Former customer services officer fined after unlawfully accessing personal data.
A former customer services officer for Stockport Homes Limited has been found guilty at Stockport Magistrates court and ordered to pay a £300 fine, for unlawfully accessing personal data.
The court heard how Wendy Masterson spent time looking at anti-social behaviour cases without a legitimate reason to do so. In fact, she accessed Stockport Homes Limited case management system a total of 67 times between January and December 2017 when she was not authorised to do so. Her actions only came to light after concerns raised about her performance at work, prompted an audit into her access of the case management system. This resulted in her suspension and she later resigned her position as customer services officer.
Masterson, pleaded guilty to unlawfully accessing personal data in breach of s55 of the Data Protection Act 1998 at Stockport Magistrates Court on 6 June 2019. She was ordered to pay a £300 fine, £364.08 costs and a victim surcharge of £30.
Mike Shaw, Group Manager Enforcement at the Information Commissioner’s Office, which brought the prosecution, said:
“People have the absolute right to expect that their personal information will be treated with the utmost privacy and in strict accordance with the UK’s data protection laws.
“Our prosecution of this individual should act as a clear warning that we will pursue and take action against those who choose to abuse their position of trust”.
Companies must adhere to data protection laws when handling sensitive information and it is paramount when processing sensitive information that a strict code of confidentiality is practiced. Failure to protect and secure confidential information may not only lead to the loss of business or clients, but it also unlocks the danger of confidential information being misused to commit illegal activity such as fraud.
Strict data protection rules must be followed when managing private information. Currently this is verified by the Data Protection Act (DPA) 1998, however, EU parliament confirmed that the General Data Protection Regulation (GDPR) would replace the existing Act from May 2018. GDPR aims to give more people control over how organisations use their data, but hefty penalties of up to €20 million have been introduced for companies that do not comply with the regulations.
There are six main data protection principles that demonstrate the main responsibilities for organisations. These are as follows:
- Lawfulness, fairness and transparency
- Purpose limitations
- Data minimisation
- Storage limitations
- Integrity and confidentiality