An ex-employee was prosecuted in the Magistrates Court recently for taking personal information without his employer’s consent. He was also condemned by the Information Commissioner’s Office (‘ICO’).
Mr Morar took the details of vulnerable service users from Leicester City Council’s Adult Social Care Department and sent the information to his personal email account. The Council made the discovery after Nilesh Morar had left his employment with the Council in order to set up his own business.
It was discovered during the initial investigation that Mr Morar had sent 34 emails to his personal email account in February 2016, when he was still employed by the Council. It subsequently came to light that Mr Morar had sent the personal information of 349 individuals to his personal email account, including specific details of medical conditions, care and financial details and debt records.
The Defendant, Mr Morar, pleaded guilty under section 55 of the Data Protection Act. He was fined £160, ordered to pay £364.08 in prosecution costs and a £20 victim surcharge.
The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The Head of ICO Enforcement, Steve Eckersley, warned that a hard line would be taken against those who steal personal details.
Mr Eckersley explained that “People’s personal data is protected by law and employees should not be helping themselves to information if they decide to set up a new business or move to a new position.”
Furthermore, Mr Eckersley said “Employees need to understand the consequences of taking people’s personal information with them when they leave a job role. It’s illegal and when you’re caught, you will be prosecuted.”