RAC employee stole data on crash victims as 21 drivers harassed by claims companies
A former employee of the RAC has been found to have stolen data on crash victims after 21 drivers were harassed by claims companies.
Asif Iqbal Khan, 42, an RAC ex-staff member, was fined £5,000 after pleading guilty to two counts of data theft following an investigation from the Information Commissioner’s Office.
The investigation revealed he had stored data from 272 separate traffic incidents on phones he owned.
Mr Khan was working as a customer solutions specialist when in 2019 the RAC received 21 complaints from suspicious drivers who had received calls from claims companies in January of that year.
A review by RAC looked into how the information was obtained and found that Mr Khan was the only person who had access to the details of all 21 crash victims.
Photographs of computer screen
Further investigations reported suspicious behaviour by Mr Khan, including instances of him taking photographs of his computer screen with his phone.
Following the investigation, a search warrant was secured by the ICO and during searches, a £12,000 customer receipt was seized, as well as two of Mr Khan’s mobile phones. These phones contained data relating to 272 traffic incidents.
Appearing at Dudley Magistrates’ Court earlier this month, Mr Khan pleaded guilty to two counts of data theft in breach of section 170 of the Data Protection Act.
He received a fine of £5,000 and was also ordered to pay court costs and a victims surcharge which amounted to £170.
'Insult to injury'
Stephen Eckersley, ICO director of investigations, said: “Being involved in a road traffic accident can be deeply distressing - to then have this data used and then stolen as a result, adds insult to injury.
“We know that receiving nuisance calls can be hugely frustrating and people often wonder how these companies got their details in the first place.
“This case shows one such way that it happens, but it also shows how we are working every day to track down and bring those who commit these crimes to justice.”
The RAC said it would not be putting a statement out in relation to the case.
It is the second case in recent years which has seen an RAC employee collecting data that was later used by claims companies.
In January 2021, Kim Doyle, a former RAC employee, received an eight-month suspended prison sentence after it was found that she had transferred personal data to an accident claims management company without authorisation.
Ms Doyle, 33, pleaded guilty to charges of conspiracy to secure unauthorised access to computer data, and to selling unlawfully obtained personal data, at a hearing in January 2020, before she was sentenced a year later.