Birmingham Court fines pair over data breaches

The ICO will also take action against pair for "abuse of positions of trust"

Emails on laptop

The Information Commissioner's Office (ICO) has warned that employees could face criminal charges if they access or share personal data without a valid reason.

The warning came after a Birmingham Magistrates' Court fined two workers in separate cases for breaching data protection laws in 2017. Both individuals pleaded guilty to violations under the same sections of the Data Protection Act 1998.

Faye Caughey, who worked at the Heart of England NHS Foundation Trust (HEFT), pleaded guilty to breaching two sections of the Data Protection Act 1998 at a Birmingham Magistrates' Court on 15 March 2019. As part of her role, Caughey was authorised to access records of adults on two separate systems: the HEFT's iCare and CareFirst from Solihull Metropolitan Borough Council.

But an internal investigation found that between February and August 2017 Caughey viewed personal data of seven family members on iCare and seven children known to her on CareFirst. The ICO said that there was no business need for her to do this and, as such, she was in violation of the law. 

Caughey was hit with a 1,000 fine and a 50 victim surcharge, and ordered to pay 590 towards prosecution costs.

In a separate case, from the same day in the same court, Jayana Morgan-Davis was fined 200, with similar surcharges and prosecution costs, after admitting three offences of obtaining personal data - violating the same two sections of the Data Protection Act 1998 as Caughey.

Morgan-Davis, who worked for V12 Sports and Classics in Birmingham, forwarded several work emails containing the personal data of customers and other employees to her own personal email account in August 2017 a few weeks before resigning from her role.

Although the pair have been fined by the courts, they could still face criminal charges for their actions and the ICO has also confirmed it is taking action against them.

"People expect that their personal information will be treated with respect and privacy. Unfortunately, there are those who abuse their position of trust and the ICO will take action against them for breaking data protection laws," said Mike Shaw, who headed up the criminal investigation team at the ICO.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021