS we still have to pay!!! Who says there is justice!

  18. I think the Keydata SLS debacle was a fraud perpetuated by persons unknown, but to go after Herbert Smith on a Data Protection breach was always going to be like Al Capone being indited for tax evasion. I am not suggesting for a tiny moment that there is any resemblance between Al Capone, Herbert Smith or the FSA.

  19. Question 1 – If the ICO has evidence of a breach why is this firm not being prosecuted /

    Question 2 – The operational method of the FSCS does not permit it to hand out customer details to this legal firm without the permission of the customer, why is the FSCS not being prosecuted ?

    Question 3 – On what legal grounds does a cause of action arise, when customers have not complained about the sale ?

    Question 4 – Why has this been done now, when the FSAs investigation of the circumstances of the KIS Ltd collapse has not been concluded ?

    More questions than answers !

    Final Question – Which nut job at the FSCS dreamed this one up?

    Lunatics clearly running the asylum.

  20. Someone asked if the police are aware of this breach of the law. Well are they?

  21. So … “The ICO has decided not to take the matter further as it says Herbert Smith has taken remedial action.”

    Do we know what that remedial action was?

    Did it for instance involve Herbert Smith in writing to all those whose personal interests were breached, and apologising?

    Or is there a lump under the carpet, where everything was conveniently swept?

    Perhaps the ICO might be persuaded to inform us what the remedial action was?

  22. And HS is going to stand up in court and challenge the competence of advisers.

  23. Didn’t like my comment ay? Frightened of upsetting someone ay?

  24. From ICO Website:In the following the law could be breached:
    •a breach of a duty of confidence. Such a duty may be stated, or it may be implied by the content of the information or because it was collected in circumstances where confidentiality is expected – medical or banking information, for example;
    •your organisation exceeding its legal powers or exercising those powers improperly;
    •an infringement of copyright;
    •a breach of an enforceable contractual agreement;
    •a breach of industry-specific legislation or regulations;
    •a breach of the Human Rights Act 1998. The Act implements the European Convention on Human Rights which, among other things, gives individuals the right to respect for private and family life, home and correspondence.

  25. All of the advisers on the list should band together and sue HS for breaching the DPA.

  26. Exasperated Me 17th May 2012 at 11:13 am

    You should see the internet search terms Herbert Smith keep using, confused they be.

  27. Julian Stevens 21st May 2012 at 10:20 am

    Would the ICO have been equally lenient on any IFA firm found to have committed a similar breach? I strongly doubt it. It smells to me as if enforcement action has been waived so as to avoid embarrassment to the FSCS.

Leave a comment


Why register with Money Marketing ?

Providing trusted insight for professional advisers.  Since 1985 Money Marketing has helped promote and analyse the financial adviser community in the UK and continues to be the trusted industry brand for independent insight and advice.

News & analysis delivered directly to your inbox
Register today to receive our range of news alerts including daily and weekly briefings

Money Marketing Events
Be the first to hear about our industry leading conferences, awards, roundtables and more.

Research and insight
Take part in and see the results of Money Marketing's flagship investigations into industry trends.

Have your say
Only registered users can post comments. As the voice of the adviser community, our content generates robust debate. Sign up today and make your voice heard.

Register now

Having problems?

Contact us on +44 (0)20 7292 3712

Lines are open Monday to Friday 9:00am -5.00pm