A police sergeant and a former employee of a telecommunications company will appear in court next week after a joint investigation by the RCIPS and the Office of the Ombudsman revealed a data breach.
Both are scheduled to appear in Summary Court on Tuesday, 14 Feb., police told the Compass.
The RCIPS confirmed that the officer has been suspended from duty.
On 7 Feb., the Office of the Ombudsman released a statement saying it had an completed an investigation into a personal data breach involving a former telecommunications employee, who was alleged to have unlawfully shared customers’ personal information with a police officer, who then allegedly used it for personal purposes.
The breach was reported on 20 Nov. 2020.
Both individuals were criminally charged under Section 54 of the Data Protection Act, which relates to unlawfully obtaining personal data. The maximum penalty for this offence is a fine of $100,000.
The Office of the Ombudsman, in its statement, said it had reviewed “the telecommunication provider’s data protection policies and procedures, the ex-employee’s data protection training records, a confidentiality agreement between the ex-employee and the employer, details on the data controller’s system audit logs, and the ex-employee’s personal phone records”.
It also obtained witness statements from relevant parties.
“The investigation determined that the data controller had adequate organisational and technical measures in place to secure the data in spite of the personal data breach,” the statement noted.
Given the nature of the breach, the Ombudsman’s office said, it requested the assistance of the RCIPS to conduct a criminal investigation, and after a legal file had been submitted to the Office of the Director of Public Prosecutions, a legal ruling recommended the telecommunications company’s former employee and the police officer be charged.
“It is important for all public and private sector employees to be aware that access to, and the processing of, an individual’s personal data must be done fairly and lawfully and only for the purposes for which that data was provided,” said Ombudsman Sharon Roulstone. “As this case demonstrates, there are potentially serious consequences if personal data is not managed in accordance with the Data Protection Act.”
Related Videos
