A former employee has been prosecuted and fined for taking the details of his previous employer's client.
Mark Lloyd worked for Acorn Waste Management Limited. When leaving his employment with Acorn, Mr Lloyd sent information relation to 957 of Acorn's clients to his personal email account for use in his new job. The information included the personal data of individual clients such as their contact details and purchasing history. On 26 May in Telford Magistrates' Court, Mr Lloyd pleaded guilty to unlawfully obtaining personal data (which is an offence under section 55 of the Data Protection Act 1998). Mr Lloyd was fined £300, ordered to pay a victim surcharge of £30 and pay costs of £405.98.
Many employment contracts will include a restrictive covenant which will prevent an employee from taking client information to a rival organisation. When the covenant is breached, employer can apply to the court for injunction which would prevent the employee from using the client information in his new employment. However, the cost of applying for an injunction will often be disproportionate to the damage caused by the employee. Mr Lloyds' case serves as a reminder that reporting the incident to the ICO can be a more cost-effective alternative to applying for an injunction.
Mr Lloyd's case serves as a reminder of the wide reaching ambit of data protection law in the UK. If the UK decides to remain part of the EU in the referendum, the impact of data protection legislation will continue to grow once the General Data Protection Regulation comes into force in May 2018. Even if the outcome of the referendum is to leave the EU, the Regulation will still have a significant impact on those organisations based in the UK whose operations extend into Europe.