top of page

Understanding the Consequences of Personal Data Misuse Under the Computer Misuse Act 1990 (CMA)

The Serious Consequences of Unlawfully Accessing Personal Data

For years, the Information Commissioner’s Office (ICO) has emphasized the importance of protecting personal data, holding organisations and individuals accountable for breaches. However, a recent case serves as a stark warning—unauthorised access to personal data can lead to serious legal consequences, including imprisonment.

A Landmark Prosecution

In a significant move, the ICO prosecuted Rizwan Manjra, a former senior employee at Markerstudy Insurance Services Limited (MISL) in Manchester, under the Computer Misuse Act 1990 (CMA). Manjra unlawfully accessed over 32,000 insurance policies, many unrelated to his job, and shared personal data with an unidentified third party. His actions were deliberate, systematic, and in clear violation of data protection laws.

Following an internal investigation by MISL, a search of Manjra’s home uncovered multiple mobile phones and a laptop used to transmit sensitive information. At Manchester Crown Court, he was found guilty of accessing 160 insurance claims without a legitimate reason. Evidence revealed that he sent personal details—including names, vehicle registrations, and accident information—to a contact who encouraged him to “keep them coming.”

A Strong Message from the ICO

This case marks a pivotal moment in the ICO’s enforcement strategy. Traditionally, regulatory actions such as fines and notices have been the primary means of ensuring compliance. However, when data misuse crosses into criminality, the ICO has demonstrated its willingness to pursue prosecution under the CMA.

Andy Curry, Interim Director of Enforcement and Investigations at the ICO, reinforced this stance, stating:

“Manjra abused the trust placed in him and sought to exploit personal information for his own ends. We will take action to protect UK businesses and the public from threats to their personal data. Today’s outcome should serve as a strong deterrent to others considering similar actions.”

A Warning for Employees and Organisations

This case underscores the importance of data protection, not just as a regulatory issue but as a matter of criminal law. Employees must understand that access to personal data is a privilege granted solely for their job responsibilities. Misuse can result in criminal charges, career destruction, and severe legal penalties.

Manjra’s defence team revealed that he did not receive financial compensation for his actions but acted under pressure from loan sharks threatening him. This admission highlights the disturbing reality that criminal networks recognise the value of personal data and will go to great lengths to obtain it.

On 11 December 2024, Manjra was sentenced to six months in prison (suspended for two years) and ordered to complete 150 hours of unpaid work. His case serves as a crucial reminder for businesses to monitor internal systems, implement robust controls, and audit access to sensitive information to prevent data misuse.

Comments


Featured Posts
Recent Posts
Archive
Search By Tags

Lega

Legal

Berard & Lovell Solicitors is a trading name of Berard & Lovell Limited. Registered in England & Wales, Company No 09003314. Authorised and regulated by the Solicitors Regulation Authority, Registration No 630918.

3 Heath Lodge, 4 St. Albans Rd, London NW5 1RD.

Copyright © 2016-2025 by Berard & Lovell Ltd.

            

  • LinkedIn - Grey Circle
  • Twitter Clean
  • Facebook
Co5oWooWIAExYLS.jpg
bottom of page