A car repair worker has been sentenced to jail for stealing customers’ personal data from his former employer.
The Information Commissioner’s Office (ICO) says it is the first time someone will go to prison as a result of a case it has prosecuted.
Mustafa Kasim stole accident information and the names, phone numbers and vehicle details of those involved.
One expert said the ICO appeared to have “seen the light” about its powers.
Kasim used a former co-workers’ login details to access software used to estimate repair costs, which stored the personal information.
He was sentenced to six months in prison after pleading guilty to the offence at London’s Wood Green Crown Court.
The regulator became involved after the accused’s former workplace – Nationwide Accident Repair Services – became aware its clients were being targeted by nuisance calls and brought the matter to the ICO’s attention.
The watchdog typically prosecutes offences like this under the Data Protection Act, which cannot lead to prison, but opted in this case to use the Computer Misuse Act, which gives courts greater latitude when it comes to sentencing.
A spokeswoman said it reflected the fact the ICO wanted to use “the most appropriate and effective powers” open to it.
Computers & Law magazine’s website editor said other such prosecutions might now follow.
“While I welcome the decision to prosecute under the 1990 act, [the sentence] seems surprising, though it is never easy to judge these things without knowing the full facts and antecedents,” wrote Laurence Eastham.
“Given the level of illegal nuisance calls that result in monetary penalties imposed on companies which are never paid, Mustafa Kasim might consider himself unlucky to be in jail.”