The Chester Crown Court has ordered two former employees of UK mobile operator T-Mobile to pay a total of £73,700 after stealing and selling customer data from the company in 2008, but why is this a landmark ruling?
First, it is a record fine for data protection offences, but more important than that, is that for the very first time we are seeing the criminal courts taking data protection seriously, says Stewart Room, partner at London law firm Field Fisher Waterhouse.
David Turley and Darren Hames pleaded guilty to offences under Section 55 of the Data Protection Act, but the fines were imposed under the Proceeds of Crime Act.
Turley was ordered to pay £45,000 and Hames was ordered to pay £28,700. Both face an 18-month prison term if they fail to pay within six months.
Law gets serious about data protection offences
Room, a privacy, data protection and data security lawyer, says that until now, the courts have been imposing only derisory fines for data protection offences, so the change should not be underestimated.
"If we view this fine in the context of the monetary penalty of £120,000 imposed on Surrey County Council, then we can see that the law is now getting tough on privacy abuses," he said.
But to provide a proper deterrent we need to see the introduction of the long-awaited custodial penalty for data theft offences, Room says. "The courts should have this option for the most serious criminal breaches of data protection law," he said.
Recovering the proceeds of data crime
This case is the first time the UK Information Commissioner's Office (ICO) has applied for use of confiscation orders under the Proceeds of Crime Act. Information Commissioner Christopher Graham said the case marks a new chapter of effective deterrents on data crime where the courts will act to recover the ill-gotten gains.
Under the Act, a proportion of any money recovered is given to the prosecuting authority to be used in the prevention and detection of crime. The ICO has indicated that it will use its portion of the money to fund training for its investigation staff.
Read more on IT risk management
WikiLeaks founder Assange is well enough to participate in extradition proceedings, says judge
National Lottery hacker jailed for nine months
Lauri Love takes legal action against NCA for return of seized computers
EU to collect biometrics of all visitors - which could include UK citizens post-Brexit