Prison Sentences Demanded For Unauthorised Data Usage
The Information Commissioner’s Office (ICO) has said that it backs the idea that anyone accessing personal data without a valid reason or without their employer’s knowledge is guilty of a criminal offence, should be prosecuted, and prison sentences should be an option.
Recent Case
A recent case involving a nursing auxiliary at Newport’s Royal Gwent Hospital has re-ignited the ICO’s calls to get tough on personal data snoops. In the case of 61-year-old Marian Waddell of Newport, she was found to have accessed the records of a patient who was known to her, on six different occasions between July 2015 and February 2016, without having a valid business reason to do so and without the knowledge of the data controller (at the Aneurin Bevan University Health Board). The data controller is the person who (alone or jointly or in common with other persons) who determines the purposes for which and the manner in which any personal data is to be processed.