First, IANAL. If you want professional advice you really need to go to a professional. However this is an area I'm interested in, so...
So much here depends on context, which obviously isn't something you can supply in this sort of situation, but I'd say situations where individuals might be successfully prosecuted for their own direct actions are likely to be rare - basically in cases where individuals have stolen customer data from their employer to sell or otherwise misuse. Executive officers are more likely to be prosecuted for indirect actions (or more likely inaction) leading to data protection breaches.
Individuals bringing actions against other individuals is something that I don't think there's even any mechanism for.
I'd expect any company to regard personal misuse of customer data as gross misconduct - not to do so might leave the relevant managers open to prosecution for that misuse.
__________________
2017 F20 M140i
|