Categories: RegulationSecurity

ICO Wants Stronger Sentencing After Offender Fined Just £1,000 For Selling 28,000 Records

The Information Commissioner has repeated a call for stronger and flexible sentencing powers for those convicted of data-protection offences, after a fine of just £1,000 was issued to a woman found to have sold the personal records of nearly 28,000 car rental customers.

Sindy Nagra, 42, from the western London suburb of Hayes, pleaded guilty at Isleworth Crown Court on Friday to selling nearly 28,000 customer records for £5,000. She was fined £1,000 and ordered to pay a £100 victim surcharge and £864.40 prosecution costs.

Insurance records

Nagra worked as an administrative assistant at Enterprise Rent-A-Car, where she processed customer details received from an insurance company, typically of people involved in road traffic collisions.

Her employer contacted the ICO after noticing that Nagra was looking at many more records than was necessary for her job, and an investigation found that Nagra, who worked from home, was taking screen captures of the records.

She sold them to Iheanyi Ihediwa, 39, of Manchester, who she claimed she was introduced to in a pub. Ihediwa was also fined £1,000 and was ordered to pay prosecution costs of £864.40 and a victim surcharge. The records involved were intercepted and destroyed before they could be used to make nuisance calls, according to the ICO.

In this case, the court said it was obliged to take into account the fact that Nagra had lost her job and had no money with which to pay a larger fine, but the ICO has argued authorities should be given more sentencing options, such as suspended sentences, community service or prison.

Insufficient deterrent

Courts can issue unlimited fines for Data Protection Act offences such as Nagra’s, but not custodial sentences.

“The fines that courts are issuing at the moment just don’t do enough to discourage would-be data thieves,” information commissioner Christopher Graham stated. “This fine highlights the limited options the courts have. With so much concern about the security of data, it is more important than ever that the courts have at their disposal more effective deterrent penalties than just fines.”

This is not the first case in which an Enterprise employee has been prosecuted for data protection offences. In July 2014 a former Enterprise branch manager was fined £500 and ordered to pay a £50 victim surcharge and £264.08 in prosecution costs for stealing the records of nearly 2,000 customers and selling them to a claims management company.

The ICO has handed out substantial fines to everything from government ministries to police organisations to private companies.

UPDATE 13/01/2016: This article has been amended to reflect the fact that Isleworth Crown Court, not the ICO handed out the fine

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

20 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

21 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

21 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

23 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago