Font Size

Estate agent prosecuted for offence under the Data Protection Act


The Information Commissioner’s Office

Legal Articles
Submit Articles   Back to Articles

Issued 2 December 2011

An estate agent yesterday pleaded guilty to the offence of failing to notify the Information Commissioner’s Office (ICO) that his business processes personal data.

John Merfyn Pugh of Merfyn Pugh Estate Agents was prosecuted for an offence under section 17 of the Data Protection Act. The hearing took place at Caernarfon Magistrates Court.

The Data Protection Act 1998 requires every organisation or person who is processing personal information in an automated form to notify, unless they are exempt. Failure to notify is a criminal offence and could lead to a fine of up to £5,000 in a Magistrates Court, or unlimited fines in a Crown Court.

Mr Pugh was given a conditional discharge of six months and was ordered to pay £614 towards prosecution costs. The Chair of the bench told Mr Pugh on administering the sentence that they were sorry to see him in court and that had he dealt with it earlier it would have only cost him £35. The court took

into account the fact that Mr Pugh had complied with the law by the time the court heard his case.

Assistant Commissioner for Wales, Anne Jones, said:

“Registering as a data controller is a basic legal requirement of the Data Protection Act. The fee for most businesses is £35 a year. Merfyn Pugh Estate Agents’ failure to register – even after being prompted to do so by the ICO – has cost them much more today. The message behind today’s prosecution is clear – ignore warnings and you too could end up in court.”

All organisations that handle personal data but have not yet registered as a data controller should proactively contact the ICO to ensure they are complying with the law. Some organisations will be exempt. More information is available on the ICO’s website.

If you need more information, please contact the ICO press office on 0303 123 9070 or visit the website at:


1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter. Our For the media page provides more information for journalists.

4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

• Fairly and lawfully processed

• Processed for limited purposes

• Adequate, relevant and not excessive

• Accurate and up to date

• Not kept for longer than is necessary

• Processed in line with your rights

• Secure

• Not transferred to other countries without adequate protection

About the Author

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We do this by promoting good practice, ruling on complaints, providing information to individuals and organisations and taking appropriate action when the law is broken.

The ICO enforces and oversees the following legislation:

  •  Data Protection Act 1998
  •  Freedom of Information Act 2000
  •  Privacy and Electronic Communications Regulations 2003
  •  Environmental Information Regulations 2004

Follow us @Scopulus_News

Article Published/Sorted/Amended on Scopulus 2011-12-04 23:16:08 in Legal Articles

All Articles

Copyright © 2004-2021 Scopulus Limited. All rights reserved.