Breaches of the Data Protection Act 1998 (DPA) are depressingly common, and whilst many are inadvertent, some are not.
The data which the DPA protects are essentially those which allow the identification of a person, and taking client records that contain such information to a new job, without permission, is a criminal offence, as a recent case shows.
It involved a man who worked for a waste management company. He left the firm he had been working for in order to join a competitor. When he left, he took with him the email addresses and other information relating to more than 900 customers to use in his new job.
Leaving aside breach of contract issues, the transfer of the data was a breach of the DPA, which prohibits 'unlawfully obtaining or accessing personal data', and he was convicted of the offence in the Magistrates' Court.
He was fined £300 and had to pay a 'victim surcharge' and other costs totalling nearly £450.
Data which are controlled under the Act remain the property of the employer and the responsibility of the employer to safeguard. Accordingly, staff should be made fully aware of their responsibilities under the Act and the organisation should have adequate policies and procedures in place to ensure that it is compliant with the Act in all respects.
We can advise you on setting up the necessary procedures to comply with your data protection responsibilities and advise you on what action to take when a breach occurs.
For further information on this matter, please contact Roy Colaba on 0121 698 2231 email, r.colaba@sydneymitchell.co.uk or fill in our online enquiry form.
|