Information Commissioner's Office
Personal data must be safe from prying eyes
Blog posted by Mike Shaw, Enforcement Group Manager, November 16, 2017.
Just because you can, doesn’t mean you should.
Most people are familiar with this phrase, but what is its relevance in the world of data protection?
Put simply, just because your job may give you access to other people’s personal information, that doesn’t mean you have the legal right to look at it, let alone share it. In fact, doing so without a valid reason or the knowledge of your employer is a criminal offence and could lead to prosecution by the Information Commissioner’s Office and a day in court.
The consequences don’t stop there. If found guilty, you’ll face a fine and possibly have to pay prosecution costs. The court case will likely be covered by local media and the details played out over the internet. Not only could you lose your job, but your future employment prospects could be irreparably damaged too.
Careers and reputations can be destroyed over nothing more than simple nosiness or personal curiosity.
So far this year, we have secured eight convictions against NHS employees who were caught prying into the medical records of patients, friends, colleagues or other people they knew without a valid or legal reason.
Such behaviour can be extremely distressing for the victim. Not only is it an invasion of their legally ensured fundamental right to privacy, it potentially jeopardises the important relationship of trust between patients and the NHS and can be damaging to the reputation of the health service as a whole.
Yet the NHS still finds employees ignoring all their training and breaking the law, in this case s55 of the Data Protection Act 1998.
The law exists for a reason. People have rights over how their data is processed, especially sensitive data like health records. It is only right that people’s privacy is protected and, when it is not, the ICO will take action against those responsible.
Of course, this issue is not unique to the NHS. In 2017, we have also prosecuted cases involving employees in local government, charities and the private sector, the latter cases often involving an element of financial gain.
At the moment, s55 offences can only be punished with a fine – the eight convictions this year attracted fines and costs totalling more than £8,000 – but in the future, we would like to see custodial sentences introduced as a sentencing option for the courts in the most serious cases.
A related press release was published yesterday.
Mike Shaw heads the ICO’s Criminal Investigations Team, responsible for investigating criminal breaches of the Data Protection Act and Freedom of Information Act. These include offences such as unlawfully obtaining and disclosing personal data.
Latest News from
Information Commissioner's Office
TechUK Data Ethics Summit13/12/2017 17:10:00
Elizabeth Denham’s speech at the TechUK Data Ethics Summit on 13 December 2017.
Guilty verdicts in trial against a company and rogue private investigators11/12/2017 10:05:00
A firm of loss adjusters has been found guilty of unlawfully disclosing personal data illegally obtained by senior members of their staff and private investigators.
ICO offers more support to SMEs ahead of Small Business Saturday01/12/2017 15:13:00
The Information Commissioner’s Office (ICO) is supporting Small Business Saturday by providing a range of dedicated products to help SMEs prepare for new data protection laws.
Nuisance call and spam text firms hit with £2m in fines by the ICO this year27/11/2017 10:10:00
A London firm behind over 156,000 spam texts has been fined £45,000 by the Information Commissioner’s Office (ICO).
The 12 ways that Christmas shoppers can keep children and data safe when buying smart toys and devices24/11/2017 11:05:00
In an increasingly digital world, more and more toys and devices aimed at children now have internet-connected technology. As the Christmas shopping season begins, many parents will be considering buying them for their children.