If you need HELP, SUPPORT or just have a GDPR question please call +44 (0) 208 133 2545 or email us at firstname.lastname@example.org.
Alternatively please visit our contact page
FREE GDPR Helpline
Call +44 (0) 208 133 2545
By Mike Shaw, Enforcement Group Manager.
Just because you can, doesn’t mean you should.
Most people are familiar with this phrase, but what is its relevance in the world of data protection?
Put simply, just because your job may give you access to other people’s personal information, that doesn’t mean you have the legal right to look at it, let alone share it. In fact, doing so without a valid reason or the knowledge of your employer is a criminal offence and could lead to prosecution by the Information Commissioner’s Office and a day in court.
The consequences don’t stop there. If found guilty, you’ll face a fine and possibly have to pay prosecution costs. The court case will likely be covered by local media and the details played out over the internet. Not only could you lose your job, but your future employment prospects could be irreparably damaged too.
Careers and reputations can be destroyed over nothing more than simple nosiness or personal curiosity.
So far this year, we have secured eight convictions against NHS employees who were caught prying into the medical records of patients, friends, colleagues or other people they knew without a valid or legal reason.
Such behaviour can be extremely distressing for the victim. Not only is it an invasion of their legally ensured fundamental right to privacy, it potentially jeopardises the important relationship of trust between patients and the NHS and can be damaging to the reputation of the health service as a whole.
Yet the NHS still finds employees ignoring all their training and breaking the law, in this case s55 of the Data Protection Act 1998.
The law exists for a reason. People have rights over how their data is processed, especially sensitive data like health records. It is only right that people’s privacy is protected and, when it is not, the ICO will take action against those responsible.
Of course, this issue is not unique to the NHS. In 2017, we have also prosecuted cases involving employees in local government, charities and the private sector, the latter cases often involving an element of financial gain.
At the moment, s55 offences can only be punished with a fine – the eight convictions this year attracted fines and costs totalling more than £8,000 – but in the future, we would like to see custodial sentences introduced as a sentencing option for the courts in the most serious cases.
A related press release has been published today.
This post was originally published by ICO.org