Case Studies

Data theft fine

by Mark Rowe

A manager at a Merseyside branch of the car rental company Enterprise Rent-A-Car has been prosecuted by the Information Commissioner’s Office (ICO) after unlawfully stealing the records of almost 2000 customers before selling them to a claims management company. At Wirral Magistrates Court, 29 year-old Stephen Siddell was prosecuted under section 55 of the Data Protection Act and fined £500, ordered to pay a £50 victim surcharge and £264.08 prosecution costs.

Enterprise Rent-A-Car alerted the ICO after its security systems showed an irregularity. Acting on this information, the ICO then raided a claims management company based in the Liverpool area. The raid resulted in over 500 records being recovered relating to car hire arranged by Enterprise Rent-A-Car on behalf of insurance companies whose customers had been involved in a recent accident.

The records were traced to Siddell, who had used his position as manager of the rental firm’s Southport branch to print the customers’ details. The ICO was able to establish that Siddell printed the details of more than 1900 people between 14 October 2011 and 4 November 2011. All of the documents related to customers involved in road traffic incidents.

Siddell passed the information to the claims management company who then contacted many of the individuals about potential personal injury claims. Neither Enterprise Rent-A-Car nor its customers gave permission for their information to be passed on.

The watchdog adds that the claims management company remains under investigation by the ICO and so cannot be named at this time.

ICO Head of Enforcement, Stephen Eckersley, said after the case: “This man was motivated by greed. Stephen Siddell betrayed his employer and exploited over 1900 customers for personal gain. Staff at Enterprise Rent a Car acted swiftly in notifying us of their concerns and we were then able to protect other potential victims.

“Data theft is not a victimless crime and many of the people targeted by Siddell and the claims management company will have received nuisance calls offering to pursue a personal injury claim. Siddell was happy to exploit people after they had recently had an accident, when they may have already been suffering mentally and physically. He is now facing the consequences of his crimes.”

The watchdog adds that unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of ‘fine only’ – up to £5,000 by magistrates or an unlimited fine in a crown court. The ICO says that it continues to call for more effective deterrent sentences, including the threat of prison, to be available to the courts to stop the unlawful use of personal information.

Related News

  • Case Studies

    NHS patient software

    by msecadm4921

    Homerton University Hospital NHS Foundation Trust  has become the latest NHS Trust to select FairWarning Privacy Breach Detection to monitor and protect…

  • Case Studies

    Spam in Q1

    by Mark Rowe

    According to Kaspersky Lab’s latest spam report, in Q1 2013, the amount of unsolicited correspondence in email traffic grew slightly (+0.53 percentage…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing