Legal help for data breach compensation claims

Leicester city council worker fined for stealing sensitive personal data to use for his own business

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

Nilesh Morar worked for Leicester City Council in the Adult Social Care Department where he reportedly stole a wealth of personal sensitive data for personal financial gain.

He reportedly took the information belonging to vulnerable people without the Council’s knowledge or permission.

After he stole the personal data, Morar left his job with the Council to set up his own business, so the motives for stealing the data seem quite apparent.

A wealth of stolen information

Leicester City Council discovered that, before leaving, Morar stole information belonging to 394 service users and emailed them to a private email address over 34 emails so he could reportedly contact them for the purposes of his new business.

The emails included details about:

  • Medical conditions
  • Details of care
  • Financial details
  • Records of debt

The 43-year-old was charged for breaching his duties under section 55 of the Data Protection Act. He pleaded guilty at Nuneaton Magistrates Court and was given a fine of £160 with an additional £364.08 to pay in court costs and a £20 victim surcharge.

Head of enforcement at the Information Commissioner’s Office (ICO), Steve Eckersley, said:

“…employees need to understand the consequences of taking people’s personal information with them when they leave a job role. It’s illegal and when you’re caught, you will be prosecuted… People’s personal data is protected by law and employees should not be helping themselves to information if they decide to set up a new business or move to a new position.”

More awareness required

More needs to be done in raising awareness of data protection laws. In a world where digital information can be shared at the click of a button, all organisations and individuals need to take care not to breach the privacy rights of others. Sometimes it may not be easy to see the adverse impact of abusing data protection rules, but the harm is very real and the consequences that follow can be severe.

Organisations need to implement strong security systems and protocols to train and warn staff about the consequences of data breaches. A spokesperson at Leicester City Council explained that in this case, Morar did receive training in data protection and “the council had the correct policies and procedures in place, so this was a flagrant abuse of his position.”

As he had already resigned, the Council were unable to take disciplinary action against him but did report him to the ICO.

The ICO is rightfully frustrated at workers who disregard their duties and disrespect data protection rules for personal reasons. In illegally accessing and misusing personal data belonging to another, they’re taking away someone’s right to privacy.

In this case, adult social care users do not expect their private information – provided to the council in confidence and trust – to be stolen by a rogue employee and then used as part of a personal business venture.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Editor on October 27, 2017
Posted in the following categories: Latest and tagged with |


London Borough of Islington fined £79,000 for security flaw that may have compromised personal data belonging to 89,000 people
Nottinghamshire County Council fined £70,000 for leaving data belonging to vulnerable people exposed for 5 years
%d bloggers like this: