A former employee of breakdown company RAC has been convicted of stealing the data of victims of road traffic accidents, which he then passed on to claims management companies (CMCs).
Asif Iqbal Khan, 42, pleaded guilty to two counts of stealing data in breach of section 170 of the Data Protection Act 2018.
Dudley Magistrates’ Court fined him £5,000 and ordered him to pay a victim surcharge of £170 and court costs of £937.
He was working for RAC as a customer solutions specialist. Over a single month in 2019, the RAC received 21 complaints from suspicious drivers who received calls from CMCs following accidents in which the RAC had assisted.
A review of individuals that had accessed these claims found that Mr Khan was the only employee to access all 21. An internal RAC investigation later reported suspicious behaviour from Mr Khan, including taking photos of his computer screen with his phone.
A search warrant, executed by the Information Commissioner’s Office (ICO), seized two phones from Mr Khan, which revealed he had stored data from 272 separate traffic incidents; an order was made under section 153 of the Sentencing Act 2020 to deprive him of the phones.
Stephen Eckersley, the ICO’s director of investigations, said: “Being involved in a road traffic accident can be deeply distressing – to then have this used and your data stolen as a result, adds insult to injury.
“We know that receiving nuisance calls can be hugely frustrating and people often wonder how these companies got their details in the first place. This case shows one such way that it happens. But also shows that those who do this crime will be caught, will be convicted and justice will be served.”
This is not the first time an RAC employee has engaged in this conduct. In 2021, a woman who worked for the RAC and the director of a claims company to which she transferred the details of people who had been in accidents, received suspended prison sentences.