14 Nov Unlawful access of client data persecuted by the ICO
A former employee of Lex Autolease Ltd who unlawfully accessed personal data records of 551 Lex Autolease customers relating to road traffic accidents has been prosecuted and fined under section 55 of the Data Protection Act 1998 (DPA). The employee accessed the records on his employer’s computer and then emailed them to his private email address, which he then sold to a third party as personal leads.
The defendant pleaded guilty to two charges under section 55 of the DPA at Manchester Magistrates’ Court, and was fined £500 and ordered to pay prosecution costs of £364 and a £25 victim surcharge.
This highlights that the risks associated with data breach and unlawful appropriation of data are of great importance to all involved. The fact that an employee illegally decided to send this protected information to his/her personal email has no relevance on the data controller’s duty.
ASV Law is a law firm specialised in data and media compliance