“I hear you’ve been in an accident”


The ICO decided to not just rely on the standard Data Protection laws but to prosecute under s.1 of the Computer Misuse Act 1990.

Author: Nona Bowkis
Reading time: 2 minutes

This article is 3 years old.

Read our disclaimer keyboard_arrow_down

This website content is intended as a general guide to law as it applies to the motor trade. Lawgistics has taken every effort to ensure that the contents are as accurate and up to date as at the date of first publication.

The laws and opinions expressed within this website may be varied as the law develops. As such we cannot accept liability for or the consequence of, any change of law, or official guidelines since publication or any misuse of the information provided.

The opinions in this website are based upon the experience of the authors and it must be recognised that only the courts and recognised tribunals can interpret the law with authority.

Examples given within the website are based on the experience of the authors and centre upon issues that commonly give rise to disputes. Each situation in practice will be different and may comprise several points commented upon.

If you have any doubt about the correct legal position you should seek further legal advice from Lawgistics or a suitably qualified solicitor. We cannot accept liability for your failure to take professional advice where it should reasonably be sought by a prudent person.

All characters are fictitious and should not be taken as referring to any person living or dead.

Use of this website shall be considered acceptance of the terms of the disclaimer presented above.

Just where do those annoying cold callers get details about accidents we have had in our cars?

For many, the answer will be from Mustafa Kasim who worked for accident repair firm Nationwide Accident Repair Services (NARS).

The people who investigate data breaches, the ICO, found that Mr Kasim, presumably in return for a nice wad of cash, decided to access “thousands of  customer records containing personal data without permission, using his colleagues’ log-in details to access a software system that estimates the cost of vehicle repairs, known as Audatex.

He continued to do this after he started a new job at a different car repair organisation which used the same software system.  The records contained customers’ names, phone numbers, vehicle and accident information.”
Given the value of that data to claims management companies looking for a cut of someone’s hyped up personal injury claim, the ICO decided to not just rely on the standard Data Protection laws but to prosecute under  s.1 of the Computer Misuse Act 1990.

This ended badly for Mr Kasim who picked up not only a 6 month prison sentence but also attracted confiscation proceedings meaning he would have to give back any cash he was paid to steal the data. 

Nona Bowkis

Legal Advisor

Read more by this author

Getting in touch

You can contact us via the form or you can call us on 01480 455500.