Walking off with the personal information of their employer when changing jobs is a criminal offence. So the data protection watchdog, the Information Commissioner’s Office (ICO) is warning after a court case.
A paralegal, who previously worked at Jordans Solicitors in Dewsbury, Yorkshire, was prosecuted for illegally taking the sensitive information of over 100 people before leaving for a rival firm in April 2013. The information was contained in six emails sent by James Pickles in the weeks before he left the firm. Pickles had hoped to use the information, which included workload lists, file notes and template documents but still contained sensitive personal data, in his new role.
Appearing at Bradford and Keighley Magistrates Court on September 9, 29 year-old Pickles was prosecuted under section 55 of the Data Protection Act and fined £300, ordered to pay a £30 victim surcharge and £438.63 prosecution costs.
ICO Head of Enforcement, Stephen Eckersley, said after the case: “Stealing personal information is a crime. The information contained in the documents taken by James Pickles included sensitive details relating to individuals involved in ongoing legal proceedings. He took this information without the permission of his former employer and has been rewarded with a day in court and a substantial fine.
“Employees may think work related documents that they have produced or worked on belong to them and so they are entitled to take them when they leave. But if they include people’s details, then taking them without permission is breaking the law. Don’t risk a day in court.”
And Carl Leonard Senior Manager (Regional Head), Websense Security Labs (EMEA) at Websense, said of the case: “Years ago, an employee would hop on the photocopier to duplicate some customers’ lists or simply take their little black book with them as they walk out of the door. Now, in just half a minute they can copy megabytes of data onto a micro USB stick and no-one is the wiser. Organisations should incorporate a high-level strategy around data theft prevention and realise that employees can be as much of a risk to their data as external threats. In the few days before an employee leaves a company, they can be surprisingly determined and creative to retain years of work, whether that be programming code, customer databases, and other records to help them in their future careers.”
Some background
Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. Visit www.ico.org.uk.
