A motor insurance worker who unlawfully accessed personal information has been handed a suspended prison sentence after an investigation by the Information Commissioner’s Office.
Rizwan Manjra, 44, from Bolton, led a team dealing with accident claims for Markerstudy Insurance Services Limited (MISL), based in the Arndale Centre in Manchester city centre. His unlawful conduct was discovered after MISL reported to the ICO that it suspected an employee was unlawfully accessing its systems.
Concerns were raised by third party insurers that MISL worked with, relating to 185 claims. The insurers became suspicious due to the higher than normal number of claims being processed. An internal investigation found Manjra had featured in 160 of the claims, despite his role not involving the access of claims. Of these, 147 had not been referred to Manjra’s team and no legitimate reason could be found for him to access them.
Manjra was contracted to work Monday to Friday but when MISL reviewed its systems it discovered Manjra accessed over 32,000 policies during weekends, when he was not expected in work and not claiming overtime.
MISL told the ICO it set up an incident telephone number to handle calls from concerned customers as well as a dedicated email address to handle queries arising from this matter. An ICO investigation, which included a search of Manjra’s home, found he was sending details of personal data he had accessed by mobile phone to another person.
At a hearing at Manchester Crown Court on 30 October, 2024, Manjra pleaded guilty to an offence under the Computer Misuse Act 1990, relating to the unlawful accessing of personal data held on computers. Manjra was sentenced at Manchester Crown Court on Wednesday 11 November to a six month prison sentence, suspended for two years, and ordered to complete 150 hours of unpaid work.
Andy Curry, ICO Director of Enforcement and Investigations, said:
“Manjra abused the trust his employer placed in him, and sought to use their customers’ personal information for his own ends.
“We will take action to protect UK businesses and members of the public from threats to their personal information. Today’s outcome should send a strong deterrent message to others who may contemplate accessing information which they don’t have a right to look at.”