Former motor industry worker ordered to pay £25,500 from proceeds of data theft.

If you thought the UK data regulator was only interested in big business, think again.

A former employee of Nationwide Accident Repair Services (NARS) – an accident repair firm – has been ordered to pay £25,500 from the proceeds of data theft. In November 2018, the worker was sentenced to six months’ imprisonment for using his colleagues’ login details to access customer data on vehicle repairs, despite moving to a new job at a different company.

At a court hearing, the judge said he benefited financially from the data theft and ordered him to hand over the proceeds.

Read more here.

Key takeaways:

1. Check that there are adequate procedures in your firm to immediately remove leavers’ login and access rights, securing any personal data assets.

2. Make sure company procedures are implemented right away when people leave your company or change jobs.

3. Review access frequently and keep it to a minimum, based on the ‘need to know.’

4. Remind colleagues to never share logins with other people – they will be held accountable for what happens on their account.

5. Ensure adequate monitoring and oversight – so unauthorised access is quickly detected (remember that 72-hour deadline to report serious breaches!)

6. If you detect unauthorised access on your system, investigate it fully

7. Only access personal information if there is a legitimate ‘need to know.’

8. Act responsibly – report any concerns you have