UK Authorities have Investigated Nearly 800 Cases of Theft of Personal Data

Working with privacy campaign group Big Brother Watch, the Telegraph analysis discovered that 714 alleged breaches of section 55 of the Data Protection Act (that part of the act that deals with unlawfully obtaining personal data) resulted in charges being laid. While the Crown Prosecution Service could not provide details on how many of these resulted in convictions, the Information Commissioner’s Office “successfully sought convictions for an additional 82 offences” resulting in 14 convictions.

“The cases cover the details of hundreds of thousands of individuals, and include instances where confidential medical information was stolen from official databases,” reports the Telegraph. Other examples include “Darren Hames, a former area manager for T-Mobile, who made thousands of pounds selling details of half a million customers to a former colleague, David Turley;” and “Sarah Matthew, a Metropolitan Police sergeant who was dismissed after being convicted of illegally accessing information in the force’s database.”

In another case, Marc Ben-Ezra made around £25,000 selling the names, addresses and phone numbers of 65,000 customers to a third party. “He received a three-year conditional discharge and was ordered to pay £1,700 to the specialist marketing company from which the information was obtained.”

Nick Pickles, director of Big Brother Watch, says the figures demonstrate that the system is not looking after people’s personal data. “Looking at these paltry penalties it is impossible to say that people’s personal information is being properly protected by the courts.

“Serious, highly sensitive information is being abused by people in positions of trust and they walk away with a punishment equivalent to a slightly expensive parking ticket.”

Christopher Graham, the Information Commissioner, has been pressing for custodial sentences as a matter of course for serious instances of personal data theft. While a company may take its data protection responsibilities seriously, he warns there may be “somebody in the lower levels of the organisation, probably rather badly paid, who sees an opportunity to settle a score, to make a bit of money on the side, or whatever the motivation might be. There’s nothing in the current law that says, 'it’s really serious, you shouldn’t do that. You could go to jail.’”

The real problem for data protection is that however well it is protected, some people will always have legal access to that data. In the end, data protection and personal privacy comes down to the behavior of those people.

What’s hot on Infosecurity Magazine?