The FCA, the FSCS and the Information Commissioner’s Office (ICO) have issued a joint statement, warning insolvency practitioners and FCA-authorised firms to be responsible when dealing with personal data.
The regulators say they have become aware that some firms have attempted to sell clients’ personal data to claims management companies (CMCs) unlawfully.
This can happen either before or after a firm has gone into administration and where it is likely claims for compensation will be made to FSCS.
The statement warns that the terms and conditions within a standard contract are "highly unlikely to constitute sufficient legal consent" for personal data to be shared with CMCs to market their services and may not be lawful.
By passing on personal data, companies may be failing to meet their obligations under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
Any subsequent direct marketing calls, texts or emails carried out by CMCs may also breach the Privacy and Electronic Communications Regulations 2003 (PECR).
The statement added that CMCs seeking to rely on legitimate interest grounds for processing such data are also "highly unlikely to meet the requirements of the GDPR".
CMCs that intend to buy and use such personal data must be able to demonstrate how they have considered the fair treatment of customers and how their actions comply with privacy laws.
The FCA and ICO say they will take "appropriate action" where they identify any breaches of data protection legislation.