Two individuals have been sentenced to eight months in prison and suspended for two years in a prosecution brought by the ICO under the computer misuse act. The first individual compiled road traffic accident data from her employer without permission and sold it to the second individual who was a director of an accident claims management firm. The details were then used to make nuisance calls to potential claimants.

It is encouraging to see the lengths that the ICO will go to protect the privacy of consumers. The mere "potential" for a fine (or worse) from a regulatory body has passed and now it has almost definitely become a reality. Cases like this will set a precedent to other organizations, highlighting the importance of appropriately safeguarding customer data. Not only to avoid a penalty but also to circumvent the reputational harm that comes with it.