The Information Commissioner’s Office (ICO) has advised that a former Leicester City Council employee has been fined after “unlawfully obtaining personal data”. Accessing confidential information without permission and a valid business reason to do so is an offence and can incur serious consequences.

It transpired that the ex-employee obtained details of users from the Adult Social Care Department. The council discovered the misuse after the employee had left the organisation and started his own business.

The initial investigation revealed that 34 emails had been sent to a private email account in February 2016. It was later revealed that the emails contained personal information about 349 individuals, including information on medical conditions, financial details, records of debt and details of care.

Steve Eckersley, head of ICO enforcement, said:

“People’s personal data is protected by law and employees should not be helping themselves to information if they decide to set up a new business or move to a new position.”

Eckersley continued:

“Employees need to understand the consequences of taking people’s personal information with them when they leave a job role. It’s illegal and when you’re caught, you will be prosecuted.

It is vital that organisations have the right security controls in place to prevent these attacks. Lack of user access management could allow unauthorised staff to gain access to highly sensitive customer information, which could then result in a data breach.”

If you or your organisation would like to discuss how to minimise the risk of potential threat such as the one above, please contact our team today.

T:            0161 428 2088

E:            info@ccsitsolutions.com

W:          https://www.ccsitsolutions.com/

CCS IT Solutions’ Team has been supporting businesses with IT services in Manchester and across the UK for over twenty years. Our service focuses on providing secure, efficient and cost-effective IT solutions to support business operations.