A motor industry employee has been sentenced to six months in prison in the first prosecution to be brought by the Information Commissioner’s Office (ICO) under legislation which carries a potential prison sentence.
Mustafa Kasim, who worked for accident repair firm Nationwide Accident Repair Services (NARS), accessed thousands of customer records containing personal data without permission, using his colleagues’ log-in details to access a software system that estimates the cost of vehicle repairs, known as Audatex.
He continued to do this after he started a new job at a different car repair organisation which used the same software system. The records contained customers’ names, phone numbers, vehicle and accident information.
NARS contacted the ICO when they saw an increase in customer complaints about nuisance calls and assisted the ICO with their investigation.
The ICO usually prosecutes cases like this under the Data Protection Act 1998 or 2018, depending on the individual case. However, in appropriate cases, it can prosecute under other legislation – in this case s.1 of the Computer Misuse Act 1990 – to reflect the nature and extent of the offending and for the sentencing Court to have a wider range of penalties available.
Clique aqui e leia a jurisprudência completa.