Repair company employee convicted for passing on customer details for PI cold calls

Print This Post

9 February 2018

Data breach: Led to cold calls

A former worker at an accident repair firm who downloaded and sold the personal data of motorists to nuisance callers has been convicted under the Data Protection Act of unlawfully obtaining and disclosing data.

Phillip Bagnall, 33, of Eccles, Greater Manchester, was fined £500 and was also ordered to pay £364 costs and a £50 victim surcharge.

He was an employee of Nationwide Accident Repair Services Limited (NARS) when he was found to be accessing suspicious volumes of customer data from a laptop at home outside of work hours.

According to the Information Commissioner’s Office (ICO), which prosecuted Bagnall, NARS called in cyber security consultants in November 2016 after large numbers of customers began complaining that they were receiving nuisance calls about personal injury claims shortly after engaging its services.

Initial enquiries led to suspicions that Bagnall was involved and it was decided that his access to the company’s computer systems would be monitored.

During just one week, he was found to have accessed the data of 2,724 customers without his employer’s consent.

NARS reported Bagnall to the ICO. He made ‘no comment’ in a subsequent interview and declined to identify the person he sold the data to.

Before Manchester and Salford Magistrates’ Court, he pleaded guilty to unlawfully obtaining data in breach of section 55 of the Data Protection Act 1998. A further charge of unlawfully disclosing data was also admitted and taken into consideration.

ICO criminal enforcement manager Mike Shaw said: “This case serves as a warning to anyone who thinks they can make some quick and easy money selling people’s personal information.”

Meanwhile, barrister Dominic Ruck Keene, who practises from One Crown Office Row, has been reprimanded by the Bar Standards Board after leaving documents on the London Underground back in 2015.

The regulator said that, in so doing, Mr Ruck-Keene “failed to preserve the confidentiality of confidential and highly sensitive data by failing to take adequate or appropriate security measures against accidental loss of personal data”.

The offence was dealt with by a ‘determination by consent’, an agreement that means the case was not sent to a disciplinary tribunal.

One Response to “Repair company employee convicted for passing on customer details for PI cold calls”

  1. It would be interesting to know what PI firm or CMC bought the data?

  2. Gavin on February 12th, 2018 at 11:21 am

Leave a comment

* Denotes required field

All comments will be moderated before posting. Please see our Terms and Conditions

Legal Futures Blog

Don’t get caught out by the traditional equity partnership model

David Beech 2

It’s no secret that these are challenging times for some of the UK law sector as it tries to keep up with emerging digital trends and increasing demand from clients. But there is buoyancy in the market and opportunities for those businesses that are agile and brave enough to challenge the status quo – the traditional equity partnership model. We’ve seen it all too often where partners have been duped into putting their assets against a failing business that is riddled with debt. We’ve even received calls from partners to discuss bankruptcy and that the possibility of moving house is no longer possible, due to the LLP they joined going into liquidation.

March 22nd, 2018