Whose Data Is It?
In a relatively close industry such as merchandise where everyone knows everyone, the issue of data is being thrown into sharp focus by the requirements of GDPR.
We’ve probably all heard stories about former staff leaving a company for new jobs and current clients then placing orders at the company they’ve moved to. It’s not uncommon, and it’s not surprising, so what can companies do about it?
The BPMA has been helping its members get ready for this new regulation in May but employers should know what they can do should they discover an employee has taken its customers or other sensitive data, such as of intellectual property, or details of processes and policies.
Legal proceedings should be considered in such situations, but it is costly and time consuming to tackle such issues once the horse has bolted. Former staff may suspect that legal processes are unlikely to be seriously considered and ‘risk it’ for a quick commercial gain.
However, employees who take personal information from their employer when moving jobs are committing a crime. A Yorkshire paralegal who changed firms
was prosecuted after emailing himself information on more than 100 people before taking up a new job. Not only was he fined for illegally taking information, but he was barred from working in the legal profession.
“Stealing personal information is a crime,” said Stephen Eckersley, ICO head of enforcement, referring to the case. “Employees may think work related documents that they have produced or worked on belong to them and so they are entitled to take them when they leave. But if they include people’s details, then taking them without permission is breaking the law.”
Unlawfully obtaining or accessing personal data is a criminal offence under section 55 of the Data Protection Act 1998 and punishable by a fine of up to £5,000 in a magistrates’ court, or an unlimited fine in a crown court.
Businesses should make this explicit to their employees to ensure that they are in the picture with regards to the law and their responsibilities. It may also be appropriate to strengthen employee contracts with regards to the theft of data.