Former RAC employee sentenced to prison for selling personal data to claims management firm

The ICO says such acts could lead to a prison sentence for those responsible

Manchester Crown Court has sentenced a former RAC employee to eight months' imprisonment, suspended for two years, for unlawfully obtaining personal data of motorists from RAC's systems and selling it to an accident claims management firm.

Kim Doyle, 33, who held a position of performance manager at the British automotive services company, was sentenced on Friday, 8th January 2021 in a prosecution brought by Information Commissioner's Office (ICO).

According to the ICO, Doyle pleaded guilty to charges of conspiracy to obtain unlawful access to computer data, and to selling the personal data of RAC customers to William Shaw, the director of TMS (Stratopsphere), which trades as LIS Claims.

Doyle was dismissed by RAC in May 2018 after her misconduct came to light.

An ICO investigation found that Doyle had compiled lists of road traffic accident data including names, contact details and registration numbers, despite having no authorisation from RAC to do so. She transferred the details to Shaw.

Doyle's actions were uncovered after fleet management firm Arval contacted RAC and informed them one of its drivers was receiving nuisance calls about an accident that he had been involved in.

RAC had carried out recovery of the driver's vehicle following the accident.

The company performed a scan of its email system which revealed what Doyle had done.

William Shaw, 32, also pleaded guilty to conspiracy to gain unlawful access to computer data, and was sentenced to eight months' imprisonment, suspended for two years.

The court ordered both Doyle and Shaw to perform 100 hours unpaid work and to contribute £1,000 costs.

Doyle has been ordered to pay back a benefit figure of £25,000, while Shaw must pay £15,000. They could face three months in prison if they fail to pay the sum within three months.

"Those who believe that this is a victimless crime without consequences, need to think again," said Mike Shaw, the head of the ICO's Criminal Investigations Team. Claims management firms can make unwanted calls to people after obtaining customers' personal data, which in turn could lead to false personal injury claims.

Shaw said that criminals must know that law-enforcement agencies have many tools which they can use to prevent people's information from being used in nefarious ways.

"This case shows that we can, and will take action, and that could lead to a prison sentence for those responsible," he added.