+44 207 488 9947
Legal Updates
Data Protection – Unlawful Access and Disclosure – Personal Information
In the case of R v Rooney (CA) [2006], an employee was convicted of unlawfully obtaining and disclosing personal data.
The defendant worked in the human resources department of a police constabulary, where she had access to the personal data of other employees. The defendant’s sister had a relationship with a police officer, A. This relationship ended in 2003. A then began a relationship with T, who was another employee of the police force. Eventually A and T moved into an address in Tunstall together. The details of this new address were updated on the employee database.
The defendant accessed the information held about A and T a number of times, and proceeded to tell her sister that the pair had moved to Tunstall, however, she did not specify the exact address.
The prosecution argued that the defendant had abused her position and breached the Data Protection Act 1998 (“DPA”) by accessing personal information that was unrelated to work and then passing that information along without consent. The particulars of the indictment stated that she had knowingly or recklessly and without consent of the data controller, disclosed personal data in contravention of s.55 (1) DPA.
The defendant submitted that she could rely on the defence within s.55 (2) DPA because she was acting in pursuance of her duty to check that the information was up-to-date.
She was convicted on two counts of unlawfully obtaining of personal data and one count of unlawfully disclosing personal data. With regards to the latter conviction, she appealed on the ground that by merely mentioning to her sister that the pair now lived in Tunstall, she had not disclosed the full address and subsequently the charge of unlawfully disclosing personal data was not be made out.
The court rejected the appeal and held that:
â–ª the charge was for the disclosure of ‘personal data’ or the disclosure of ‘information found in personal data’; and
â–ª the reference to Tunstall amounted to ‘information found in personal data’, meaning it did not matter that the specific address had not been disclosed.
The defendant’s convictions were upheld.
Comment: Please contact us for more information on data protection at [email protected]. Visit http://www.rtcoopers.com/practice_dataprotection.php
© RT COOPERS, 2006. This Briefing Note does not provide a comprehensive or complete statement of the law relating to the issues discussed nor does it constitute legal advice. It is intended only to highlight general issues. Specialist legal advice should always be sought in relation to particular circumstances.
- Case Study : Biomedical Science
14-03-2024 - Case study : MSc Nursing Student
22-02-2024 - Case Study : Accused of Plagiarism
09-11-2023 - Testimonial : MBBS Resit Failure
05-11-2023 - Case Study : MBBS Professionalism
01-11-2023 - Pre-packed Food Labelling Deadline
26-10-2023 - Case Study : MBBS withdrawal
14-10-2023 - Case Study : MPharm appeals
18-09-2023 - Case Study : Academic Malpractice
07-09-2023 - Case Study : PGCert to MSc
16-08-2023 - Case Study - Academic Misconduct
25-07-2023 - Testimonial : GPST3 VTS trainee
18-05-2023 - Testimonial: End of Registration
14-03-2023 - Case Study: ST8 Trainee
26-02-2023 - Testimonial Appeal Upheld
09-02-2023
