,

Council employee carries out personal data protection breach to help his partner get a job

data breach

A former senior local government officer has been fined. This comes after he shared the personal information of rival job applicants with his partner. The man’s partner had applied for a job at the council. As this could have meant the other applicants lost out on the job unfairly, this was a severe personal data protection breach.

What happened in this personal data protection breach?

In July 2017, Nuneaton and Bedworth District Council advertised an administrative job.

Because he was in a relationship with one of the candidates, the local government official was not involved in the recruitment process. Despite this, he decided to access the council’s recruitment system and email the personal information of all the shortlisted candidates to himself and his partner.

The data breached included the names, addresses, telephone numbers and CVs of each candidate.  The breach also included the personal contact details for each of their two referees. This is a shocking violation of data protection laws.

On discovering the data breach, the man resigned from his position at the council. His partner had been successful in her application, so she also had her employment terminated.

What was the result of this personal data protection breach?

The Information Commissioner’s Office (ICO) decided to prosecute this data privacy violation. The man was fined £660, ordered to pay costs of £713.75 and a victim surcharge of £66.

Steve Eckersley, Director of Investigations at the ICO, said:

“People who supply their personal information to an organisation in good faith, such as when applying for a job, have a legal right to expect it will be treated lawfully and ethically.

 “Not respecting people’s legal right to privacy can have serious consequences, as this case demonstrates. Not only might you face a prosecution and fine, along with the attendant publicity, but you may also lose your job and severely damage your future career prospects.”

Lessons learned?

In this case, little could have been done to protect those people who had their data breached. The man had been trained in data protection. So he fully understood that he was breaking the law.

However, employees must understand that they could face criminal charges and fines if they access or share personal data illegally. In fact, after stealing the data of nearly 100,000 staff from supermarket Morrisons, one ex-employee was jailed for eight years.

Organisations also need to do more to protect personal data. This includes putting robust systems in place to ensure that confidential information is only available to those people who need it to do their jobs.

Not Just Hackers

At Hayes Connor, we want to reduce the number of data violations taking place across the UK. To do this, we are sharing such real-life examples of personal data protection breaches to raise awareness of this issue and educate people to prevent similar instances from happening.

For more advice on how to keep your data safe, follow the Hayes Connor #NotJustHackers campaign on Twitter and Facebook.

Alternatively, if you have been the victim of a data breach, find out how we can help you to recover any losses or contact us to discuss your case in more depth.