IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Two sentenced under the Computer Misuse Act for data theft

The individuals were accused of siphoning away personal data from RAC to an accident claims management firm

The Information Commissioner’s Office (ICO) has led the successful prosecution of two individuals for violating the Computer Misuse Act (CMA) 1990 by stealing personal data to make nuisance calls.

Kim Doyle, a former RAC employee, was found guilty of transferring personal data to an accident claims management firm without permission, including road traffic accident data such as names, mobile phone numbers and registration numbers.

An ICO investigation found that Dyle transferred the data she had obtained to William Shaw, the director of TMS, with this data subsequently being used to make nuisance calls. This constituted a breach of the CMA, with Doyle pleading guilty to conspiracy to secure unauthorised access to computer data, and selling unlawfully obtained personal data.

Both Doyle and Shaw, as a result, have each been handed an eight-month prison sentence, suspended for two years.

“People’s data is being accessed without consent and businesses are putting resources into tracking down criminals,” said Mike Shaw, who heads up the UK data regulator’s criminal investigations team. 

“Once the data is in the hands of claims management companies, people are subjected to unwanted calls which can in turn lead to fraudulent personal injury claims. Offenders must know that we will use all the tools at our disposal to protect people’s information and prevent it from being used to make nuisance calls.

“This case shows that we can, and will take action, and that could lead to a prison sentence for those responsible.”

This is only the latest in a handful of prosecutions made under the CMA, led by the ICO. In June 2020, for instance, a businesswoman was sentenced for illegally accessing a company’s servers and deleting files months after resigning as a director.

While only a few individuals are prosecuted under the CMA, historical research had found that more than a third of IT workers admitted to violating this legislation. The research from 2016 showed that roughly half of employees surveyed admitted to retaining access to their former employer’s network, while 36% admitted to accessing corporate systems after leaving their roles.

The act itself, however, is widely deemed out-of-date and counterintuitive by many working in the IT sector and in cyber security. 

According to research published last year, the 30-year-old legislation is preventing cyber security professionals from doing their jobs. Many, in particular, are worried about whether may be breaking the law while researching vulnerabilities, or investigating threats. Specifically, 40% of those surveyed said the CMA has acted as a barrier to them or their colleagues and has prevented them from proactively safeguarding against breaches.

A coalition of businesses, trade bodies, lawyers and cyber security lobby groups also wrote to the prime minister, Boris Johnson, in June 2020 urging his government to reform the CMA for similar reasons. This group included techUK, F-Secure, McAfee and Trend Micro, among other organisations.

The Criminal Law Reform Now Network (CLRNN) has also reported on the shortcomings of the CMA, claiming in January last year that the legislation is putting critical UK infrastructure at risk.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022