Birmingham Court fines pair over data breaches

The ICO will also take action against pair for "abuse of positions of trust"

Emails on laptop

The Information Commissioner's Office (ICO) has warned that employees could face criminal charges if they access or share personal data without a valid reason.

The warning came after a Birmingham Magistrates' Court fined two workers in separate cases for breaching data protection laws in 2017. Both individuals pleaded guilty to violations under the same sections of the Data Protection Act 1998.

Faye Caughey, who worked at the Heart of England NHS Foundation Trust (HEFT), pleaded guilty to breaching two sections of the Data Protection Act 1998 at a Birmingham Magistrates' Court on 15 March 2019. As part of her role, Caughey was authorised to access records of adults on two separate systems: the HEFT's iCare and CareFirst from Solihull Metropolitan Borough Council.

But an internal investigation found that between February and August 2017 Caughey viewed personal data of seven family members on iCare and seven children known to her on CareFirst. The ICO said that there was no business need for her to do this and, as such, she was in violation of the law. 

Caughey was hit with a 1,000 fine and a 50 victim surcharge, and ordered to pay 590 towards prosecution costs.

In a separate case, from the same day in the same court, Jayana Morgan-Davis was fined 200, with similar surcharges and prosecution costs, after admitting three offences of obtaining personal data - violating the same two sections of the Data Protection Act 1998 as Caughey.

Morgan-Davis, who worked for V12 Sports and Classics in Birmingham, forwarded several work emails containing the personal data of customers and other employees to her own personal email account in August 2017 a few weeks before resigning from her role.

Although the pair have been fined by the courts, they could still face criminal charges for their actions and the ICO has also confirmed it is taking action against them.

"People expect that their personal information will be treated with respect and privacy. Unfortunately, there are those who abuse their position of trust and the ICO will take action against them for breaking data protection laws," said Mike Shaw, who headed up the criminal investigation team at the ICO.

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021