The defendant worked for a charity which supports young people and their families. It was reported that the defendant had sent 11 emails from his work email account to his personal email account in February 2017. These emails contained spreadsheets outlining the full names, dates of birth, telephone numbers and medical information of 183 individuals, 3 of whom were children. The ICO also discovered that the defendant had sent himself similar sensitive information via email in 2016.
Sharing personal and sensitive information in this way is a clear breach of section 55 of the Data Protection Act 1998 which prohibits a person knowingly or recklessly obtaining or disclosing personal data without the consent of the data controller (the person who is responsible for the data e.g. the charity trustees if the charity is unincorporated).
The defendant was convicted on 8th November and received a conditional discharge, was ordered to pay £1,845.25 in prosecution costs and to pay a victim surcharge of £15.
Although it is thought the defendant sent the personal data only to himself and it is not believed that he subsequently shared the information with third parties, this is not considered relevant and the act of copying and sending the information in this way constituted a breach of data protection law. This prosecution emphasises the obligation for charity trustees and directors of companies to ensure that proper processes are in place to protect individual’s data and that staff are adequately trained in data protection.
Breaches of section 55 are not limited to the charity sector. In November, the ICO prosecuted an NHS Auxilliary Nurse in Wales for accessing a patient’s medical records without a legal reason. She was fined £232 and ordered to pay £150 in costs and a £30 victim surcharge.
Prosecutions for breaches of section 55 offences are increasing and the head of the ICO’s Criminal Investigations Team has stated the ICO would be in favour of custodial sentences for the most serious cases of data protection breaches. Since January 2017 there have been 15 prosecutions for section 55 offences, many a result of individuals collecting information of employees and clients to use in a new job.
Even though the penalties for breaches of section 55 of the Data Protection Act are imposed on the employee who acts without authorisation, this does not mean that there will not be any consequences for the employer. On 1 December 2017, the Queen’s Bench Division of the High Court handed down a judgment in the case of Various Claimants v. Wm Morrisons Supermarket PLC in which it held that Morrisons is liable to compensate individuals whose data was disclosed by an employee in breach of section 55 of the Data Protection Act, even though Morrisons was not at fault.
The increase in prosecutions, combined with the implementation of the GDPR in May 2018, emphasise the importance of ensuring that data handled by your organisation is protected and only processed with a valid legal reason.
Charity trustees should also be mindful of the Charity Commission’s reporting requirements which include breaches of data protection law.
For more information or to answer any questions you may have, please get in touch with Lauro Fava.
We have been working with care homes to update their contracts and advise on the risks of charging the resident a regular “top-up” or additional fee where a resident is funded through NHS CHC
The parliamentary processes are complete and the Restriction of Public Exit Payments Regulations 2020 (“the Regulations”) which cap exit payments in the public sector at £95,000 will be in force from 4 November.
As the UK’s social housing sector recovers from the initial Covid-19 outbreak and lockdown, now is the time to focus on the challenges that may emerge next.
There is no universal approach to regenerating town centres. However, housing must be considered a key part of any regeneration project – providing well-needed new homes and economic growth.
Friday 16 October marks the 6th annual Wear Red Day in England, Wales and Scotland. Wear Red Day is the brainchild of the charity; Show Racism the Red Card (SRTRC). SRTRC aims to educate young people so they are equipped to recognise and challenge stereotypes, misconceptions and negative attitudes towards race.
Alongside the Building Safety Bill published in July 2020, the Fire Safety Bill is a key step in the Government’s strategy to improve building and fire safety in the wake of the Grenfell Tower tragedy
Government regulations came into force on 23 September 2020 providing LGPS (local government pension scheme) employers with flexibility on meeting exit payments and LGPS funds with flexibility too
Charity Financials, the financial information program from Wilmington Charities, has published its latest Income Monitor report.
As employers face the end of the Coronavirus Job Retention Scheme on 31 October 2020, Katherine Sinclair and Libby Hubbard discuss the intricacies of the redundancy process for furloughed employees.
We have learned many things over the last six months; the latest lesson is that there is no new normal. The Government initiatives and guidance may have slowed down a pace, but the challenges for employers and their employees remain.
To receive invitations to our events, as well as information and articles on legal issues and sector developments that are of interest to you, please sign up to Newsroom.