Robert Morrisey was prosecuted by Preston Crown Court for sending confidential information about 183 people to his personal computer.
At the time of the breach, Morrisey was working as a mentoring co-ordinator for Rochdale connections Trust charity.
In copying the sensitive information without permission or the knowledge of his employer, Morrisey lost his job. He also lost his position as a Magistrate and was ordered to pay over £1,800.00.
The charity was set up to help young and vulnerable people with education, training and employment using the help of voluntary mentors. Morrisey’s responsibilities included recruiting, training and supporting the voluntary mentors for the scheme.
About the breaches
On 22nd February 2017, Morrisey reportedly sent spreadsheets containing confidential information across 11 emails from his work email to his personal account. The spreadsheets were highly sensitive and included:
- Full names
- Dates of Birth
- Telephone numbers
- Medical information
The information belonged to 183 people – three of whom were children – and none of the subjects were reportedly aware their information had been copied. Within a day of the breach being discovered, Morrisey was dismissed by the charity and they immediately started investigating the incident.
The charity discovered that Morrisey did the same thing back on 14th June 2016.
The former charity employee admitted the data breach allegations that he sent confidential information – including medical records of vulnerable people – to himself. He pleaded guilty to two breaches of illegally obtaining personal data under the Data Protection Act.
Preston Crown Court heard Morrisey explain his apparently non-malicious intentions for sending the sensitive information to himself:
“There is nothing sinister about it. I was not getting the data for anything untoward. I was retiring and I wanted to know what my hours were on certain jobs.”
Morrisey also held a position as a magistrate for Greater Manchester, but has since resigned. He was given a conditional discharge for two years and had to pay £1,860.25.
ICO warnings (again)
Steve Eckersley, head of enforcement at the Information Commissioner’s Office, spoke about the case:
“People have a right to expect that when they share their personal information with an organisation it will be handled properly, and legally, that is especially so when it is sensitive personal data. People whose jobs give them access to this type of information need to realise that just because they can access it, that doesn’t mean they should. They need to have a valid legal reason for doing so. Copying sensitive personal information without the necessary permission isn’t a valid reason.”
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.