According to the BBC news website yesterday, Council leader and Labour Party GE Candidate, Darren Rodwell claimed he used official systems to find the address of the person who had threatened him online.
“I found out where the person lived,” he told a law firm’s podcast, “because I have the ways and means – so I used them. Potentially Mr Rodwell has committed a criminal offence. Section 170 of the Data Protection Act 2018 makes it a criminal offence for a person to knowingly or recklessly:
(a) obtain or disclose personal data without the consent of the controller,
(b) procure the disclosure of personal data to another person without the consent of the controller, or
(c) after obtaining personal data, to retain it without the consent of the person who was the controller in relation to the personal data when it was obtained.
Section 170 is similar to the offence under section 55 of the old Data Protection Act 1998 which was often used to prosecute employees who had accessed healthcare and financial records without a legitimate reason. A recent ICO prosecution under s.170 involved a man who worked for Enterprise Rent-A-Car where he illegally accessed customers’ records. He was ordered to pay a fine of £265, along with costs of £450 and a victim surcharge of £32.
In the present case, whilst a number defences are available to Mr Rodwell (including preventing and detecting crime), we wonder if he will be contacted by Information Commissioner’s Office.
STOP PRESS: The BBC now reports that Mr Rodwell has been removed from the list of election candidates being approved today by Labour’s National Executive Committee (NEC).
This and other data protection developments will be discussed in detail on our forthcoming GDPR Update workshop.
