Jennifer Addo was sentenced at Croydon Magistrates Court and prosecuted under section 55 of the Data Protection Act (DPA). The court ordered her to pay a fine of £2,990 for 23 offences, £250 prosecution costs and a £120 victim surcharge.
The case came to light when a customer of the bank was concerned someone had accessed his information to gather details on his children, which was then passed to his partner at the time.
The customer informed the bank of his concerns and it then investigated the incident. Barclays found that Addo had illegally accessed the customer’s details on 22 occasions between 10 May 2011 and 8 August 2011. Her employment with Barclays ended soon after the complaint was raised.
The case again highlights the lack of real enforcement powers that exist with section 55 offences under the DPA, a point repeatedly made by the Information Commissioner’s Office (ICO).
ICO head of enforcement, Stephen Eckersley, reiterated this after the ruling. "This case proves, yet again, why we need a more appropriate penalty for the crime of personal data theft,” he said.
“With the law as it stands, this prosecution isn’t even recorded on the police national computer, which means that an offender could apply for a job in a high street bank tomorrow and the potential employer wouldn’t be informed about the offence. The current 'fine only' regime is clearly not deterring people from breaking the law.”
Eckersley also noted how hard it is for firms such as Barclays to fully ensure data is protected when its is abused by staff in this manner.
“The banking industry has rigorous procedures and safeguards in place to make sure customers’ details are kept secure. However banks rely on the honesty and professionalism of their staff to ensure that the privileged access given to their records is not abused for personal gain."
The ICO has been pushing for stronger sentencing for some time, with the Ministry of Justice said to be looking into the situation.
No comments:
Post a Comment