When an employee left her recruitment agency employer, she took the dubious step of emailing to her private email address the personal data of about 100 of her clients and contacts. She subsequently used the data to contact them in connection with her new employment.
The Information Commissioner’s Office prosecuted her for breach of data protection law and fined her £200, which, with costs and a victim surcharge, became nearly £450 in total.
The case brings home that many employees are unaware of the impact of the Data Protection Act 1998 in circumstances such as this, and it is recommended that employers make them aware and ensure that their terms and conditions of employment state unequivocally that any personal data acquired during the course of the employee’s work for the employer is kept safe and confidential in accordance with the Act.
One side issue relates to those who ‘blog’ and operate social media accounts for their employer. Here, there is also an issue if the employee leaves over who owns the social media account information and any resulting goodwill.