A paralegal has been convicted for taking sensitive information relating to over 100 individuals before leaving his firm for a rival. The sensitive personal information was contained within workload lists, file notes and template documents which the paralegal hoped to use in his new job. It was taken without his employer’s permission.
The paralegal was prosecuted under section 55 of the Data Protection Act 1998 (DPA) which says, amongst other things, that a person must not ‘knowingly or recklessly’…’obtain or disclose personal data or the information contained in personal data…’. There are some defences, but none applied in this case.
The paralegal was fined £300 and ordered to pay £438.63 prosecution costs and a £30 victim surcharge by Magistrates in Bradford.
The offences created by section 55 of the DPA are ‘either way’ which means that the more serious offences are likely to be dealt with by the Crown Court where the maximum penalty is an unlimited fine. In the Magistrates’ Court, the maximum penalty is a £5,000 fine.
Employers should have robust data protection policies in place which protect sensitive personal information. If an employee acts in a similar manner to the paralegal in this case, then the employer might decide to take disciplinary or other legal action (in the paralegal’s case there is likely to have been other employment and professional issues as well such as breaching confidentiality) and/or report the matter to the police.
If you have any data protection issues, please contact Sarah Wheadon on 023 8048 2109.