Two sentenced under the Computer Misuse Act for data theft

The individuals were accused of siphoning away personal data from RAC to an accident claims management firm

The Information Commissioner’s Office (ICO) has led the successful prosecution of two individuals for violating the Computer Misuse Act (CMA) 1990 by stealing personal data to make nuisance calls.

Kim Doyle, a former RAC employee, was found guilty of transferring personal data to an accident claims management firm without permission, including road traffic accident data such as names, mobile phone numbers and registration numbers.

An ICO investigation found that Dyle transferred the data she had obtained to William Shaw, the director of TMS, with this data subsequently being used to make nuisance calls. This constituted a breach of the CMA, with Doyle pleading guilty to conspiracy to secure unauthorised access to computer data, and selling unlawfully obtained personal data.

Both Doyle and Shaw, as a result, have each been handed an eight-month prison sentence, suspended for two years.

“People’s data is being accessed without consent and businesses are putting resources into tracking down criminals,” said Mike Shaw, who heads up the UK data regulator’s criminal investigations team. 

“Once the data is in the hands of claims management companies, people are subjected to unwanted calls which can in turn lead to fraudulent personal injury claims. Offenders must know that we will use all the tools at our disposal to protect people’s information and prevent it from being used to make nuisance calls.

“This case shows that we can, and will take action, and that could lead to a prison sentence for those responsible.”

This is only the latest in a handful of prosecutions made under the CMA, led by the ICO. In June 2020, for instance, a businesswoman was sentenced for illegally accessing a company’s servers and deleting files months after resigning as a director.

While only a few individuals are prosecuted under the CMA, historical research had found that more than a third of IT workers admitted to violating this legislation. The research from 2016 showed that roughly half of employees surveyed admitted to retaining access to their former employer’s network, while 36% admitted to accessing corporate systems after leaving their roles.

The act itself, however, is widely deemed out-of-date and counterintuitive by many working in the IT sector and in cyber security. 

According to research published last year, the 30-year-old legislation is preventing cyber security professionals from doing their jobs. Many, in particular, are worried about whether may be breaking the law while researching vulnerabilities, or investigating threats. Specifically, 40% of those surveyed said the CMA has acted as a barrier to them or their colleagues and has prevented them from proactively safeguarding against breaches.

A coalition of businesses, trade bodies, lawyers and cyber security lobby groups also wrote to the prime minister, Boris Johnson, in June 2020 urging his government to reform the CMA for similar reasons. This group included techUK, F-Secure, McAfee and Trend Micro, among other organisations.

The Criminal Law Reform Now Network (CLRNN) has also reported on the shortcomings of the CMA, claiming in January last year that the legislation is putting critical UK infrastructure at risk.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021