The Information Commissioner’s Office has warned employees they could face prosecution for deliberately keeping hold of "historical personal data" after changing jobs.
The regulator has pointed out that under the Data Protection Act 2018, which implemented GDPR into UK law, workers who "knowingly or recklessly" hold onto personal data may face regulatory action.
It covers individuals whose roles involve gathering and handling personal data belonging to clients, customers, or others, either electronically or in paper form. Violations would occur when workers make unnecessary copies of personal data after collection, as well as when they leave their positions and keep this information.
The move follows the ICO’s decision not to take enforcement action against two police officers who had been interviewed by the media about a historic case they had worked on involving an MP.
The two Metropolitan Police officers were investigated under the Data Protection Act 1998, after disclosing details about the case to the media.
However, the regulator has taken action in similar cases. Last year, a former Southwark Council schools admission department apprentice was fined £850 and ordered by pay £713 in costs after illegally sharing personal data about children and their parents.
And in 2017, a charity worker was prosecuted for making his own copies of sensitive data and emailing them to his personal email address without knowledge of his employer Rochdale Connections Trust.