A former management trainee at Enterprise Rent-A-Car UK Limited, Shairaz Saleem, has been fined after illegally obtaining customer data over a two-week period in 2019.
Concerns arose when Mr Saleem visited his workplace in West Yorkshire outside of his scheduled hours and an internal audit then revealed that he accessed 39 customer records from 25 different rental branches in just 32 minutes. Further investigation by Enterprise Rent-A-Car uncovered that Mr Saleem had accessed at least 213 records containing personal data without authorisation.
Mr Saleem was subsequently dismissed for gross misconduct. The company confirmed that Mr Saleem had no business reason to access the data and referred the case to the Information Commissioner’s Office (ICO), which launched a criminal investigation.
Mr Saleem appeared in Huddersfield Magistrates’ Court, where he pleaded guilty to unlawfully obtaining data. He was fined £265, ordered to pay £450 in costs, and a £32 victim surcharge.
Andy Curry, Head of Investigations at the ICO, emphasized the importance of respecting data privacy. He noted that employees with access to personal information must not abuse this privilege, as it breaches trust and can harm the company’s reputation.
While employers cannot foresee or prevent every possible scenario where an employee might act with malicious intent, this case highlights the need for businesses to implement and maintain internal audits and data protection procedures and protocols that can help to detect and prevent misuse of data by employees.
Businesses should be ensuring that staff are well-informed about their legal obligations regarding data privacy and the serious consequences of violating these standards.