Two people sentenced for 12 months after leaking confidential information

Two people sentenced for 12 months after leaking confidential information

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

If you thought breaching confidential information would earn you a slap on the wrist and nothing more, you thought wrong.

Recently, two people from a claims management company and an insurance company were jailed for 12 months following a serious data breach. Data is a sensitive and valuable commodity, and the punishments for failing to protect information should be strict.

Nature of the data breach

Aisha Elliot, an employee of a claims management company, bribed Stephen Karl Oates, a former employee of LV=, for the confidential details of motor accident victims. Both employees received 12 months in prison for offering the bribe and receiving the bribe of £17,000 accordingly.

Oates worked in the insurer’s third party team as a consultant. A full review of the third party team was done and it was then discovered that Oates had been selling their customers’ confidential information to make personal gains. Each time he sold data to Ms Elliot leading to a successful claim, he would earn £150.

Mr Oates spilled all the details to the IFED, saying that he would write personal information on pieces of paper and pass on the data to Ms Elliot. The agreement came to a peak where Mr Oates supplied Ms Elliot with at least seven customers’ private information. During this time he received more than £1,000.

Not only did both individuals commit a bribery offence, they also breached data protection rules. Mr Oates unlawfully processed data by accepting the bribe from Ms Elliot. This infringes provisions in the Data Protection Act (DPA).


The investigation into the bribe took place in 2015 when LV= suspected that one of its computer systems had been accessed with information sold by an LV= employee. The City of London Police’s Insurance Fraud Enforcement Department (IFED) was contacted to investigate Ms Elliot and Mr Oates.

This was the first time that the IFED charged individuals for offences under the Bribery Act. The IFED’s Detective Chief Inspector, Oliver Little,  said:

“…fraud within the insurance industry is taken extremely seriously – whether it’s members of the public looking to submit false claims for a profit, or indeed members of staff that think it is acceptable to sell on customer data.”

Ammunition for future cases

This case has given ammunition for the IFED, in cooperation with insurers, to investigate and target employees who do this. This can also help to ensure that customers’ confidential information is secured and processed in accordance with the DPA.

Severe consequences?

Martin Milliner, LV= Claims Director, reiterated the severity of penalties, saying:

“…this reinforces the message that bribery and fraud are serious crimes which perpetrators can expect to be punished for, whether they receive a criminal record or worse, a stint in prison.”

The current punishment for selling personal and/or confidential information is arguably quite trivial, with a slap on the wrist and a fine from the Information Commissioner’s Office (ICO, data privacy watchdog) if they’re prosecuted under the DPA. What makes this case unique is the fact that both individuals were guilty of bribery offences, and this is what earned them prison sentences.

Are more stringent penalties needed?

There is growing support for tougher penalties by the ICO, which include the possibility of a custodial sentence for those who infringe on data protection laws. As the City of London Police Detective Constable, Kate Sibley, quite rightly puts it:

“…illegitimately selling or buying an insurer’s confidential customer information is a criminal offence!”

In agreement with Detective Constable Sibley’s line of thought, a breach of information privacy should hold the same punishment as white-collar crime punishments.

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.Information on how we handle your data is available in our Privacy Policy.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon