In a recent case a former employee of Enterprise Rent-A-Car was prosecuted under section 55 of the Data Protection Act 1988 (the Act) by the Information Commissioner’s Office (ICO). Stephen Siddell was fined £500 and ordered to pay a £50 victim surcharge and prosecution costs of £264.08.
Mr Siddell had been a manager at the Southport branch of Enterprise Rent-A-Car between October 2011 and November 2011. Enterprise Rent-A-Car had compiled a database relating to car hire that had been arranged on behalf of insurance companies, the customers of which had been involved in a recent road traffic accident.
During his employment, Mr Siddell was able to print more than 1,900 people’s details. He would then pass the information on to a personal injury claims management company who contacted the individuals.
The claims management was raided by the ICO following an alert from the Enterprise Rent-A-Car security system. The ICO recovered over 500 records from the claims management company. At present the claims management company is under investigation.
Stephen Eckersley from the ICO is quoted as saying:
“Data theft is not a victimless crime … Siddell was happy to exploit people after they had recently had an accident … he is now facing the consequences of his crimes.”
Theft of data is a criminal act under the Act. The ICO is always keen to make an example of individuals who steal personal data. Companies need to have appropriate safeguards in place to try to prevent the theft of data.