The Information Commissioner's Office (ICO) has issued a warning concerning the consequences of employees taking personal data with them when changing jobs.
The warning follows the recent Magistrate's Court decision which saw the ICO use its enforcement powers to bring criminal proceedings against a paralegal at a law firm, for unlawfully obtaining personal data. The paralegal had taken a number of documents, including workload lists, file notes and templates with him when he left the firm, intending to use them at his new firm. These documents contained personal data relating to over 100 individuals who were clients of the firm. The Court found against the paralegal; he was issued with a fine and also received a criminal record. In addition to being an issue for employees, this case is significant for employers, which as data controllers, need to have in place appropriate security to prevent the unauthorised processing of personal data. The ICO has the power to impose fines of up to £500,000 on organisations which do not comply with their data protection obligations. In order to protect themselves, employers therefore need to ensure they have adequate measures in place to prevent breaches of security by employees. Such measures would include (i) ensuring that appropriate restrictive covenants and confidentiality clauses are contained in the employees' employment contracts, (ii) putting in place adequate policies and procedures dealing with the use of confidential information and personal data, and (iii) training staff on data protection and confidential matters in the workplace.
Data protection is an increasingly important area in the UK and it is worth noting that the ICO is now seeking more effective deterrent sanctions, including imprisonment.