The Information Commissioner’s Office has warned charities to ensure their staff abide by data-protection legislation after a charity worker was prosecuted for sending private data to his personal email address.
Robert Morrisey, 63, from Rochdale, who worked for the Rochdale Connections Trust, which supports young people and their families, was convicted at Preston Crown Court yesterday of unlawfully obtaining personal data in breach of section 55 of the Data Protection Act 1998.
He had sent 11 emails from his work account to his personal email address on 22 February 2017 that contained spreadsheets including the sensitive personal data of 183 people, three of whom were children.
The ICO, which brought the prosecution, said the data included full names, dates of birth, telephone numbers and medical information.
A further investigation found that Morrisey had sent similar data to his personal account on 14 June 2016, the ICO said.
Morrisey was given a conditional discharge for two years, ordered to pay £1,845.25 in prosecution costs and made to pay a victim surcharge of £15.
Section 55 of the Data Protection Act 1998 prohibits knowingly or recklessly obtaining or disclosing personal data or the information contained in personal data.
Steve Eckersley, head of enforcement at the ICO, said: "People have a right to expect that when they share their personal information with an organisation it will be handled properly and legally. That is especially so when it is sensitive personal data.
"People whose jobs give them access to this type of information need to realise that just because they can access it, that doesn’t mean they should. They need to have a valid legal reason for doing so. Copying sensitive personal information without the necessary permission isn’t a valid reason."
Rochdale Connections Trust declined to comment on the case.