An employee in the motor industry has reportedly been prosecuted for the unlawful disclosure of accident data, which she illegally recorded and sold on for use by another company.
The ICO (Information Commissioner’s Office) has confirmed that a former employee of the RAC collected road accident data from the car insurance and roadside assistance company. It is then reported that she passed data on to the director of an accident claims firm.
The incident shows how personal data can be a valuable criminal asset and is a disturbing account of how the trust of customers can be broken when criminals decide to misuse data for their own profit. At the same time, it is reassuring that such criminals can be detected and punished under the law.
At Your Lawyers – The Data Leak Lawyers – as leading data breach claims lawyers, we aim to hold those responsible for data breaches to account for their actions. As such, if you have suffered as a result of having your data exposed, we are here to help you claim the compensation that you deserve.
The sentencing of the two perpetrators involved
The former RAC employee’s unlawful disclosure of accident data was first detected after the RAC began an investigation into a potential data leak. This arose from suspicions from the fleet management company, Arval, that had been reported.
An Arval driver had been receiving nuisance calls about an accident that he had been involved in, for which the RAC had recovered his vehicle. A scan of the email inboxes and outboxes of RAC employees found that the former employee had been collecting lists of personal data without authorisation.
In court, the former RAC employee pleaded guilty to “conspiracy to secure unauthorised access to computer data, and to selling unlawfully obtained personal data”. She and the recipient of the data were both given an eight-month suspended prison sentenced, suspended for two years. To recover the money they gained from the crime, they were ordered to pay £25,000 and £15,000 respectively, or they could face further time in prison.
The unlawful disclosure of accident data – prosecuted under the Computer Misuse Act
Interestingly, the ruling reportedly marks only the second ICO prosecution under the Computer Misuse Act 1990, the first of which occurred in 2018. Typically, ICO cases like this are prosecuted under the Data Protection Act. However, when the Computer Misuse Act is applied, the Court can have access to a wider range of potential penalties.
The former RAC employee’s unlawful disclosure of accident data was viewed as one of the extremely serious cases that warranted a prosecution in accordance with the Computer Misuse Act. It is important to remember that data crimes like this can have just as serious consequences as any other crime. Mike Shaw, the chair of the ICO Criminal Investigations Team, said that the crime was not “victimless”, citing fraud as a potential consequence of their actions.
Standing up for your rights
However severe or small it may be, any breach of data protection law should be taken seriously and dealt with accordingly. This is a principle that we work hard to uphold at Your Lawyers – The Data Leak Lawyers.
If you have suffered distress, financial losses or expenses as a result of a data breach, you can have the right to claim compensation from those responsible.
Please do not hesitate to contact us for free, no-obligation advice on your right to claim.