The Information Commissioner’s Office has taken the rare step of prosecuting an employee of a company who took client details for his own benefit before he left to start a new job.

He’d been working for a waste management company in Shropshire and had access to the company’s clients’ personal information. Before leaving he sent the details of 957 clients to his personal email address. He later started a new job at a rival business. The email he’d sent to himself contained commercially sensitive information, including contact details and purchase histories, both being personal data under the Data Protection Act 1998.

The employee was prosecuted under the Data Protection Act, and pleaded guilty to unlawfully obtaining personal data. He was fined £300 and ordered to pay a victim surcharge of £30 and £405.98 in costs.

The case goes to show that not only are businesses obliged to maintain the security of personal data, their employees are too and can face personal liability if they breach the rules. There are well established legal obligations of confidentiality that apply to employees, but many people might be surprised to find out that just by taking a few customer details, they could be landed with a criminal record.

For further information regarding data protection services contact Farleys’ commercial law team on 0845 287 0939. Alternatively please complete an online enquiry form.