Criminal prosecution and fine for employee who shared personal data in breach of the Data Protection Act

August 17, 2017

Breach of the data protection legislation can have very serious consequences for employees as highlighted by the recent criminal prosecution of an employee, Mr Franklin, in England. Mr Franklin was prosecuted under Section 55 of the Data Protection Act 1998 and the case was publicised by the Information Commissioners Office (“ICO”) as a warning to employees to exercise caution when sharing person data.

Facts

Mr Franklin was employed as a Recruitment Manager by HomeServe Membership Limited. He was prosecuted for sending copies of 26 CVs containing the personal data of applicants seeking employment with Homeserve to an external recruitment company with no business need to do so.  The Data Controller became suspicious when it was discovered that some candidates who had applied for jobs directly with HomeServe were submitted as applicants by the third party Agency.

Mr Franklin was fined £573 and ordered to pay costs of £364 and a victim surcharge of £57 giving a total fine of £994.

Comment

Although some may view Mr Franklin’s actions as minor, this prosecution demonstrates that breach of the Data Protection Act can result in criminal prosecution and a fine. The ICO Head of Enforcement commented “what people might think is a minor mistake could lead to the loss of their job, a day in court and a fine.”

This article has been produced for general information purposes and further advice should be sought from a professional advisor. Please contact our Employment Team at Cleaver Fulton Rankin for further advice or information.