October 11, 2024 at 07:54AM
Two former RAC employees received suspended sentences for illegally copying and selling personal data from accident victims. Debbie Okparavero and Maliha Islam accessed about 29,500 lines of information, allegedly for profit, resulting in guilty pleas under data protection laws. The ICO commended RAC for reporting the breach promptly.
### Meeting Takeaways:
1. **Incident Overview**:
– Two former RAC employees, Debbie Okparavero and Maliha Islam, were convicted for illegally copying and selling personal data of individuals involved in accidents.
2. **Nature of the Crime**:
– The employees accessed and shared approximately 29,500 lines of personal information without a legitimate business need, violating the Computer Misuse Act 1990 and Data Protection Act 2018.
3. **Legal Consequences**:
– Both individuals received six-month prison sentences, suspended for 18 months, and are required to complete 150 hours of community service.
– A Proceeds of Crime hearing is scheduled for March 5, 2025, to consider prosecution costs.
4. **Internal Actions**:
– The unlawful conduct was detected by RAC’s security monitoring software, which prompted reporting to the Information Commissioner’s Office (ICO).
– The ICO commended RAC for their proactive measures in reporting the breach.
5. **Past Incidents**:
– Previous similar incidents involving RAC employees highlight ongoing issues with data misuse. An ex-employee was convicted in 2021 for related offenses, and the ICO has reported other copycat incidents.
6. **ICO’s Stance**:
– The ICO emphasizes the importance of protecting personal data and addressing unlawful conduct in the sector.
7. **Current Status**:
– RAC has not yet responded to inquiries following this incident.
Overall, the meeting highlighted significant compliance issues within RAC and the actions taken by regulatory authorities to mitigate data protection violations.