The Information Commissioner’s Office (“ICO”) has reported the prosecution of an employee in relation to the unlawful obtaining of personal data. The case concerned an employee who emailed himself details of 957 clients of his employer prior to leaving to start work for a competing company. The documents taken by the employee included personal data, details of purchase history and other commercially sensitive data.
The employee pleaded guilty to the offence under section 55 of the Data Protection Act and received a fine and order to pay costs and a victim surcharge. It could be that this prosecution gives employers a further option when faced with an exiting employee taking sensitive data which includes personal data.
Historically, an employer would have limited options to take action against an employee in similar circumstances, usually being left to pursue expensive proceedings for an injunction. Whilst a criminal case will not offer the employer the same remedies as civil proceedings, the prospect of the employer reporting matters to the ICO or the police may be sufficient deterrent to employees who may otherwise consider taking the employer’s data prior to leaving employment. Time will tell as to whether this sort of prosecution will become more common. The ability of the ICO to maintain efficient pursuit of such cases will no doubt be a relevant factor as will the awareness of employers to such breaches of the Data Protection Act
