The UK Information Commissioner [ICO] reports that -
The ICO has taken action against three individuals who have been found guilty of illegally obtaining personal information relating to thousands of people across the UK.We might hope that the OAIC, the Information Commissioner's Australian counterpart, will take a similarly enthusiastic stance in protecting privacy after incidents such as release of data about Vodafone customers and Sony customers
The first conviction was against Martin Campbell, a former employee of the Bury-based personal injuries company Direct Assist. Mr Campbell is thought to have obtained personal data relating to around 29 patients who had received medical treatment at Prestwich or Moorgate Primary Care walk in centres, both based in Bury. This information was then used to generate leads for the personal injury claims company he was working for at that time.
At a hearing on 1 June at Bury Magistrates Court Mr Campbell pleaded guilty to the charges brought against him before being ordered to pay a £1,050 fine, £1,160 towards prosecution costs, and a £15 victims' surcharge. [PDF]
In another case, two more convictions were secured against two former employees of UK mobile operator T-Mobile for stealing customer data from the company and selling it on in 2008. The accused, Darren Hames and David Turley, were ordered to pay a total of over £73,700 in confiscation costs as part of a hearing at Chester Crown Court on 10 June. [PDF]
The case is the first time that the ICO has applied for and been granted the use of confiscation orders, a power under the Proceeds of Crime Act.
Commenting on the news, Information Commissioner, Christopher Graham, said:Those who have regular access to thousands of customer details may think that attempts to use it for personal gain will go undetected. But this case shows that there is always an audit trail and my office will do everything in its power to uncover it.