January/February Issue 54 - Flipbook - Page 8
NEWS
RAC EMPLOYEE SENTENCED AFTER SHARING
PERSONAL DATA
Woman compiled lists of accident
data before unlawfully transferring it
to claims management firm
for two years after pleading guilty to
conspiracy to secure unauthorised
access to computer data.
An RAC employee has been sentenced
to eight months’ imprisonment,
suspended for two years after
transferring personal data to an accident
claims management firm without
authorisation.
The offence came to light when Arval,
a fleet management company, alerted
RAC to nuisance calls to one of its
drivers about an accident he had been
involved in.
Kim Doyle, 33, pleaded guilty to charges
of conspiracy to secure unauthorised
access to computer data, and to selling
unlawfully obtained personal data, at a
hearing in January 2020.
Arval suspected there may have been a
data leak from RAC, which had carried
out recovery of their driver’s vehicle.
She was sentenced at Manchester
Crown Court on 8 January 2021.
This prompted the RAC to perform
a data leakage scan of its Outlook
mailboxes, where it found details which
led it to discover Doyle had been
compiling unauthorised lists of data.
The court heard that Doyle compiled lists
of road traffic accident data including
partial names, mobile phone numbers
and registration numbers despite having
no permission from her employers.
Mike Shaw, who heads up the Criminal
Investigations Team at the ICO said:
“Those who believe that this is a
victimless crime without consequences,
need to think again.
An Information Commissioner’s Office
(ICO) investigation found Doyle, to have
unlawfully transferred the data she
obtained to William Shaw, a director of
an accident claims management firm,
TMS (Stratosphere), trading as LIS
Claims.
“These criminal acts have a detrimental
impact on the public and businesses.
Shaw, 32, was also sentenced to eight
months’ imprisonment, suspended
08
“People’s data is being accessed without
consent and businesses are putting
resources into tracking down criminals.
“Once the data is in the hands of claims
management companies, people are
subjected to unwanted calls which can
in turn lead to fraudulent personal injury
claims.
“Offenders must know that we will use
all the tools at our disposal to protect
people’s information and prevent it from
being used to make nuisance calls.
“This case shows that we can, and will
take action, and that could lead to a
prison sentence for those responsible.
“Where appropriate we will work with
partner agencies to make full use of the
Proceeds of Crime Act to ensure that
criminals do not benefit financially from
their criminal behaviour.”
Doyle and Shaw were also each ordered
to carry out 100 hours unpaid work and
contribute £1,000 costs.
A Confiscation Order, under the
Proceeds of Crimes Act, to recover
benefit obtained as a result of the
offending has been given by the Court
in which Doyle must pay a benefit figure
of £25,000 and Shaw must pay a benefit
figure of £15,000.
Both Doyle and Shaw will face three
months’ imprisonment if the benefit
figures are not paid within three months.