Legal Update - Unlawfully obtaining personal data

Data Protection – Unlawfully Obtaining Personal Data – Monetary Penalty – Breach of Data Protection – Section 55 Data Protection Act 


The Information Commissioner’s Office (“ICO”) recently prosecuted a former manager at the car rental company, Enterprise Rent-A-Car, for unlawfully stealing records of customers and selling them to a claims management company.


After detecting an irregularity in its security systems, Enterprise Rent-A-Car alerted the ICO who raided a claims management company and recovered over 500 records relating to car hires that had been arranged by Enterprise Rent-A-Car on behalf of insurance companies whose customers had been involved in accidents.


The ICO prosecuted the manager under section 55 of the Data Protection Act.


55Unlawful obtaining etc. of personal data.

(1)A person must not knowingly or recklessly, without the consent of the data controller—

(a)obtain or disclose personal data or the information contained in personal data, or

(b)procure the disclosure to another person of the information contained in personal data.

(2)Subsection (1) does not apply to a person who shows—

(a)that the obtaining, disclosing or procuring—

(i)was necessary for the purpose of preventing or detecting crime, or

(ii)was required or authorised by or under any enactment, by any rule of law or by the order of a court,

(b)that he acted in the reasonable belief that he had in law the right to obtain or disclose the data or information or, as the case may be, to procure the disclosure of the information to the other person,

(c)that he acted in the reasonable belief that he would have had the consent of the data controller if the data controller had known of the obtaining, disclosing or procuring and the circumstances of it, or

(d)that in the particular circumstances the obtaining, disclosing or procuring was justified as being in the public interest.


The offence is punishable by way of a fine and in this instance the manager was fined £500. For more details on this, you can visit the ICO’s website.


How can we help?


Whether you are a start up or an established business, RT Coopers can assist you in meeting your obligations under the Data Protection Act as well as to meet your obligation when undertaking direct marketing activities. We conduct audits on businesses’ operations in order to determine specific weaknesses to be considered by data controllers. Once these are identified, we would advise you on the remedial measures you should put in place.


You may contact us by email Visit


© RT COOPERS, 2014. This Briefing Note does not provide a comprehensive or complete statement of the law relating to the issues discussed nor does it constitute legal advice. It is intended only to highlight general issues. Specialist legal advice should always be sought in relation to particular circumstances.


Follow us on Facebook!  


Search Shadow


newsletter Shadow


Testimonial Bottom Shadow

testimonial Shadow Middle

More Testimonials

Testimonial Bottom Shadow