Why employers should be careful about the investigations they undertake when employees are off sick.

The County Court has awarded a former police officer £9,000 in damages for privacy and data protection law breaches after her personal information was improperly accessed by police forces.

The case concerned claims about the obtaining, disclosure and use of personal information about the claimant. While on sick leave she travelled with her daughter to Barbados, without notifying her line manager, in breach of police service procedure.

As part of preparing for disciplinary action, an officer requested information about the claimant from the National Border Targeting Centre (NBTC), which maintains a UK flight passenger information database. A significant amount of personal and travel information was disclosed by both the NBTC and the airline, without the claimant’s consent. Both parties had conceded liability for Data Protection Act 1998 (DPA) and Human Rights Act 1998 (HRA) breaches.