Birmingham Court fines pair over data breaches
The ICO will also take action against pair for "abuse of positions of trust"
The Information Commissioner's Office (ICO) has warned that employees could face criminal charges if they access or share personal data without a valid reason.
The warning came after a Birmingham Magistrates' Court fined two workers in separate cases for breaching data protection laws in 2017. Both individuals pleaded guilty to violations under the same sections of the Data Protection Act 1998.
Faye Caughey, who worked at the Heart of England NHS Foundation Trust (HEFT), pleaded guilty to breaching two sections of the Data Protection Act 1998 at a Birmingham Magistrates' Court on 15 March 2019. As part of her role, Caughey was authorised to access records of adults on two separate systems: the HEFT's iCare and CareFirst from Solihull Metropolitan Borough Council.
But an internal investigation found that between February and August 2017 Caughey viewed personal data of seven family members on iCare and seven children known to her on CareFirst. The ICO said that there was no business need for her to do this and, as such, she was in violation of the law.
Caughey was hit with a 1,000 fine and a 50 victim surcharge, and ordered to pay 590 towards prosecution costs.
In a separate case, from the same day in the same court, Jayana Morgan-Davis was fined 200, with similar surcharges and prosecution costs, after admitting three offences of obtaining personal data - violating the same two sections of the Data Protection Act 1998 as Caughey.
Morgan-Davis, who worked for V12 Sports and Classics in Birmingham, forwarded several work emails containing the personal data of customers and other employees to her own personal email account in August 2017 a few weeks before resigning from her role.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Although the pair have been fined by the courts, they could still face criminal charges for their actions and the ICO has also confirmed it is taking action against them.
"People expect that their personal information will be treated with respect and privacy. Unfortunately, there are those who abuse their position of trust and the ICO will take action against them for breaking data protection laws," said Mike Shaw, who headed up the criminal investigation team at the ICO.
Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.
Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.