WIREDGOV

A bank employee has been fined after a court heard she unlawfully accessed bank statements of her partner’s ex-wife.

At the time that Lara Davies, of Barrowash, Derby, accessed information from the statements, her partner was involved in a legal dispute over the terms of a divorce settlement. But when eBay transactions were raised in a meeting between the estranged couple, the ex-wife became suspicious that her account had been viewed.

Barclays, where Ms Davies worked, were contacted, and when they investigated the matter she left her job.

Ms Davies pleaded guilty to 11 offences under section 55 of the Data Protection Act, and was fined £500 by Derby Crown Court and ordered to pay a £15 victim surcharge and £1,410.80 prosecution costs.

UK Information Commissioner, Christopher Graham, said:

“High street bank staff have access to financial information on a day-to-day basis, and are expected to treat that privilege with professionalism. When that trust is abused, and the personal data they access is misused, the law is very clear, as this case has shown.

“The only surprise here is that – in an age where our personal information is being stored and accessed by more organisations than ever – the penalties for abusing the system are so inadequate.”

Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998. The offence is punishable by way of a financial penalty of up to £5,000 in a Magistrates Court or an unlimited fine in a Crown Court. The ICO continues to call for more effective deterrent sentences, including the threat of prison, to be available to the courts to stop the unlawful use of personal information.

The Information Commissioner continued:

“This case illustrates the need for more effective deterrent sentences to be available to the courts, as recommended most recently by Lord Justice Leveson. Unlawful access to personal information is all too easy and all too common - and these days it does not seem to have much to do with the press.”

Notes to Editors

1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
 
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.

3. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

• Fairly and lawfully processed
• Processed for limited purposes
• Adequate, relevant and not excessive
• Accurate and up to date
• Not kept for longer than is necessary
• Processed in line with your rights
• Secure
• Not transferred to other countries without adequate protection

4. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter.

5. If you need more information, please contact the ICO press office on 0303 123 9070 .