Introduction
This case highlights a significant breach of data privacy and the misuse of personal information by an employee within the insurance sector. It underscores the importance of safeguarding sensitive data and the consequences of unauthorized access.
Description
Rizwan Manjra [1] [2] [3] [4] [5], a 44-year-old car insurance worker from Bolton who led a team handling accident claims at Markerstudy Insurance Services Limited (MISL) in Manchester, unlawfully accessed personal information during his employment. His misconduct was uncovered when insurers reported suspicions of unauthorized access to the Information Commissioner’s Office (ICO), prompting an internal investigation. This investigation revealed that Manjra accessed 160 out of 185 flagged claims without the necessary permissions [3], with 147 of these claims not referred to his team [1] [4]. He accessed them outside of his contracted hours without claiming overtime and unlawfully accessed over 32,000 policies during weekends. Furthermore, the ICO’s investigation [5], which included a search of Manjra’s home [5], found that he was sharing personal data with another individual via mobile phone [1] [3] [5].
On 30 October 2024 [5], Manjra pleaded guilty to an offense under the Computer Misuse Act 1990 for unlawfully accessing personal data [4] [5]. He was sentenced on 11 November to a six-month prison term [5], suspended for two years [1] [4] [5], and ordered to complete 150 hours of unpaid work [1] [3] [5]. The ICO’s Acting Director of Enforcement and Investigations emphasized the critical importance of protecting personal information and the need for accountability in cases of unauthorized access, highlighting that Manjra abused the trust placed in him [1].
Conclusion
The case of Rizwan Manjra serves as a stark reminder of the potential risks associated with unauthorized access to personal data. It highlights the necessity for stringent data protection measures and robust internal controls within organizations to prevent such breaches. The legal consequences faced by Manjra also reinforce the importance of accountability and the enforcement of data protection laws. Moving forward, organizations must prioritize data security and ensure that employees are aware of the legal and ethical responsibilities associated with handling personal information.
References
[1] https://www.manchestereveningnews.co.uk/news/uk-news/insurance-worker-snooped-private-claim-30566467
[2] https://www.postonline.co.uk/news/7956747/markerstudy-employee-prosecuted-for-abusing-customer-information
[3] https://www.newsminimalist.com/articles/insurance-worker-sentenced-for-accessing-private-claim-data-in-bolton-e753bd41
[4] https://www.infosecurity-magazine.com/news/worker-sentenced-illegally/
[5] https://insurance-edge.net/2024/12/12/markerstudy-employee-sentenced-after-selling-customer-data/
