Information Commissioner's Office
Former council officer fined for emailing CVs of rival job applicants to his partner
A former senior local government officer has been prosecuted for passing the personal information of rival job applicants to his partner.
Kevin Bunsell was employed by Nuneaton and Bedworth District Council in Warwickshire as its Head of Building Control and had been trained in data protection law.
In July 2017, his partner applied for an administrative job at the council and Bunsell was not involved in the selection process because of his personal relationship. However, he accessed the authority’s recruitment system and emailed the personal information of the nine rival shortlisted candidates to both his own work email address and also his partner’s Hotmail account.
The recruitment packs he shared included the name, address, telephone number and CV of each candidate, along with contact details for each of their two referees. That was against the law.
The court was told that once the data breach had been discovered, Bunsell resigned and although his partner had initially been successful, her employment was also terminated because she had had been appointed on the basis of an invalid recruitment process.
Bunsell, aged 60, of Pembroke Close, Bedworth, admitted a charge of unlawfully sharing data in breach of s55 of the Data Protection Act 1998 when he appeared at Nuneaton Magistrates’ Court. He was fined £660 and was also ordered to pay £713.75 costs and a victim surcharge of £66.
Steve Eckersley, Director of Investigations at the Information Commissioner’s Office, which brought the prosecution, yesterday said:
“People who supply their personal information to an organisation in good faith, such as when applying for a job, have a legal right to expect it will be treated lawfully and ethically.
“Not respecting people’s legal right to privacy can have serious consequences, as this case demonstrates. Not only might you face a prosecution and fine, along with the attendant publicity, but you may also lose your job and severely damage your future career prospects.”
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulations, the Freedom of Information Act 2000, the Environmental Information Regulations 2004 and the Privacy and Electronic Communications Regulation 2003.
- The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- A limited number of criminal prosecutions – including this case - are still being dealt with under the provisions of the Data Protection Act 1998 because of when the offence occurred.
- Criminal prosecution penalties are set by the courts and not by the ICO. The maximum penalty for criminal offences under both the Data Protection Act 1998 and the new 2018 Act is an unlimited fine.
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.
Latest News from
Information Commissioner's Office
ICO call for views on the application for powers under the Proceeds of Crime Act11/11/2019 09:10:00
The Information Commissioner invites views on her office being granted access to investigation and other associated powers under the Proceeds of Crime Act 2002 (POCA).
Information Commissioner reminds political parties they must comply with the law ahead of General Election06/11/2019 09:10:00
The Information Commissioner has sent the following letter to the political parties in relation to the use of data in political campaigning.
Blog: Live facial recognition technology – police forces need to slow down and justify its use31/10/2019 13:10:00
Blog posted by: Elizabeth Denham, Information Commissioner, 31 October 2019.
Statement on an agreement reached between Facebook and the ICO30/10/2019 15:10:00
In 2017 the Information Commissioner's Office ("ICO") commenced a formal investigation into the misuse of personal data in political campaigns.
Blog: Embedding accountability – we want to hear from you29/10/2019 13:20:00
Blog posted by: Ian Hulme, Director for Regulatory Assurance, 28 October 2019.
AI Auditing Framework Call for Input: final considerations and next steps29/10/2019 09:10:00
As the initial Call for Input into the development of the ICO AI Auditing Framework comes to an end, Simon McDougall, Executive Director for Technology and Innovation, reflects on some of the overarching themes that have emerged in the first phase of our work.
Data Protection Impact Assessments and AI24/10/2019 10:20:00
Simon Reader, Senior Policy Officer, discusses some of the key considerations for organisations undertaking data protection impact assessments for Artificial Intelligence (AI) systems.
Blog: How coming to work at the ICO on a secondment can benefit both of us22/10/2019 15:05:00
Blog posted by: Simon McDougall, ICO Executive Director for Technology and Innovation, 22 October 2019.