Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
A recruitment manager at HomeServe Limited was prosecuted when it was discovered he’d been sharing personal information belonging to job applicants to a third party employment agency.
According to the Information Commissioners Office (ICO), the 39-year-old recruitment manager “sent copies of 26 CVs containing the personal data of applications seeking employment with HomeServe to an external recruitment firm, without a business need to do so”.
This is a clear breach of data protection laws.
For the purposes of the manager’s job role, he would have access to numerous job applications and CVs from candidates looking to work for his company who provide boiler services, plumbing services and insurance policies. However, the manager only had the authority to process these documents within the firm to uphold data protection principles.
Sharing these documents that contained candidates’ personal data was not within the remit of his job, and in doing so, he violated the Data Protection Act.
His employer discovered the data breaches when some of the candidates who had applied for a job with HomeServe directly were also put forward by the third party agency.
When someone shares their personal data with a company, they expect it to be held securely and used for authorised purposes. These candidates expected the manager to consider their CVs and be put through the company’s application process. They did not expect their information to then be shared with a third party.
The manager was prosecuted and appeared at Birmingham Magistrates Court to answer for his actions. He pleaded guilty to breaching s55 of the Data Protection Act and was fined £573 along with costs of £421.
The incident prompted warnings from the ICO to workers who have access to personal information as part of their jobs to not disclose such information unless they have authority to do so. Employees who work with candidates, clients or have access to client databases need to be careful that they don’t look through or disclose any personal information improperly.
The Data Protection Act states that all personal data is to be held safely and securely and only to be accessed and used in an authorised manner. Despite the rules in place, there are still employees who think they can misuse peoples’ data.
Personal data is privileged information that is often provided in trust and in confidence. Employees who have access to it must respect that and uphold data protection laws.
Head of Enforcement at the ICO, Steve Eckersley, warns that:
“Passing on other people’s personal information that you have access to as part of your job can often be against the law, unless you have their consent or valid grounds for doing so.”
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020