ICO takes action against an employee

ICO takes action, UK Data Protection Regulator, it’s not uncommon that computer users in small businesses share the same levels of access due to profiles being copied when a new starter joins the business. This is a practice you should work to avoid in order to protect both your company and its staff. Some members of staff my find they have access to things that aren’t appropriate to their job role and access this information anyway because they can and out of curiosity, this can however have devastating consequences and can result in prosecution.

Michelle Shipsey is one employee that found out the hard way after being prosecuted by the ICO. She accessed social care records without authorisation and without any business need to do so. It was later discovered the records related to four individuals known to Ms Shipsey.

Pleading guilty to one offence of unlawfully obtaining personal data, in breach of s170 of the Data Protection Act 2018. She was sentenced to a 6-month conditional discharge, ordered to pay costs and victim surcharges.

Could this ICO action have been avoided?

Probably, it’s in human nature to be inquisitive, and when sat in front of a computer screen some individuals think it wont hurt to open or access files that are available to them, even though they are not necessarily related to their job role. Staff training, good IT security protocols and employee guidance are key to protecting both staff and personal data. Make sure you all new starters are trained and receive a copy of your acceptable use policy (AUP), ensure the AUP has clear guidance surrounding accessing and storing personal identifiable information and ensure the AUP also outlines potential disciplinary procedures and criminal prosecution under the Data Protection Act 2018.

About Ametros Group

Ametros Group is a multi-award winning data privacy outsourcing provider. The company helps organisations to comply with various data privacy laws including EU GDPR and the UK Data Protection Act 2018 through consultancy, compliance framework implementation, auditing, Data Protection Officer outsourcing and EU/UK Representative services. Established in 2015, our multi-award winning team of data privacy experts have worked with FTSE100, Fortune500 and SMEs to deliver data protection excellence around the globe.

Press Contact

Ametros Group

press@ametrosgroup.com