Home / News & Resources / News & Updates / Workers could face criminal charges and fines for data protection breaches

Workers could face criminal charges and fines for data protection breaches

  • Posted on

Two employees have been fined for breaches of data protection laws in two separate cases. The verdicts should come as a stark warning to people who access or share personal data without a valid reason.

Breaches of trust by employees

In the first case, a woman from Solihull unlawfully accessed the personal records of 14 individuals at the Heart of England NHS Foundation Trust (HEFT) where she worked. While she was authorised to access files of adults on two separate systems, she abused this trust to look at the personal data of seven family members and seven children known to her. As there was no business need for her to this, she broke data protection laws.

After pleading guilty at Birmingham Magistrates' Court she was fined £1,000, with a £50 victim surcharge. She was also ordered to pay £590 towards prosecution costs.

In a second case, a woman forwarded several work emails containing the personal data of customers and other employees to her private email before resigning from her role at V12 Sports and Classics Ltd. She admitted to three offences of unlawfully obtaining personal data. As a result, she was fined £200, with a £30 victim surcharge. She was also ordered to pay £590 towards prosecution costs.

These cases should remind employees that they could face criminal prosecution and hefty fines if they access or share personal data without a valid reason. In fact, after stealing the data of nearly 100,000 staff from supermarket Morrisons, one ex-employee was subsequently jailed for eight years.

Mike Shaw, who heads up the criminal investigations team at the ICO, said: "People expect that their personal information will be treated with respect and privacy. Unfortunately, there are those who abuse their position of trust and the ICO will take action against them for breaking data protection laws."

What can happen if an employee accesses or shares data without a valid reason?

At Hayes Connor, our experts deal with a significant volume of data breach cases each day. During our work we see many different types of claims and how data breaches can affect people in different ways. In some instances these breaches are caused by employees deliberately ignoring data privacy laws.

For example, our solicitors saw the impact of what can happen when sensitive medical information was revealed by a family member working for the NHS. In this data breach, the sister-in-law of our client (who was a NHS staff member), accessed the NHS system and then shared personal details about our client with the rest of her family. This included specific information about our client's baby.

As a direct result of this violation, our client's relationship with her family broke down. She received threats from a family member resulting in police involvement, and had to deal with the ongoing worry of further danger. In response, our client suffered stress, anxiety attacks and trauma. Ultimately she required medication to be prescribed to help manage the psychological effects of this terrible breach of trust. To make matter worse, the breach meant that our client could no longer continue her university studies, so she also suffered the loss of expenses, and the opportunity to progress her career.

Holding employees to account for data protection breaches

We believe that it is only right that people are prosecuted for data protection breaches and made accountable for the damage caused.

However, to combat such deliberate breaches, it's also vital that every staff member accessing personal records has a reason for doing so - with systems put in place to help prevent authorised accesses. Also, employees should receive regular data protection training to make sure they understand the potential consequences of breaching data protection laws.


For more advice on how to keep your data safe, follow Hayes Connor onTwitterandFacebook. Alternatively, if you have been the victim of a data breach,find out how we can help you to recover any lossesor give us a call on 0151 363 5895 to discuss your case in more depth.