top of page

Recruitment manager fined for unlawfully disclosing personal data

Following on from another recent case brought by the Information Commissioner’s Office (ICO), a recruitment manager of data controller company, emailed the CVs of 26 job applicants to a third party company without the consent of his employer, the data controller, and without a business need to do so.

The data controller was alerted to suspicious activity when it discovered that some candidates who had already applied for jobs to the data controller company directly were subsequently also submitted as applicants from the third party agency.

The recruitment manager pleaded guilty to an offence under section 55 of the Data Protection Act 1998 and was fined £573 and ordered to pay £364 prosecution costs and a £57 victim surcharge at Birmingham magistrates' court on 21 July 2017. The case highlights the powers of the ICO when employees breach data protection.

bottom of page