Mark Lloyd, a former employee of Acorn Waste Management, Shropshire, has been prosecuted by the Information Commissioner’s Office (ICO) under section 55 of the Data Protection Act 1998
Mr Lloyd pleaded guilty at Telford Magistrates Court to having emailed information about 957 client’s to his personal email address when he left Acorn to take up a new position with a rival employer. The information included client contact details, purchase histories, and other information of a commercially sensitive nature. Mr Lloyd was fined £300.00, and ordered to pay a £30.00 victim surcharge plus £405.98 in costs.
Section 55 of the Data Protection Act 1998 deals with the unlawful obtaining and/or disclosing of personal data.
Two years ago, a pharmacist who worked for South West Essex Primary Care Trust was also convicted under Section 55 of the Data Protection Act 1998 at Barkingside Magistrates Court after it was discovered during an audit that the pharmacist was using a security pass to illegally access the medical records of healthcare workers, work colleagues, and even those of family members.
Currently, a section 55 breach constitutes a criminal offence. Either the Director of Public Prosecutions or the Information Commissioner can commence a prosecution, which can be brought in either the Crown Court or the Magistrates Court. Those convicted of a breach face an unlimited fine in the Crown Court, or a fine of up to £5,000.00 in the Magistrates Court. In practice, the fines imposed are modest, and rarely do they ever exceed £5,000.00. The fact that those who are convicted of the offence end up with a criminal record, is often more damaging to them in the long term than the fine. A few years ago, a consultation was launched by the Department for Constitutional Affairs to review whether the penalties should be toughened up and determine whether custodial sentences would be an appropriate punishment, but as of yet nothing has come of that. Nevertheless, the ICO has indicated that it will continue to campaign for a change in the law that would allow the Courts to impose custodial sentences for the offence. They stated that they continue “to call for more effective deterrent sentences, including the threat of prison.”
The head of enforcement at the ICO, Steve Eckersley, said in light of the Mark Lloyd case that: “Taking client records that contain personal information to a new job without permission is a criminal offence…Employees need to be aware that documents containing personal data they have produced or worked on belong to their employer and are not theirs to take with them when they leave. Don’t risk a day in court by being ignorant of the law.”
Follow us on twitter by clicking this link to keep up to date with the very latest employment law news