Brokers and insurers holding large amounts of data on customers are in danger of falling foul of new data protection requirements, according to law firm Laytons.
Laytons claimed that companies are failing to comply with the new regulations. Karen Kindlon of Laytons said that directors who ignore the legislation could find themselves facing criminal proceedings, and at the end of those proceedings, a large fine.
"How a company handles personal information about its clients could result in its directors and managers being held personally liable for any breach of the legislation, and facing an unlimited fine in the criminal courts."
Kindlon continues: "In certain circumstances simply not intending to commit the offence or not knowing that it was an offence is no defence, the data controller (i.e. your organisation) will be strictly liable, regardless of
their intention."
In a recent case, the directors of Academy Credit Services Limited were found guilty for their company's attempts to procure information illegally.
The company was a tracing agency that unlawfully obtained information from the Inland Revenue, and offered it for sale to their clients, both actions being illegal under the Data Protection Act 1998.
"Any company wanting to avoid a breach should consider designating an officer who will be responsible for all data protection compliance.
However, this should not be seen as a substitute for training all employees who are responsible for processing personal data. Companies that invest in a reliable system for compliance will avoid the more costly outcome of
prosecution in the long term," concludes Kindlon.
In the Academy Credit Services case, both the company and its two directors were successfully prosecuted. The directors were conditionally discharged for two years and ordered to pay costs of £1,000 each.
In an earlier case, a Natwest employee who passed on customer information to his father was convicted and fined £6,000.