October 20, 2014

Switching jobs? Don’t bring old personal information with you

Have you ever thought about taking documents, such as templates, reports and notes, with you when you changed jobs? After all, you might think it’ll be useful in your new role so that’s perfectly acceptable, right? Wrong!  In fact, taking personal information from your employer is illegal and can lead to criminal charges and fines.

Last month, a paralegal in Yorkshire was prosecuted after taking personal information with him when he moved to a rival firm in 2013, according to a recent article by the Information Commissioner’s Office (ICO). The information was contained in six emails sent in the weeks prior to leaving the firm, which he hoped to use in his new role. The (ICO) is now warning employees that if they take personal information with them when they leave a job, they are committing a criminal offence.

So whether it is Excel sheets, file notes or templates, if those documents contain any personal information – from names and contact details to job titles - then they shouldn’t be going anywhere they are not authorised to go. The paralegal was charged under section 55 of the Data Protection Act,fined £300, ordered to pay over £400 over costs and is now the proud owner of a permanent criminal record.Is it really worth it for just a few emails?

The ICO explains that sometimes employees believe that work related documents that they have produced or worked on belong to them but if any of those documents include personal information then they will be breaking the law if they take them without authorisation. At the moment, perpetrators can be fined but the ICO is currently calling for more effective deterrents - including the threat of prison sentences - to be available to the courts to further discourage illegal sharing of personal information.

And it’s not just those purposefully sharing personal information who are at risk of fines: in a recent YouGov poll half of British workers who sometimes work away from their office admitted to possibly risking a security breach by being careless with sensitive information and said they either ignore their company’s security policies outright or they’re just not aware of any.

In Shred-it’s 2014 Security Tracker Survey conducted by Ipsos Mori, it was revealed that only half of UK SMEs and two thirds of large businesses have protocols in place for storing and disposing of confidential waste documents and data, which is actually followed consistently by employees. 
Anyone in the UK who processes personal information is required to comply with the eight principles of the Data Protection Act, to ensure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with subjects’ rights
  • Secure
  • Not transferred to other countries without adequate protection

Interested in finding out more about ensuring your organisation remains lawful when it comes to storing and disposing of personal information? Learn more about how to establish and maintain trust by developing a culture of security in our newsletter on implementing and enforcing document security protocols.