Following an investigation by the Information Commissioner's Office (ICO), a motor insurance worker who unlawfully accessed personal data on his employer's systems has received a suspended prison sentence.
The worker led a team dealing with accident insurance claims. After concerns were raised by insurers his employer worked with, an internal investigation revealed that he had featured in a number of claims that had not been referred to his team and that there was no legitimate reason for him to access. His employer reviewed its systems and discovered that he had accessed more than 32,000 policies at times when he was not working.
The employer reported to the ICO that it suspected an employee was unlawfully accessing its systems. The ICO investigation found that the worker had sent personal data he had accessed to another person.
The worker pleaded guilty to an offence under the Computer Misuse Act 1990, relating to the unlawful accessing of personal data held on computers. He was sentenced to six months' imprisonment, suspended for two years, and ordered to complete 150 hours of unpaid work.