The Information Commissioner's Office has prosecuted an employee who transferred information about company clients before moving to a new job. The employee sent details of 957 clients to his personal email address. He then left to start a new role at a rival company. The prosecution was brought under section 55 of the Data Protection Act 1998 (DPA), namely for attempting to obtain personal data without the consent of the data controller.
The decision follows an earlier decision in April 2016 where an ex-employee of a insurance company was fined following conviction for the same data protection offence. The Information Commissioner's Office (ICO) has warned that "anyone who tries to unlawfully obtain, disclose or sell personal data should expect to see themselves hauled before the courts". Although the fine was nominal (£300), the ICO has called for custodial penalties for DPA breaches as part of the increasing relevance and significance of the data protection legislation.