Data protection - not just the responsibility of the employer

Data protection - not just the responsibility of the employer


Author: Louise Randall

One bank employee is going to be on Santa's naughty list this year after a court found her guilty of data protection offences earlier this month.

An employee of a leading high street bank has been fined after she was found to have unlawfully accessed bank statements of her partner's ex-wife.

The employee misused her security access rights by accessing her partner's ex-wife's bank account, viewing her bank statements and relaying them to her partner.

Her partner was involved in a dispute with his ex-wife over their divorce settlement and the fact that the ex-wife's bank statements had been accessed came to light as part of those proceedings.  The employee pleaded guilty to 11 offences under section 55 of the Data Protection Act. She was fined £500 by Derby Crown Court and ordered to pay a £15 victim surcharge and £1,410.80 prosecution costs.


Employers are responsible for ensuring that they have robust and comprehensive policies and procedures in place so that their staff are aware of and understand their obligations under the Data Protection Act 1998.

They are also responsible for ensuring that employees are fully trained and up to speed on the importance of handling personal data securely and appropriately, in line with those policies and procedures.

By ensuring that appropriate policies and procedures are in place, publicised, and enforced, employers can then ensure that any employees who fail to act in accordance with those policies and procedures, can be held responsible for their actions.