A recruitment manager at HomeServe Limited was prosecuted when it was discovered he’d been sharing personal information belonging to job applicants to a third party employment agency.
According to the Information Commissioners Office (ICO), the 39-year-old recruitment manager “sent copies of 26 CVs containing the personal data of applications seeking employment with HomeServe to an external recruitment firm, without a business need to do so”.
This is a clear breach of data protection laws.
For the purposes of the manager’s job role, he would have access to numerous job applications and CVs from candidates looking to work for his company who provide boiler services, plumbing services and insurance policies. However, the manager only had the authority to process these documents within the firm to uphold data protection principles.
Sharing these documents that contained candidates’ personal data was not within the remit of his job, and in doing so, he violated the Data Protection Act.
His employer discovered the data breaches when some of the candidates who had applied for a job with HomeServe directly were also put forward by the third party agency.
No right to share the information
When someone shares their personal data with a company, they expect it to be held securely and used for authorised purposes. These candidates expected the manager to consider their CVs and be put through the company’s application process. They did not expect their information to then be shared with a third party.
The manager was prosecuted and appeared at Birmingham Magistrates Court to answer for his actions. He pleaded guilty to breaching s55 of the Data Protection Act and was fined £573 along with costs of £421.
Warnings to workers
The incident prompted warnings from the ICO to workers who have access to personal information as part of their jobs to not disclose such information unless they have authority to do so. Employees who work with candidates, clients or have access to client databases need to be careful that they don’t look through or disclose any personal information improperly.
The Data Protection Act states that all personal data is to be held safely and securely and only to be accessed and used in an authorised manner. Despite the rules in place, there are still employees who think they can misuse peoples’ data.
Personal data is privileged information that is often provided in trust and in confidence. Employees who have access to it must respect that and uphold data protection laws.
Head of Enforcement at the ICO, Steve Eckersley, warns that:
“Passing on other people’s personal information that you have access to as part of your job can often be against the law, unless you have their consent or valid grounds for doing so.”
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.