Say data breach and many people automatically think massive scale, global and relatively anonymous. Email addresses, usernames, passwords. It ain’t necessarily so. Sometimes breaches are small, local and very personal.
This month a former Leicester City Council worker pleaded guilty to stealing the personal information of over 300 adult social care service users. Nilesh Morar took sensitive personal data including medical conditions, details of care and financial details and records of debt. He set up his own business, presumably intending to exploit the stolen information.
He was prosecuted at Nuneaton Magistrates’ Court and fined £160, ordered to pay £364.08 prosecution costs and a £20 victim surcharge. The Information Commissioner’s Office has more of the detail.
The level of fine doesn’t seem a particular powerful deterrent. It’s more like a cheap-as-chips start-up cost for a new business. Also worrying is the casual ease with which Morar carried out his shocking breach. He emailed the information to himself while he was still at work.
If he had been less blatant and covered his tracks, even a bit, the theft might never have been discovered.