Information Commissioner's Office
Personal data must be safe from prying eyes
Blog posted by Mike Shaw, Enforcement Group Manager, November 16, 2017.
Just because you can, doesn’t mean you should.
Most people are familiar with this phrase, but what is its relevance in the world of data protection?
Put simply, just because your job may give you access to other people’s personal information, that doesn’t mean you have the legal right to look at it, let alone share it. In fact, doing so without a valid reason or the knowledge of your employer is a criminal offence and could lead to prosecution by the Information Commissioner’s Office and a day in court.
The consequences don’t stop there. If found guilty, you’ll face a fine and possibly have to pay prosecution costs. The court case will likely be covered by local media and the details played out over the internet. Not only could you lose your job, but your future employment prospects could be irreparably damaged too.
Careers and reputations can be destroyed over nothing more than simple nosiness or personal curiosity.
So far this year, we have secured eight convictions against NHS employees who were caught prying into the medical records of patients, friends, colleagues or other people they knew without a valid or legal reason.
Such behaviour can be extremely distressing for the victim. Not only is it an invasion of their legally ensured fundamental right to privacy, it potentially jeopardises the important relationship of trust between patients and the NHS and can be damaging to the reputation of the health service as a whole.
Yet the NHS still finds employees ignoring all their training and breaking the law, in this case s55 of the Data Protection Act 1998.
The law exists for a reason. People have rights over how their data is processed, especially sensitive data like health records. It is only right that people’s privacy is protected and, when it is not, the ICO will take action against those responsible.
Of course, this issue is not unique to the NHS. In 2017, we have also prosecuted cases involving employees in local government, charities and the private sector, the latter cases often involving an element of financial gain.
At the moment, s55 offences can only be punished with a fine – the eight convictions this year attracted fines and costs totalling more than £8,000 – but in the future, we would like to see custodial sentences introduced as a sentencing option for the courts in the most serious cases.
A related press release was published yesterday.
Mike Shaw heads the ICO’s Criminal Investigations Team, responsible for investigating criminal breaches of the Data Protection Act and Freedom of Information Act. These include offences such as unlawfully obtaining and disclosing personal data.
Latest News from
Information Commissioner's Office
Former council worker fined for sharing personal information about schoolchildren and parents via Snapchat23/02/2018 09:10:00
A former local authority education worker who illegally shared personal information about schoolchildren and their parents has been prosecuted.
ICO executes search warrant at home of suspected ‘imposter’ who wanted exam results altered22/02/2018 12:42:00
The Information Commissioner’s Office has executed a search warrant as part of an investigation into a person suspected of posing as an ICO officer to commit criminal offences.
New model announced for funding the data protection work of the Information Commissioner’s Office22/02/2018 09:10:00
The Government has announced a new charging structure for data controllers to ensure the continued funding of the Information Commissioner’s Office (ICO).
Company previously fined for making nuisance calls is prosecuted for failing to change its ways15/02/2018 10:20:00
A company that has already been fined for making nuisance calls has now been prosecuted in a criminal court for continuing to break the law.