Despite many contracts of employment containing restrictions on the use of confidential information it is certainly not unusual to hear of employees attempting to take details of clients from one employer to the next. Mark Lloyd was one such individual, having emailed the details of 957 clients to his personal email address as he was leaving to start a new role with a rival company. The information contained personal data including the contact details of customers, purchase history and commercially sensitive information.
Section 55 of the Data Protection Act 1998 states that a person must not knowingly or recklessly without the consent of the data controller either (a) obtain or disclose personal data or the information contained in personal data, or (b) procure the disclosure to another person of the information contained in personal data. Under section 55(3) a person who does so is guilty of an offence.
Mr Lloyd was charged with an offence under section 55 and on pleading guilty was fined £300, ordered to pay £405.98 costs and a £30 victim surcharge. It may not seem like a particularly significant sum (and it may be that the ex employer had other civil remedies open to them) but it does mean Mr Lloyd has a criminal record, something that could impact significantly upon him going forward. The fact that the Data Protection Act creates a criminal offence is another line of defence for employers and it may well be worth making employees, particularly departing employees, aware of this.