Jail sentence for data breach - you've been warned!
Did you know that a motor industry employee has been sentenced to six months in prison in the first prosecution to be brought by the ICO. A car repair worker was handed a prison sentence for stealing customers’ personal data from his former work-place. Mustafa Kasim pleaded guilty to stealing personal information, including names, phone numbers and vehicle details of people involved in road accidents, and was sentenced to six months in prison at London’s Wood Green Crown Court.
The ICO believe Kasim accessed thousands of customer records by using a colleagues’ login details to log into software that estimates vehicle repair costs.
He continued to do this even after leaving the firm to join another company which used the same software.
This case is a significant landmark for the ICO as it is the first time someone has been sentenced following an investigation by the data regulator, who had been investigating Kasim’s former workplace amid claims of nuisance calls by the firm’s clients. Whilst the ICO has traditionally prosecuted offences such as these under the Data Protection Act, on this occasion they pursued charges under the Computer Misuse Act as an individual cannot be jailed for breaching the Data Protection Act.
An ICO spokesperson said "In the future this ruling could dissuade people who think it’s worth their while to obtain and disclose personal data without permission.” and added “Although this was a data protection issue, in this case, we were able to prosecute beyond data protection laws, resulting in a tougher penalty to reflect the nature of the criminal behaviour.”