Birmingham Court fines pair over data breaches

The ICO will also take action against pair for "abuse of positions of trust"

Emails on laptop

The Information Commissioner's Office (ICO) has warned that employees could face criminal charges if they access or share personal data without a valid reason.

The warning came after a Birmingham Magistrates' Court fined two workers in separate cases for breaching data protection laws in 2017. Both individuals pleaded guilty to violations under the same sections of the Data Protection Act 1998.

Faye Caughey, who worked at the Heart of England NHS Foundation Trust (HEFT), pleaded guilty to breaching two sections of the Data Protection Act 1998 at a Birmingham Magistrates' Court on 15 March 2019. As part of her role, Caughey was authorised to access records of adults on two separate systems: the HEFT's iCare and CareFirst from Solihull Metropolitan Borough Council.

Advertisement - Article continues below

But an internal investigation found that between February and August 2017 Caughey viewed personal data of seven family members on iCare and seven children known to her on CareFirst. The ICO said that there was no business need for her to do this and, as such, she was in violation of the law. 

Caughey was hit with a 1,000 fine and a 50 victim surcharge, and ordered to pay 590 towards prosecution costs.

In a separate case, from the same day in the same court, Jayana Morgan-Davis was fined 200, with similar surcharges and prosecution costs, after admitting three offences of obtaining personal data - violating the same two sections of the Data Protection Act 1998 as Caughey.

Advertisement - Article continues below

Morgan-Davis, who worked for V12 Sports and Classics in Birmingham, forwarded several work emails containing the personal data of customers and other employees to her own personal email account in August 2017 a few weeks before resigning from her role.

Advertisement - Article continues below

Although the pair have been fined by the courts, they could still face criminal charges for their actions and the ICO has also confirmed it is taking action against them.

"People expect that their personal information will be treated with respect and privacy. Unfortunately, there are those who abuse their position of trust and the ICO will take action against them for breaking data protection laws," said Mike Shaw, who headed up the criminal investigation team at the ICO.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020

How to find RAM speed, size and type

24 Jun 2020

The best server solution for your SMB

26 Jun 2020