Information Commissioner's Office
Two Birmingham workers fined for data protection breaches
Employees could face a criminal prosecution if they access or share personal data without a valid reason, the Information Commissioner’s Office has warned.
The warning came after Birmingham Magistrates' Court fined two workers in separate cases for breaching data protection laws.
Faye Caughey, 32, of Ringswood Road, Solihull was employed at the Heart of England NHS Foundation Trust (HEFT) when she unlawfully accessed the personal records of 14 individuals between February 2017 and August 2017.
The Court heard that as part of her job, Ms Caughey was authorised to access records of adults on two separate systems – HEFT’s iCare and CareFirst from Solihull Metropolitan Borough Council.
But an internal investigation found that Ms Caughey viewed personal data of seven family members on iCare and seven children known to her on CareFirst. There was no business need for her to do this and so, she broke data protection law.
Ms Caughey pleaded guilty to breaching s55 and s60 of the Data Protection Act 1998(DPA1998) when she appeared at Birmingham Magistrates' Court on 15 March 2019. She was fined £1,000, with a £50 victim surcharge, and was ordered to pay £590 towards prosecution costs.
In a separate case, the Court heard that Jayana Morgan Davis, 32, of Wood Green Road, Birmingham forwarded several work emails containing personal data of customers and other employees to her personal email account in August 2017, weeks before resigning from her role at V12 Sports and Classics Ltd.
At Birmingham Magistrates' Court on 15 March 2019, Ms Morgan Davis admitted to three offences of unlawfully obtaining personal data in breach of s55 and s60 of the DPA1998. She was fined £200, with a £30 victim surcharge, and was ordered to pay £590 towards prosecution costs.
Mike Shaw, who heads up the criminal investigations team at the ICO, yesterday said:
“People expect that their personal information will be treated with respect and privacy. Unfortunately, there are those who abuse their position of trust and the ICO will take action against them for breaking data protection laws.”
Notes to Editors
- The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
- The ICO has specific responsibilities set out in the Data Protection Act 2018, the General Data Protection Regulation, the Freedom of Information Act 2000, the Environmental Information Regulations 2004 and the Privacy and Electronic Communications Regulation 2003.
- The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
- A limited number of criminal enforcement cases – including this case - are still being dealt with under the provisions of s55 the Data Protection Act 1998 because of the time when the breach of the legislation occurred.
- Criminal prosecution penalties are set by the courts and not by the ICO.
- To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.
Latest News from
Information Commissioner's Office
ICO raids business suspected of illegal pension cold calls04/10/2019 09:10:00
The Information Commissioner’s Office (ICO) yesterday searched a business premises in Chichester as part of an investigation into the making of nuisance calls related to pensions.
Superior Style Home Improvements fined and issued with enforcement notice17/09/2019 13:20:00
The Information Commissioner’s Office (ICO) has fined a Swansea double-glazing company £150,000 for making nuisance calls.
Privacy attacks on AI models16/09/2019 13:20:00
Reuben Binns, our Research Fellow in Artificial Intelligence (AI), and Andrew Paterson, Principal Technology Adviser, discuss new security risks associated with AI, whereby the personal data of the people who the system was trained on might be revealed by the system itself.
SMOs must “prepare for all scenarios” to maintain data flows when UK leaves the EU11/09/2019 14:20:00
The ICO has urged businesses to “prepare for all scenarios” as it publishes dedicated guidance to help small and medium sized organisations prepare for the possibility that the UK leaves the European Union with no deal.
Information Commissioner’s Office issues warning about historical personal details accessed through work06/09/2019 12:25:00
An ICO investigation into the actions of two former Metropolitan Police Service (MPS) officers has concluded.
Statement on the High Court judgement on the use of live facial recognition technology by South Wales Police04/09/2019 13:25:00
An ICO spokesperson responded to the statement on the High Court judgement on the use of live facial recognition technology by South Wales Police
Data minimisation and privacy-preserving techniques in AI systems22/08/2019 12:20:00
Reuben Binns, our Research Fellow in Artificial Intelligence (AI), and Valeria Gallo, Technology Policy Adviser, discuss some of the techniques organisations can use to comply with data minimisation requirements when adopting AI systems.
Statement: Live facial recognition technology in King's Cross19/08/2019 15:25:00
Statement from Elizabeth Denham, Information Commissioner, on the use of live facial recognition technology in King's Cross, London.