In the wake of another ridiculously light penalty for data theft, U.K.’s Information Commissioner, Christopher Graham, has repeated his call for stronger penalties.
The comments come as an employee of a car rental company was sentenced for stealing customer information that accident claims companies could use to make nuisance calls.
Sindy Nagra, 42, from Hayes, sold almost 28,000 customers’ records for £5,000. Appearing at Isleworth Crown Court on Friday, she was fined £1,000, ordered to pay a £100 victim surcharge and £864.40 prosecution costs.
Nagra was an administrative assistant at Enterprise Rent-A-Car, and was responsible for processing customer details sent to the car rental company by an insurance company. The details, typically of people who had been involved in road traffic collisions, included details of the policyholder as well as details of their insurance claim.
Graham stated:
“This fine highlights the limited options the courts have. Sindy Nagra got £5,000 in cash in return for stealing thousands of people’s information. She lost her job when she was caught, and has no money to pay a fine, and the courts have to reflect that. But we’d like to see the courts given more options: suspended sentences, community service, and even prison in the most serious cases.
And if you’re wondering what happened to the individual who bought the records from her, well, Iheanyi Ihediwa, 39, from Manchester, appeared before Manchester Magistrates’ Court on 17 December. He also pleaded guilty to section 55 offences, and was fined a total of £1,000, ordered to pay prosecution costs of £864.40 and a victim surcharge. The Court also made a destruction order in respect any data held by the defendant.
Yeah, that should really act as a deterrent to others.
Mr. Graham is correct. UK law needs more teeth when it comes to consequences and penalties.