A recent prosecution under the Data Protection Act 1998 (DPA) should be of interest to both employers and employees. If you are an employee, it is a warning that when leaving a job, taking personal client/customer information without permission can have implications under criminal as well as employment law. If you are an employer, it is a reminder that in order to prevent personal data being compromised, you need to have in place appropriate security measures supported by policies, procedures and well-trained staff.
Mark Lloyd was an employee of a waste management company. He was moving jobs to a rival firm and decided to send an e-mail to his personal e-mail address with the details of 957 clients of his existing employer. Information included customer contact details, their purchase history and other commercially sensitive information.
Mr Lloyd was prosecuted and pleaded guilty to the DPA offence of unlawfully obtaining personal data. He was fined £300 and ordered to pay court and prosecution costs of just over £435.
The Head of Enforcement at the Information Commissioner’s Office said “Taking client records that contain personal information to a new job, without permission, is a criminal offence. Employees need to be aware that documents containing personal data they have produced or worked on belong to their employer and are not theirs to take with them when they leave. Don’t risk a day in court by being ignorant of the law.”