A woman who worked for the RAC and the director of a claims company to which she transferred the details of people who had been in accidents, have received suspended prison sentences.
Both Kim Doyle, 33, and William Shaw, 32, were sentenced to eight months imprisonment, suspended for two years, and ordered to carry out 100 hours unpaid work and contribute £1,000 costs.
They face immediate three-month jail terms if they do not meet confiscation orders also made against them – £25,000 for Ms Doyle and £15,000 for Mr Shaw. They have three months to pay.
Both pleaded guilty to conspiracy to secure unauthorised access to computer data, with Ms Doyle also pleading guilty to selling unlawfully obtained personal data.
Manchester Crown Court heard that she compiled lists of road traffic accident data including partial names, mobile phone numbers and registration numbers without permission from the RAC.
She unlawfully transferred the data to Mr Shaw, the director of accident claims management firm TMS (Stratosphere), trading as LIS Claims.
The Information Commissioner’s Office (ICO), which brought the prosecutions, said there was evidence this data was used to make nuisance calls.
The wrongdoing came to light when a fleet management company alerted the RAC to nuisance calls received by one of its drivers about an accident he had been involved in. It suspected there may have been a data leak from RAC, which had carried out recovery of the vehicle.
The RAC conducted a data leakage scan of its Outlook mailboxes, which led it to Ms Doyle.
The ICO usually prosecutes cases like this under the Data Protection Act 1998 or 2018, but for only the second time elected for the Computer Misuse Act 1990, which opens up a wider range of sentences for the court.
Mike Shaw, who heads up the criminal investigations team at the ICO, said: “People’s data is being accessed without consent and businesses are putting resources into tracking down criminals.
“Once the data is in the hands of claims management companies, people are subjected to unwanted calls which can in turn lead to fraudulent personal injury claims.
“Offenders must know that we will use all the tools at our disposal to protect people’s information and prevent it from being used to make nuisance calls.”