From the Information Commissioner’s Office:
Mr Karun Tandon has been prosecuted at Manchester Magistrates’ Court for offences of unlawfully obtaining and selling personal data. The defendant, who worked at Lex Autolease Limited emailed personal data of 551 Lex Autolease customers, relating to road traffic accidents, from his former employer’s computer system to his personal email address, which he then sold on to a third party as personal injury leads. Mr Tandon pleaded guilty to two offences under section 55 of the Data Protection Act 1998, and was fined £500, ordered to pay prosecution costs £364 and a £25 victim surcharge.
So how does this work? If he made more than £1000 (and we aren’t told in the release how much he made), then he’s still made a profit? How are these relatively small fines any deterrent? Or is there now some criminal record that follows him for life? Anyone in the U.K. care to explain or comment?