His speciality scam was with the front company Harlequin Group which used celebrity endorsements and aggressive sales tactics to con 8,000 investors out of £226 million.
He secured the backing of tennis star Pat Cash, golfer Gary Player and others and of course they had no idea it was all a scam.
His company had 186 accommodation units to sell, such as beach cabanas, villas and hotel rooms.
But he sold each an average of 40 times over – a total of 8,200 sales. Those extra sales of non existent properties and hotel rooms were his profits. It could be called a Ponzi scheme.
The customers of course got nothing and it was only a matter of time before he was caught and convicted.
He was sentenced to 12 years in jail.
That is little comfort to the many people who lost tens of thousands or even hundreds of thousands of pounds. In many cases that was their life savings, put down expecting a retirement home but instead being conned out of everything.
Some ‘lucky’ losers may get as much as 2% of their capital back.
Be very careful who you invest with and place your trust in celebrity endorsements- they are paid advertisers.
If you have any experiences with these scams do let me know, by email.
Not all organisation data breaches need to be reported to the Information Commissioner’s Office (ICO).
ICO do recommend that any serious breach is reported to them, but it isn’t mandatory and ‘serious breaches’ are not defined. However, the following should assist data controllers in considering whether breaches should be reported:
The potential detriment to individuals is the overriding consideration in deciding whether a breach of data security should be reported to the ICO. Detriment includes emotional distress as well as both physical and financial damage.
Ways in which detriment can occur include:
exposure to identity theft through the release of non-public identifiers, eg passport number
information about the private aspects of a person’s life becoming known to others, eg financial circumstances
The extent of detriment likely to occur is dependent on both the volume of personal data involved and the sensitivity of the data where there is significant actual or potential detriment as a result of the breach.
Where there is little risk that individuals would suffer significant detriment, for example because a stolen laptop is properly encrypted or the information that is the subject of the breach is publicly-available information, there is no need to report.
The volume of personal data lost / released / corrupted: There should be a presumption to report to the ICO where a large volume of personal data is concerned and there is a real risk of individuals suffering some harm.
The sensitivity of the data lost / released / corrupted:
How to Report a Breach
Serious breaches should be reported to the ICO using the DPA security breach helpline on 0303 123 1113 (open Monday to Friday, 9am to 5pm). Select option 3 to speak to staff that will record the breach and give you advice about what to do next or report in writing using the DPA security breach notification form, which should be sent to the email address [email protected] or by post to the office address at:- Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
When a breach is reported, the nature and seriousness of the breach and the adequacy of any remedial action taken will be assessed and a course of action determined.
Record the breach and take no further action, or Investigate the circumstances of the breach and any
remedial action, which could lead to further action;
Set a requirement on the data controller to undertake a course of action to prevent further breaches;
Start formal enforcement action which could lead to a fine of up to £500,000
The National Cyber Security Centre (NCSC) has set up an early warning service to help organisations investigate cyber attacks on their network by notifying them of malicious activity that has been detected in information feeds.
Early Warning is a free NCSC service designed to inform your organisation of potential cyber attacks on your network, as soon as possible. The service uses a variety of information feeds from the NCSC, trusted public, commercial and closed sources, which includes several privileged feeds which are not available elsewhere.
Early Warning is open to all UK organisations who hold a static IP address or domain name.
Organisations will receive the following high level types of alerts:
Incident Notifications – This is activity that suggests an active compromise of your system.
For example: A host on your network has most likely been infected with a strain of malware.
Network Abuse Events – This may be indicators that your assets have been associated with malicious or undesirable activity.
For example: A client on your network has been detected scanning the internet.
Vulnerability and Open Port Alerts – These are indications of vulnerable services running on your network, or potentially undesired applications are exposed to the internet.
For example: You have a vulnerable application, or you have an exposed Elasticsearch service.
Early Warning does not conduct any active scanning of your networks itself, however some of the feeds may use scan derived data, for example from commercial feeds.
How Early Warning works
Cyber security researchers will often uncover malicious activity on the internet or discover weaknesses in organisations security controls, and release this information in information feeds. In addition, the NCSC or its partners may uncover information that is indicative of a cyber security compromise on a network. The NCSC will collate this information and use this data to alert your organisation about potential attacks on your network.
Your organisation can then use the information passed on by Early Warning to investigate the issue and implement appropriate mitigation solutions where required. The NCSC’s website provides advice and guidance on how to deal with most cyber security concerns.
The Financial Conduct Authority (FCA) warn that scammers are targeting consumers searching for investments online, in particular through search engines like Google and Bing.
Scams are increasingly sophisticated. Fraudsters can be articulate and financially knowledgeable, with credible websites, testimonials and materials that are hard to distinguish from the real thing.
Warning Signs of Scams
Cold-calls by phone, email, social media, post, word of mouth or even in person at an exhibition
A limited time opportunity – they might offer you a bonus or discount if you invest before a set date or say the opportunity is only available for the next 24 hours or similar
Lots of testimonials – all fake of course
Unrealistic returns – some fraudsters offer the same returns as legitimate businesses do, but many want to attract more attention and offer impossibly high and even guaranteed returns.
False authority – using convincing literature and websites, claiming to be regulated, speaking with authority on investment products.
Flattery – building a friendship with you to lull you into a false sense of security.
Remote access – scammers may pretend to help you and ask you to download software or an app so they can access to your device. This could enable them to access your bank account or make payments using your card.
FCA Authorised Businesses
Almost all financial services firms must be authorised by the FCA – the exceptions are for specific traded items such as wine
Check the Financial Services Register on the FCA website to see if a firm or individual is authorised or registered with us.
Check if the firm’s ‘firm reference number’ (FRN) and contact details are the same as on our Register.
If there are no contact details on the Register or if the firm claims they’re out of date, call our Consumer Helpline on 0800 111 6768.
If you use an unauthorised firm, you won’t have access to the Financial Ombudsman Service or Financial Services Compensation Scheme (FSCS) if things go wrong – and you’re unlikely to get your money back.
Check the FCA Warning List
Use the FCA Warning List to check the risks of a potential investment – you can also search to see if the firm is known to be operating without our authorisation.
You should seriously consider seeking financial advice or guidance before investing. You should make sure that any firm you deal with is regulated by us and never take investment advice from the company that contacted you, as this may be part of the scam.
You can report the firm or scam to the FCA by contacting their Consumer Helpline on 0800 111 6768.
In 2022, the government consulted on plans for data reforms and has now publishing its response to those comments.
It sets out how the Data Reform Bill announced in this year’s Queen’s Speech will strengthen the UK’s high data protection standards while reducing burdens on businesses to deliver around £1 billion in cost savings that they can use to grow their business and boost the economy.
The Data Reform Bill will more clearly define the scope of scientific research and give scientists clarity about when they can obtain user consent to collect or use data for broad research purposes.
The Information Commissioners Office (ICO)
The plans will modernise the ICO i.e. the data regulator, so it can better help businesses comply with the law.
The ICO received 130,000 complaints last year about unwanted calls and messages, but was only able to issue fines totalling £2.8 million.
The ICO will be given more enforcement powers – they will be able to take action over high volumes of unanswered calls by using heavier fines.
Reducing Business Burdens
Data-driven trade generated nearly three quarters of the UK’s total service exports and generated an estimated £234 billion for the economy in 2019.
The European Union’s highly complex General Data Protection Regulation (GDPR) has many positive features in protecting data but it also has drawbacks restricting the innovative use of data.
This bill will remove the UK GDPR’s prescriptive requirements giving organisations little flexibility about how they manage data risks – including the need for certain organisations, such as small businesses, to have a Data Protection Officer (DPO) and to undertake lengthy impact assessments.
It means a small business such as an independent pharmacist won’t have to recruit an independent DPO to fulfil the requirements of UK GDPR, provided they can manage risks effectively themselves, and they will not have to fill out unnecessary forms where the risk is low.
Organisations will still be required to have a privacy management programme to ensure they are accountable for how they process personal data. The same high data protection standards will remain but organisations will have more flexibility to determine how they meet these standards.
Protecting consumers from nuisance calls
The fines will increase from the current maximum of £500,000 and be brought in line with current UK GDPR penalties which are up to four per cent global turnover or £17.5 million, whichever is greater.
Those Annoying Cookies
Currently, users have to give their consent for cookies (the data points which allow sites to remember information about an individual’s visit) to be collected. To do so users have to opt in to cookie collection every time they visit a new site.
If you have any experiences with these scams do let me know, by email.