In February, the Information Commissioner’s Office prosecuted two people for unlawfully obtaining personal data from their work.
These cases highlight that data protection is a matter all employees need to understand and treat seriously. The people involved not only received a criminal conviction and fines, they also lost their jobs.
In Manchester, Philip Bagnall pleaded guilty to having taken customer details from an accident repair company and passed it on in a pub deal for £1000 to another company. The third party then contacted the customers asking if they wanted to pursue claims about their accidents.
Then, in Westminster, Samira Bouzkraoui admitted three offences after having taken a picture of data about children’s eligibility for school meals. Then she shared it via Snapchat with the estranged parent of one of the pupils. In doing so, she disclosed the information of 37 pupils and their parents.
As business owners, we have a duty of care towards our employees. Yes, these cases are matters that should be obviously wrong to any employee. We still need to ensure that we have been clear about what is and is not an acceptable practice. Acceptable use policies in the company staff handbook are all very well. It is also important to back this up with awareness training and a corporate culture that encourages good practice.