Digby Brown has worked to protect the public from annoying callers. We therefore welcome the result of a recent investigation which shows that the authorities are poorly judging such misuse of personal data.
Two people were recently convicted of “cold calling” following an investigation by the Information Commissioner’s Office (ICO).
Kim Doyle, a former RAC employee, used her position to create a bank of traffic accident data, including part names, cell phone numbers, and vehicle registration details. She then shared the data with William Shaw, director of the claims management company TMS (Stratosphere), which operates under the name “LIS Claims”.
The actions of Ms. Doyle and Mr. Shaw became known after a fleet management company alerted the RAC that one of their drivers had received nuisance calls about a car accident.
The RAC carried out internal investigations. The use of a data leak scan through the email server led to the discovery of the database created by Ms. Doyle.
The ICO believed there was evidence that this data was then used for nuisance calls.
On Friday January 8th, Manchester Crown Court sentenced Ms. Doyle to eight months’ imprisonment for two years after pleading guilty to conspiracy to secure unauthorized access to computer data and unlawfully obtained personal data for sale.
Mr. Shaw was also sentenced to eight months’ imprisonment, suspended for two years, after pleading guilty to conspiracy to secure unauthorized access to computer data.
Both were also ordered to do 100 hours of unpaid labor and to carry £ 1,000.
Proceeds from the crime confiscation order also made it clear that Doyle must repay £ 25,000 and Shaw must repay £ 15,000 within three months or sit in jail for three months.
The ICO confirmed that it was fully supported by all bodies involved in the investigation.
The ICO generally pursues cases under data protection laws, but this matter has been pushed forward under Section 1 of the Computer Misuse Act of 1990, which specifically relates to unauthorized access to computer material. The 1990 Act also entails a wider range of penalties. This case was the second prosecuted under the 1990 Act, the first involving the actions of an employee of an accident repair company in 2016.
The full results of the Information Commissioner Office’s investigation can be found here – Automotive Industry Employee Convicted of ICO Computer Misuse Act prosecution.
To report a problem to the ICO, call the hotline 0303 123 1113 or go to ico.org.uk/make-a-complaint