A former local government officer has been prosecuted for passing personal information about job applicants to his partner.
Kevin Bunsell was employed by Nuneaton and Bedworth District Council as head of building control in July 2017 when his partner applied for an administrative job there.
He was prevented from involvement in the selection system because of his personal relationship but he gained access to the local authority’s recruitment system and emailed details of nine rival shortlisted candidates to his own work email address and his partner’s Hotmail account.
He shared names, addresses, telephone numbers and CVs for each candidate, as well as the contact details of their referees.
His partner had initially been successful in her application, but her employment was terminated once the data breach was discovered, as she had been appointed through an invalid recruitment process. Bunsell resigned when his actions were uncovered.
The Information Commissioner’s Office prosecuted Bunsell as forwarding the applications breached s55 of the Data Protection Act 1998. Appearing at Nuneaton Magistrates’ Court, he admitted the charge and was fined £660, on top of costs of £713.75 and a victim surcharge of £66.
Steve Eckersley, director of investigations at the ICO, said: “People who supply their personal information to an organisation in good faith, such as when applying for a job, have a legal right to expect it will be treated lawfully and ethically.
“Not respecting people’s legal right to privacy can have serious consequences, as this case demonstrates. Not only might you face a prosecution and fine, along with the attendant publicity, but you may also lose your job and severely damage your future career prospects.”
This case was dealt with under the Data Protection Act 1998 because the offence took place before the introduction of the General Data Protection Regulation (GDPR) in May 2018. Had it been prosecuted under GDPR, Bunsell could have faced an unlimited fine.