- Solicitors For Business
- Solicitors For You
- About Us
- News & Events
ICO prosecutes former NARS employee for illegally accessing data11th December 2018 Media Law
Last month the Information Commissioner’s Office (ICO) announced that it had successfully prosecuted Mustafa Kasim, a former employee of Nationwide Accident Repair Services (NARS) under the Computer Misuse Act.
According to the ICO, Mr Kasim had accessed thousands of customer records containing personal data without permission, even after Mr Kasim had left his job at NARS, using his colleagues’ log-in details to access a software system that estimates the cost of vehicle repairs known as Audatex.
To their credit, NARS contacted the ICO when they saw an increase in customer complaints about nuisance calls and assisted the ICO with their investigation.
Mr Kasim pleaded guilty to a charge of securing unauthorised access to personal data between 13 January 2016 and 19 October 2016, at a hearing in September 2018 and was sentenced at Wood Green Crown Court.
This case highlights a number of important points.
Firstly, this is a warning to employees not to be tempted to retrieve information held on a former employer’s system to generate sales leads. Although this is the first time the ICO has prosecuted an individual in a case of this nature under the Computer Misuse Act, this case is a stark reminder of how wide-ranging the ICO’s powers are and I suspect, it probably won’t be the last time the ICO uses such powers.
The best way to stay safe (and out of prison), is to not access any of your former employer’s database assets following the end of employment.
Secondly, this is perhaps illustrative of the potential benefits of working with the ICO. As far as we know, the ICO has not imposed a sanction on NARS. In any event, other than change passwords, on the face of it, there was little more NARS could have done.
I wrote a blog article recently about the top 10 things to do in the event of a data breach.
If you are concerned about a data breach within your company, or your data has been breached, you can contact the JMW Data Protection Team on 0345 872 6666