Former customer services officer fined after unlawfully accessing personal data

10 Jun 2019 03:20 PM

A former customer services officer at Stockport Homes Limited (SHL) has been found guilty of unlawfully accessing personal data without a legitimate reason to do so.

Wendy Masterson spent time looking at anti social behaviour cases on SHL's case management system when she wasn’t authorised to do so. She accessed the system a total of 67 times between January and December 2017.

The offences came to light following an audit of Masterson’s access to SHL’s case management system, after concerns were raised regarding her performance, which resulted in Masterson’s suspension and her subsequent resignation.

Masterson, of Middlesex Road, Stockport pleaded guilty to unlawfully accessing personal data in breach of s55 of the Data Protection Act 1998 at Stockport Magistrates Court on 6 June 2019. She was ordered to pay a £300 fine, £364.08 costs and a victim surcharge of £30.

Mike Shaw, Group Manager Enforcement at the Information Commissioner’s Office, which brought the prosecution, recently said:

“People have the absolute right to expect that their personal information will be treated with the utmost privacy and in strict accordance with the UK’s data protection laws.

“Our prosecution of this individual should act as a clear warning that we will pursue and take action against those who choose to abuse their position of trust”.

Notes to Editors

  1. The Information Commissioner’s Office (ICO) is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  2. The ICO has specific responsibilities set out in the Data Protection Act 2018 (DPA2018), the General Data Protection Regulation (GDPR), the Freedom of Information Act 2000 (FOIA), Environmental Information Regulations 2004 (EIR), Privacy and Electronic Communications Regulations 2003 (PECR) and a further five Acts / Regulations.
  3. The ICO can take action to change the behaviour of organisations and individuals that collect, use and keep personal information. This includes criminal prosecution, non-criminal enforcement and audit.
  4. A limited number of criminal prosecutions – including this case - are still being dealt with under the provisions of the Data Protection Act 1998 because of when the offence occurred.
  5. Criminal prosecution penalties are set by the courts and not by the ICO. The maximum penalty for criminal offences under both the Data Protection Act 1998 and the new 2018 Act is an unlimited fine.
  6. To report a concern to the ICO telephone our helpline 0303 123 1113 or go to ico.org.uk/concerns.