Birmingham Court fines pair over data breaches

The ICO will also take action against pair for "abuse of positions of trust"

Emails on laptop

The Information Commissioner's Office (ICO) has warned that employees could face criminal charges if they access or share personal data without a valid reason.

The warning came after a Birmingham Magistrates' Court fined two workers in separate cases for breaching data protection laws in 2017. Both individuals pleaded guilty to violations under the same sections of the Data Protection Act 1998.

Faye Caughey, who worked at the Heart of England NHS Foundation Trust (HEFT), pleaded guilty to breaching two sections of the Data Protection Act 1998 at a Birmingham Magistrates' Court on 15 March 2019. As part of her role, Caughey was authorised to access records of adults on two separate systems: the HEFT's iCare and CareFirst from Solihull Metropolitan Borough Council.

But an internal investigation found that between February and August 2017 Caughey viewed personal data of seven family members on iCare and seven children known to her on CareFirst. The ICO said that there was no business need for her to do this and, as such, she was in violation of the law. 

Advertisement - Article continues below
Advertisement - Article continues below

Caughey was hit with a 1,000 fine and a 50 victim surcharge, and ordered to pay 590 towards prosecution costs.

In a separate case, from the same day in the same court, Jayana Morgan-Davis was fined 200, with similar surcharges and prosecution costs, after admitting three offences of obtaining personal data - violating the same two sections of the Data Protection Act 1998 as Caughey.

Morgan-Davis, who worked for V12 Sports and Classics in Birmingham, forwarded several work emails containing the personal data of customers and other employees to her own personal email account in August 2017 a few weeks before resigning from her role.

Although the pair have been fined by the courts, they could still face criminal charges for their actions and the ICO has also confirmed it is taking action against them.

"People expect that their personal information will be treated with respect and privacy. Unfortunately, there are those who abuse their position of trust and the ICO will take action against them for breaking data protection laws," said Mike Shaw, who headed up the criminal investigation team at the ICO.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Arcserve UDP 9240DR review: Beef up your backups

4 Apr 2019

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020

Windows 10 and the tools for agile working

20 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020