The ICO is warning employees can face a criminal prosecution if they access or share personal data without a valid reason.
The warning comes after Birmingham Magistrates’ Court fined two workers in separate cases for breaching data protection laws.
According to the ICO report, Faye Caughey worked as an administrator at Heart of England NHS Foundation Trust (now University Hospitals Birmingham NHS Foundation Trust) when she unlawfully accessed the personal records of 14 individuals between February 2017 and August 2017. While she was authorised to access records of adults from two systems: HEFT’s iCare and CareFirst from Solihull Borough Council, an internal investigation found she viewed the personal data of seven family members on iCare and seven children known to her on CareFirst. Caughey had no business case to look at those records and as a result, breached data protection law.
The penalty? A fine of £1,000, with a £50 victim surcharge, and a contribution of £590 towards prosecution costs.
Mike Shaw, who leads the ICO’s criminal investigation team, says the ICO will take action against those who abuse their position of trust and break data protection laws.
So, we have another reminder from the ICO of the sanction for privacy invasion – you have been warned!