A staffer at an accident repair biz has had to pay almost £1,000 after he sold customers' personal data to cold-calling firms.
Phillip Bagnall, who worked at Nationwide Accident Repair Services in Greater Manchester, England, was found to have snaffled up at least 2,700 customers' personal details, which were then used to hassle the customers about their accidents.
The firm was alerted to a potential problem when "large numbers" of customers began to complain that, shortly after using the biz's services, they were fielding nuisance calls.
NARS then called in the cyber security consultants in November 2016, and it was discovered that Bagnall had been accessing suspicious amounts of customer data from a laptop at home, outside of work hours.
After monitoring Bagnall's system use over a week, they found he accessed the data of 2,724 customers without the firm's consent.
The UK's data protection watchdog said that these customers then received unsolicited "and at times aggressive" marketing calls about their accidents.
However, he declined to identify who he had sold the data to during an interview with the Information Commissioner's Office.
Bagnall pleaded guilty to unlawfully obtaining data when he appeared at Manchester and Salford Magistrates' Court, and was slapped with a £500 fine. He was ordered to pay £364 costs and a £50 victim surcharge.
ICO criminal enforcement manager Mike Shaw said it was a warning to people who thought that selling personal info was the way to a quick buck.
"The consequences can be severe," he said. "Not only can it lead to a day in court and the attendant media coverage, but it can cost a person their job and can damage their future career prospects." ®